Israeli Police Uncover Massive, Trojan Horse-Based Industrial Spy Ring

Israeli police have uncovered a massive industrial spy ring that allegedly used Trojan horse software to snoop into some of the country's leading companies.

The case will have major implications for the business community in Israel--and possibly beyond--as all the companies accused of having used the software are themselves leading companies.

A report in the English-language Haaretz newspaper details how a wide range of businesses--including TV, mobile phone, car import, and utility companies--used a Trojan horse program, believed to have been written by two people living in the United Kingdom, to spy on their immediate business rivals with a high degree of success.

The London-based pair, Michael Haephrati, and his wife Ruth Brier-Haephrati, have now been arrested pending extradition procedures on June 3; in Israel, another 21 people have been detained for questioning.

Police believe that the companies started using the software after engaging the services of any one of three private investigation agencies, which were given the task of carrying out the industrial espionage.

Confidential Documents

"It is hard to believe that the most senior people at a business [employing one of the agencies] did not know about the spyware," Haaretz quoted an Israeli police source as saying. "Even if it was ordered by some head of a security department from a private investigator, it was passed on to the CE--and it is clear to us they must have guessed how the material was gathered."

The program appears to have been extremely effective both at stealing confidential documents from target companies and at monitoring activity on infected machines. Police are said to have gained access to a number of FTP servers based in the United States and Israel and discovered "tens of thousands" of documents pillaged by the malware from target companies.

The fraudsters are believed to have used two quite simple methods of attack, both of which bypassed normal safeguards such as perimeter security or antivirus programs. The first was to send a targeted individual a disc purporting to contain a business proposal; when explored, however, the disc would load the Trojan horse on that person's PC. Alternatively, the same process could be undertaken via e-mail, again catching recipients off guard.

Whether antivirus or other security software would have detected this previously unknown software depends on how they were configured and on which other types of security software were present.

Background

The fraud only started to come to light some months ago, after Israeli author Amnon Jacont complained that passages of a book he was writing had appeared on the Internet, despite its never having left his PC. Subsequent investigations led police to believe that the Trojan horse allegedly cowritten by Michael Haephrati was responsible, and so the whole scheme started to unravel.

Remarkably, the breakthrough came not from company security systems in one of the world's most paranoid business communities, but from the suspicions of an ordinary member of the public. If it weren't for Jacont's complaint, the Trojan horse could still be out there, silently stealing information on a huge scale.