Likely Arabic-speaking hackers have conducted a four-month long campaign to embed spyware in Israel Defense Forces terminals, US-based security company Blue Coat Systems has told Reuters.
Waylon Grange, the researcher behind the discovery, says he found malware “beaconing” from Israeli officials’ computers – indicating that it was installed to those who launched it.
Blue Coat believes officials were tricked into letting spyware onto their computers by clicking on content customized to arouse their interest – such as a racy video labeled 'Girls of the Israel Defense Forces' and news about IDF operations.
The technique is known as phishing, and Grange believes it can be performed with common tools available to common cyber criminals, such as the Poison Ivy Trojan. Grange says he deduced that the hackers spoke Arabic, because their tools used it as their default language.
Once the program is on the computer it can perform a variety of tasks, such as monitoring the keyboard strokes of the user to detect passwords, and downloading information from the terminal onto the hacker’s own PC. Despite their apparent simplicity, most of the programs managed to avoid sophisticated anti-virus programs.
“Not all targeted attackers need advanced tools. As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts,” Blue Coat wrote in a paper, which is yet to be published.
READ MORE: Erasing from cyberspace? Hackers hit Israeli websites
Due to its contracts with clients, Blue Coat did not reveal how many computers had been infected, and said it did not know if any key information was obtained.
But despite their reliance on seemingly naive web users clicking on unverified links, phishing attacks can wreak genuine havoc. The Sony attack in November last year, where 100 terrabytes of data were stolen from the company servers originated in such a way, as have the antics of the Syrian Electronic Army, which has managed to repeatedly gain access to the accounts of some of the world’s most powerful media organizations.
Among the likely suspects behind the recent attack, is the so-called ‘Desert Falcons’ group, identified by Russian security firm Kaspersky Lab in February. The loose network of hackers operates out of Palestine, Egypt and Turkey appears to target state institutions in its attacks, and would fit the profile. A Lebanon-based group detected by Israel’s Check Point Software Technologies last month is another suspect, though with cyber-warfare ramping up throughout the Middle East, the responsibility could lie with an as-yet-unidentified hacking collective.