#Israel Spied On Iran Talks By Planting Computer Virus At Hotels, WSJ Reports

Posted: June 10, 2015 in Tech


A computer spy virus believed to be linked to Israel targeted three luxury European hotels just before each hosted negotiations between Iran and world powers over the Islamic Republic’s nuclear program, the Wall Street Journal reported on Wednesday.

Researchers at the cybersecurity firm Kaspersky, who identified the virus, have concluded that it was an improved version of a spyware first detected in 2011 by the codename “Duqu.”

Though Kaspersky was unable to assess exactly how the virus was used and what information was obtained, the security firm said that the use of the virus might have been used to eavesdrop on conversation, steal files, and gain control of hotel systems such as phones, elevators and alarms. The virus is also able to target Wi-Fi networks and penetrate the hotels’ front desk computers, which could have allowed whoever is controlling it access to room numbers of delegation members.

There are two separate packages that the attackers use on infected machines, a small in-memory backdoor, and a larger espionage platform with C&C capabilities and a long list of features. The malware has the ability to remain undetected for long periods of time thanks to its lack of a typical persistence mechanism, and if the machines that carry the malware reboot, killing the Duqu 2.0 platform, the attackers have an answer for that, as well.

“To get around this problem, the attackers have another solution – they deploy drivers to a small number of computers, with direct Internet connectivity. These drivers can tunnel traffic from the outside into the network, allowing the attackers to access remote desktop sessions or to connect to servers inside the domain by using previously acquired credentials. Using these credentials, they can re-deploy the entire platform following a massive power loss,” the Kaspersky analysis says.

The last of the zero days used by the Duqu 2.0 attackers was patched by Microsoft on Tuesday. The vulnerability, CVE-2015-2360, was an elevation-of-privilege bug in the Windows kernel-mode drivers.

Last month it was reported that Israel spied on closed-door nuclear talks between the United States and Iran last year in order to build a case against the impending deal. In addition to eavesdropping on closed-door talks, the report said, Israel “acquired information from confidential U.S. briefings, informants and diplomatic contacts in Europe.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s