Report: Israel spied on Iran nuclear talks
You didn't really expect us to trust the Obama administration to keep us informed, did you? The Wall Street Journal is reporting that the Kaspersky Lab - one of the leading cybersecurity firms in the world - has discovered that Israel was spying on the P 5+1 nuclear talks
When a leading cybersecurity firm discovered it
had been hacked last year by a virus widely believed to be used by Israeli
spies, it wanted to know who else was on the hit list. It checked millions of
computers world-wide and three luxury European hotels popped up. The other
hotels the firm tested—thousands in all—were clean.
Researchers at the firm, Kaspersky Lab ZAO,
weren’t sure what to make of the results. Then they realized what the three
hotels had in common. Each was targeted before hosting high-stakes negotiations
between Iran and world powers over curtailing Tehran’s nuclear
The spyware, the firm has now concluded, was an
improved version of Duqu, a virus first identified by cybersecurity experts in
2011, according to a Kaspersky report reviewed by The Wall Street Journal and
outside security experts. Current and former U.S. officials and many
cybersecurity experts believe Duqu was designed to carry out Israel’s most
sensitive intelligence-collection operations.
Senior U.S. officials learned Israel
was spying on the nuclear talks in 2014,
a finding first reported by The Wall Street Journal in March. Officials at the
time offered few details about Israel’s tactics.
Kaspersky, in keeping with its policy, doesn’t
identify Israel by name as the country responsible for the hacks. But
researchers at the company indicate that they suspect an Israeli connection in
subtle ways. For example, the company’s report is titled “The Duqu Bet.” Bet is
the second letter of the Hebrew alphabet.
Researchers at the company acknowledge that many
questions remain unanswered about how the virus was used and what information
may have been stolen. Among the possibilities, the researchers say, the
intruders might have been able to eavesdrop on conversations and steal
electronic files by commandeering the hotel systems that connect to computers,
phones, elevators and alarms, allowing them to turn them on and off at will to
Israeli officials have denied spying on the U.S.
or Israel’s other allies, although they acknowledge conducting close
surveillance on Iranians generally. Israeli officials declined to comment
specifically on the allegations relating to the Duqu virus and the hotel
The Federal Bureau of Investigation is reviewing
the Kaspersky analysis and hasn’t independently confirmed the firm’s
conclusions, according to people familiar with the discussions. U.S. officials,
though, said they weren’t surprised to learn about the reported intrusions at
the hotels used for the nuclear talks.
A senior congressional aide briefed on the
matter said Kaspersky’s findings were credible. “We take this seriously,” the
U.S. intelligence agencies view Duqu infections
as Israeli spy operations, former U.S. officials said. While the new virus bore
no overt links to Israel, it was so complex and borrowed so heavily from Duqu
that it “could not have been created by anyone without access to the original
Duqu source code,” Kaspersky writes in its report.
To check his conclusions, Mr. Raiu a few weeks
ago emailed his findings to a friend, Boldizsár Bencsáth, a researcher at
Budapest University of Technology and Economics’ Laboratory of Cryptography and
System Security. Mr. Bencsáth in 2011 helped discover the original Duqu
“They look extremely similar,” Mr. Bencsáth said
in an interview Tuesday. He estimated a team of 10 people would take more than
two years to build such a clean copycat, unless they were the original
Kaspersky declined to identify the three
Hotels that served as venues for the talks
include: the Beau-Rivage Palace in Lausanne, Switzerland, the Intercontinental
in Geneva, the Palais Coburg in Vienna, the Hotel President Wilson in Geneva,
the Hotel Bayerischer Hof in Munich and Royal Plaza Montreux in Montreaux,
A Beau-Rivage spokeswoman said the hotel was
unaware of being hacked. A manager on duty at the Intercontinental said he also
was unaware of such an incident. The management team at the Royal Plaza said,
“Our internal policy doesn’t allow us to deliver any information.”
The others didn’t respond to requests for
In addition to the three hotels reported to have
been hacked, the virus was found in computers at a site used to commemorate the
70th anniversary of the liberation of the Nazi death camp at Auschwitz. Some
world leaders had attended events there.
A former U.S. intelligence official said it was
common for Israel and other countries to target such international gatherings.
“The only thing that’s unusual now is you hear about it,” the official
Mr. Raiu said Kaspersky doesn’t know what was
stolen from the three hotels or from the other venues. He said the virus was
packed with more than 100 discrete “modules” that would have enabled the
attackers to commandeer infected computers.
One module was designed to compress video feeds,
possibly from hotel surveillance cameras. Other modules targeted communications,
from phones to Wi-Fi networks. The attackers would know who was connected to the
infected systems, allowing them to eavesdrop on conversations and steal
electronic files. The virus could also enable them to operate two-way
microphones in hotel elevators, computers and alarm systems.
In addition, the hackers appeared to penetrate
front-desk computers. That could have allowed them to figure out the room
numbers of specific delegation members.
The virus also automatically deposited smaller
reconnaissance files on the computers it passed through, ensuring the attackers
can monitor them and exploit the contents of those computers at a later
All is fair in love and war. This is definitely war. I'm proud of our troops and I hope they did this and that our government got a lot out of it. Oh wait... we already know we got a lot out of it, don't we?
Labels: computer hackers, computer virus, computer worm, cyberwar, Duqu, Iran sanctions regime, Iranian nuclear threat, P 5+1