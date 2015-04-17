By Joseph Menn
SAN FRANCISCO, April 17 Hackers have managed to
penetrate computer networks associated with the Israeli military
in an espionage campaign that skillfully packages existing
attack software with trick emails, according to private security
researchers.
The four-month-old effort, most likely by Arabic-speaking
programmers, shows how the Middle East continues to be a hotbed
for cyber espionage and how widely the ability to carry off such
an attack has spread, the researchers said.
Waylon Grange, a researcher with security firm Blue Coat
Systems Inc who discovered the campaign, said the vast majority
of the software was cobbled together from widely available
tools, such as the remote-access Trojan called Poison Ivy.
The hackers were likely working on a budget and had no need
to spend much on tailored code, Grange said, adding that most of
their work appears to have gone into so-called social
engineering, or human trickery.
The hackers sent emails to various military addresses that
purported to show breaking military news, or, in some cases, a
clip featuring "Girls of the Israel Defense Forces." Some of the
emails included attachments that established "back doors" for
future access by the hackers and modules that could download and
run additional programs, according to Blue Coat.
Using standard obfuscation techniques, the software was able
to avoid detection by most antivirus engines, Blue Coat said. At
least some software lodged inside government computers, because
Blue Coat detected it "beaconing," or sending signals to the
hackers that it was in place.
Blue Coat provided Reuters with an advance look at its
findings and intends to publish a paper later. Private equity
firm Bain Capital LLC is set to acquire Blue Coat from Thoma
Bravo LLC in a deal to be closed this year.
Citing confidentiality agreements with clients, Blue Coat
declined to say exactly where the campaign worked, and Grange
said he did not know if any vital data had been stolen.
Blue Coat surmised that the attackers spoke Arabic because
some of the data recovered in the investigation showed that was
the default language setting in one of the programming tools.
"Not all targeted attackers need advanced tools," Blue Coat
wrote in a draft paper. "As regional conflicts continue, cyber
threats from groups of various skill levels will also accompany
the conventional armed conflicts."
Last month, Israeli security firm Check Point Software
Technologies said it had found spying programs in 10 countries
that probably originated with a governmental or political group
in Lebanon that deployed them over three years.
In February, Kaspersky Lab researchers said they found what
they considered the first "advanced" Arabic-speaking hacking
group, which they dubbed Desert Falcons. Kaspersky said the
group operated from Palestine, Egypt and Turkey and claimed
about 3,000 victims in 50 countries, especially targeting
military, government, media, and activist computers.
(Reporting by Joseph Menn; Editing by Tiffany Wu)