Israeli police have uncovered a massive industrial spying ring that is alleged to have used Trojan software to snoop into some of the country’s leading companies.
The case will have major implications for the business community in Israel - and possibly beyond - as all the companies accused of having used the software for gain are themselves leading companies.
A report in the English-language Haaretz newspaper details how a wide range of businesses, including TV, mobile phone, car import, and utility companies, used a Trojan program, believed to have been written by two individuals living in the UK, to spy on their immediate business rivals with a high degree of success.
The London-based pair, Michael Haephrati, and his wife Ruth Brier-Haephrati, have now been arrested pending extradition procedures on 3 June, while in Israel another 21 people have been detained for questioning.
Police believe that the companies started using the software after engaging the services of any one of three private investigation agencies, who were given the task of carrying out the industrial espionage.
"It is hard to believe that the most senior people at a business [at companies employing the agencies] did not know about the spyware," Haaretz quoted an Israeli police source as saying. "Even if it was ordered by some head of a security department from a private investigator, it was passed on to the CEO - and it is clear to us they must have guessed how the material was gathered."
The program appears to have been extremely effective at performing its function of stealing confidential documents from target companies, as well as monitoring activity on infected machines. Police are said to have gained access to a number of FTP servers based in the US and Israel and discovered a "tens of thousands" of documents pillaged by the malware from victim companies.
The fraud is believed to have used two quite simple methods of attack, both of which were able to bypass normal safeguards such as perimeter security or anti-virus programs. The first was to send a disc to a particular individual purporting to contain a business proposal, which when explored would load the Trojan on that person’s PC. Alternatively, the same process could be undertaken via email, and again it is likely that the personalised approach would catch recipients off guard.
Whether anti-virus or other security software would have detected this previously unknown software would have depended on how they were configured, and which other types of defence software were present.
The fraud only started to come to light some months ago after Israeli author Amnon Jackont complained that passages of a book he was writing had appeared on the Internet, despite never having left his PC. Subsequent investigations led police to believe that the Trojan written by Michael Haephrati had been responsible, and so the whole fraud started to unravel.
It is extraordinary that what seems to have made the difference in the end wasn’t the company security systems in one of the world’s most paranoid business communities, but the suspicions of an ordinary member of the public. If it weren’t for this complaint the Trojan would still be out there, silently stealing information on a huge scale.