'Up to 100' targets in cyber espionage case implicating Israel

US has accused Israel of spying on the Iran nuclear talks in the past; security firm identifies widespread use of complex virus.

June 11, 2015 01:53
3 minute read.

A member of a delegation talks on the phone in the Beau Rivage Palace Hotel during a break in the Iran nuclear program talks in Lausanne March 31, 2015 . (photo credit: REUTERS)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


WASHINGTON – A cybersecurity firm has identified breaches in its software at three luxury European hotels from a virus considered a hallmark of Israeli intelligence operations.

Investigating the matter, the firm, Kaspersky Lab ZAO, discovered that all three hotels hosted talks between world powers and Iran over its nuclear program in the past year, the Wall Street Journal first reported on Wednesday.

According to the company's own report, Kaspersky crosschecked thousands of hotels in search of similar breaches. It found only three. The firm declined to name those hotels, but the negotiations have been held in only six hotels in Switzerland and Austria since the diplomatic effort first began.

But Kurt Baumgartner, principal security researcher at Kaspersky Lab, told The Jerusalem Post on Wednesday afternoon that the hack was not limited to the hotels and that "up to 100" targets were subjected to the attack.

“It’s important to know that Kaspersky Lab products identified the infection within various victims," Baumgartner said. "In addition to several unknown victims, we are quite sure that at least three of the venues where P5+1 talks about a nuclear deal with Iran were held have been attacked."

In addition to the high-level Iran negotiations, Baumgartner said they had found that the perpetrator also launched a similar attack surrounding the 70th anniversary event of the liberation of Auschwitz-Birkenau.

While their findings are preliminary, the firm concludes that the targets, beyond the hotels, all shared the characteristics of being of "the highest level" security and "including geo-political interests."

The tool of choice was a sophisticated virus known as Duqu 2.0, which may allow its handlers to monitor activity, steal computer files and eavesdrop from the rooms in which they are operating.

The firm also reported that the front desks of the hotels were hacked, which, according to the Journal report, would allow the hackers to identify the room numbers of specific delegates and ministers.

Neither the Prime Minister's Office nor the Foreign Ministry would comment on the report.

US officials publicly accused Israel of spying on the talks back in 2014, and have repeated those allegations ever since on multiple occasions. Israel's intelligence effort, they say, began in 2012, when the Obama administration first opened a covert channel with Tehran.

Responding to the Kaspersky findings, the Obama administration expressed confidence in its own security procedures.

"I can say that we take steps, certainly, to ensure that confidential, that classified negotiating details stay behind closed doors in these negotiations," said Jeff Rathke, a State Department spokesman, declining to elaborate.

Addressing the annual Herzliya Conference this week, Prime Minister Benjamin Netanyahu lamented Israel's absence at the negotiating table, given the impact a deal will have on the Jewish state.

"No one from this region, except Iran, is at the negotiating table," Netanyahu said. "Somebody once said: ‘If you’re not at the table, you’re on the menu.’ The states with the most at stake are not even in the room."

Two years of negotiations among the US, Britain, France, Russia, China, Germany and Iran produced a political framework agreement in April at the Beau-Rivage Palace Hotel in Lausanne. Diplomats hope to conclude the talks with a final, comprehensive agreement sealed by June 30.

Asked whether the firm could support claims that the virus is connected to Israel, Baumgartner said doing so with confidence is a tall order.

"In the case of Duqu, the attackers use multiple proxies and jumping points to mask their connections. This makes tracking an extremely complex problem," he said, adding: "It’s important to stress that we are absolutely sure that Duqu 2.0 is an updated version of the infamous 2011 Duqu malware, which is associated with an APT [advanced persistent threat] group that went dark in 2012.”

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Saudi blogger Mahmoud Saud in the Knesset on Monday with Avi Dichter (l), the head of the Knesset Fo
July 22, 2019
Saudi blogger attacked in Old City for 'normalizing' ties with Israel


Cookie Settings