Mobile  |  About us  |  Photos  |  Videos  |  Subscriptions  |  RSS Feeds  |  Today's Paper  |  Classifieds  |  Contact Us
The Daily Star
SUNDAY, 20 APR 2014
03:50 AM Beirut time
Weather    
Beirut
22 °C
Blom Index
BLOM
1,214.01down
Lebanon News
Follow this story Print RSS Feed ePaper share this
Virus plunges Lebanon into cyber war
Kaspersky lab Gauss
Kaspersky lab Gauss
A+ A-

BEIRUT: Over the past 11 months, eight sophisticated digital virus strands have targeted computers across Lebanon.

The viruses are surreptitiously infiltrating the operating systems, mining the computers’ data for account information and then sending the data to five command and control servers around the world. The attack – the most sophisticated virus ever to be unleashed on the country and likely sponsored by a nation-state – pulls Lebanon into the cross hairs of a cyber-espionage battle waged over computers in the Middle East in the past several years.

While at first glance the attack, named Gauss, appears to be for identity theft, the sophistication of the programing for the eight virus modules goes far beyond a money-making scheme.

Only Russia, China, Israel and the U.S. have the programming capabilities to craft such a piece of stealth malware, security experts say. And it’s likely one of those countries that launched the information mining attack that is currently targeting Lebanon’s financial and email accounts.

The specialized virus from an international power has sent shock waves throughout the banking industry.

“They are frightened and they don’t know what to do,” says a Web security expert who works with the banking industry in Lebanon.

“It’s a direct attack against the banking sector in Lebanon, one of the most stable sectors in Lebanon,” the expert says. “If it collapses, maybe the country will fall into chaos.”

Security experts say the government’s and many businesses’ cyber security protection lag well behind the industry standard, putting people at exceptional risk by having their information compromised.

Gauss mines personal information from computers it contaminates; it can gather usernames and passwords related to Lebanese banking accounts, social networking sites and email services.

After collating the personal information, the modules secretly send the information back to five command and control servers in India, Portugal and the U.S., according to Russian company Kaspersky Labs, which announced the discovery of the virus Thursday.

But only parts of the virus’ capabilities are known. Some parts of the virus are encrypted and other areas haven’t yet been explored. Experts aren’t even sure yet of the main method of the viruses’ distribution or its country of origin.

But what is unusual about this virus is how much it honed in on Lebanon.

Many virus attacks move into their target countries slowly, by way of file transfers from people in other nations. But of the 2,500 infiltrations Kaspersky Labs documented, 1,660 came from Lebanon. The organization says the detected number of infections is likely only a small portion of the total number in the country.

“It’s actually uncanny how well they managed to keep it in a geographical region,” says Daniel Bilar, a director of research at a cyber security organization in the U.S. “This is espionage [information] gathering ... You need a lot of international power behind this.”

The discovery of the virus comes weeks after the U.S. Justice Department condemned a Lebanese bank for laundering money for Hezbollah and South American drug cartels. The government renewed sanctions Friday on the armed political party.

The Gauss attack also comes amid a broad U.S. effort to force banks to tighten financial sanctions on Syria and Iran. The effort most recently saw U.S. officials alleging a U.K. bank, Standard Chartered, was breaking sanctions and laundering money for Iran.

Allegation of money laundering is widely denied by Lebanese bank officials. But some banking security advisers say the industry is deeply concerned and looking for ways to protect itself.

In addition to the financial crackdown, the discovery of Gauss is also tied to a cyber-espionage campaign in the Middle East that has been uncovered over the past several years mainly by a Russian security corporation.

“The discovery of Gauss indicates that there are probably many other related cyber-espionage malware in operation,” Kaspersky Labs reported Thursday. “The current tensions in the Middle East are just signs of the intensity of these ongoing cyber war and cyber-espionage campaigns.”

According to The New York Times, in 2009, the U.S. likely carried out a barrage of cyber attacks against Iran to try and slow down the development of its nuclear program. A report this year from The New York Times claims those attacks were part of a broad array of cyber attacks against the Islamic Republic codenamed Olympic Games that were approved by both President Barack Obama and George W. Bush.

The first shot of the cyber-espionage campaign was heard in 2009 when the sophisticated Stuxnet computer worm was being spread through USB sticks in and around Iran.

The worm targeted Iran’s nuclear program and heralded a new era in cyber warfare in an attack far more complex than almost anything that had been seen before. The virus injected code into software that controls industrial systems, allowing the worm to collect information and disrupt control of the system.

More cyber attacks came and a large number of attacks may not have been discovered. Shortly after Stuxnet was discovered in 2011 another virus was found called Duqu that also targeted industrial systems. In early 2012, computers were infected across the Middle East by the Flame virus that mined data and broke codes.

Flame escalated the cyber-espionage field even further. The virus employed expert level cryptography to crack operating system security and take control of infected systems.

Flame shared wide technical similarities with Stuxnet and Duqu, and Kaspersky Labs found the latest Gauss virus appears to be processed from the same “factory” as Flame.

A technical analysis from Kaspersky Labs found it likely was made by the same country that crafted those cyber-espionage attacks. The technical aspects of the Gauss virus had too much in common with some of the most sophisticated cyber attacks in history to have come from anywhere else, the report said.

But other cyber-security experts caution against drawing a direct line between all of the discovered attacks. There are no certain identification marks; instead, analysts have to draw comparisons based on the technical construction of the malware.

The components in the Gauss attack were named after famous mathematicians: a brash moment of showy intelligence by the code’s crafters or a false lead? It’s very difficult to say.

Possibly complicating the issue further is that the main source releasing this type of information on the virus is Kaspersky Labs, a Russian company with ties to the Russian government that may have a stake in the political ramifications of the virus’ discovery.

It’s this world of shadowy online conspiracy that Lebanon has now been pulled into.

 
A version of this article appeared in the print edition of The Daily Star on August 11, 2012, on page 3.
Home Lebanon News
 
     
 
cyber attack / cyber security / Lebanon
Advertisement
Comments  

Your feedback is important to us!

We invite all our readers to share with us their views and comments about this article.

Disclaimer: Comments submitted by third parties on this site are the sole responsibility of the individual(s) whose content is submitted. The Daily Star accepts no responsibility for the content of comment(s), including, without limitation, any error, omission or inaccuracy therein. Please note that your email address will NOT appear on the site.

comments powered by Disqus
More from
Stephen Dockery
 
 
Marky’s cheesesteaks offer a taste of Philly
 
 
Demo for fugitive Assir held in Downtown Beirut
 
 
Bliss’ Gift Mania fills long-neglected niche market for collectibles
 
 
ISF: HRW abuse report not reflective of police conduct
 
 
HRW: World should act on Lebanon police abuse
Advertisement


Baabda 2014
Advertisement
Follow us on Facebook Follow us on Twitter Follow us on Linked In Follow us on Google+ Subscribe to our Live Feed
Multimedia
Images  
Pictures of the day
A selection of images from around the world- Saturday April 19, 2014
View all view all
Advertisement
Rami G. Khouri
Rami G. Khouri
Why Israeli-Palestinian talks fail
Michael Young
Michael Young
Why confuse gibberish with knowledge?
David Ignatius
David Ignatius
Echoes of 1914 characterize the Ukraine crisis
View all view all
Advertisement
cartoon
 
Click to View Articles
 
 
News
Business
Opinion
Sports
Culture
Technology
Entertainment
Privacy Policy | Anti-Spamming Policy | Disclaimer | Copyright Notice
© 2014 The Daily Star - All Rights Reserved - Designed and Developed By IDS