Computer Crime Research Center

hack/spy.jpg

Trojan spyware attacks

Date: June 08, 2005
Source: The Register
By: Bill Goodwin

A London-based Israeli couple are at the centre of one of the world's largest industrial espionage and computer hacking scandals.

Computer specialist Michael Haephrati and his wife Ruth are accused of supplying the sophisticated Trojan horse software used by private detective agencies to spy on scores of top Israeli firms.

But police believe this is just the tip of the iceberg, and firms worldwide, including those in the UK, may have had confidential information compromised after being infected by spyware supplied by the Haephratis.

The couple were remanded in custody after an appearance at Bow Street Magistrates Court on 26 May and are now facing extradition to Israel.

Their arrest followed an international investigation by the computer crime unit of the Tel Aviv fraud squad, Interpol, police in Germany and the US, and the UK's National Hi-Tech Crime Unit.

Michael Haephrati, who has homes in London and Germany, provided his services through London-registered computer consultancy, Target Eye. The company lists its specialities as security, intelligence and spyware.

According to Israeli police, Haephrati, who honed his computer skills during his three-year military service with the Israeli army, charged $2,000 (1,100) a month to supply and maintain custom designed Trojan horse spy software.

The full extent of the industrial spying operation has yet to be discovered, Peal Liat, superintendent at Tel Aviv police headquarters, told Computer Weekly.

"Right now it is a very sophisticated investigation. We have something like 150 different computers that were taken by the investigators. Every computer they open, they discover more. Every day it gets us more companies that ordered the information and more companies that were infected," she said.

Israeli police are investigating the role of 15 senior executives from top Israeli companies, after they allegedly hired detective agencies to obtain confidential information from their competitors' computer systems.

Telecoms companies, advertising agencies and public relations firms are among more than 20 organisations known to have been targeted.

Twenty-two staff from Israel's three leading private investigation firms have been arrested. The son of one of the chief suspects, allegedly discovered deleting files after being interrogated by police, has also been arrested, and faces a hearing in a juvenile court.

The agencies are accused of conducting industrial espionage on a huge scale against scores of computers belonging to listed companies and private individuals, according to documents lodged at Tel Aviv Magistrates Court.

Further arrests are expected as Israeli police complete forensic analysis of the computers seized from the offices of private detective agencies, Israeli firms accused of spying on their competitors, and Haephrati's London company.

Police believe the net could extend beyond the borders of Israel and that Haephrati may have sold his services to investigative agencies in the UK, Germany and the US.

Haephrati is accused of offering Trojan software to detective agencies Modi'in Ezrahi, Krochmal Special Investigations and Pelosoff-Ballai.

The agencies used the software, which was delivered by e-mail or given to targets in the form of CD-Roms containing business software, to retrieve confidential material for their clients.

Their investigations ranged from gathering evidence of marital infidelity to obtaining copies of companies' takeover documents and confidential business plans for competitors.

The Trojan was highly sophisticated and capable of evading detection by anti-virus systems, said Liat.

"They were able to see everything, from e-mails to documents to information. And they were able to copy it and take it out. We think the Trojan had the ability to log keystrokes."

The Trojan sent images and documents to FTP servers in Israel, Germany and the US, court documents reveal.

Additional research by Hazel Ward in Jerusalem
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo