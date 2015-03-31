By Joseph Menn
SAN FRANCISCO, March 31 A security company has
discovered a computer spying campaign that it said "likely"
originated with a government agency or political group in
Lebanon, underscoring how far the capability for sophisticated
computer espionage is spreading beyond the world's top powers.
Israeli-based computer security firm Check Point Software
Technologies said its researchers ruled out any
financial motive for the effort that targeted telecommunications
and networking companies, military contractors, media
organizations and other institutions in Lebanon, Israel, Turkey
and seven other countries. Researchers also found computers
infected with spyware in the United States, United Kingdom and
Canada.
The campaign, which Check Point dubbed Volatile Cedar, dates
back at least three years and deploys hand-crafted software with
some of the hallmarks of state-sponsored computer espionage.
Twice, after software elements were detected as malicious by
anti-virus programs, the campaign paused and then began
distributing newer versions that escaped scrutiny, said Check
Point researcher Shahar Tal.
While the chief aims of the software were to steal data and
spread, the programs could also delete files and take other
actions at the direction of control computers elsewhere.
The distributors relied on an unusual method for
installation, Tal said. Instead of emailing tainted links or
infected attachments, the people behind Volatile Cedar broke
down the front door, hacking into public-facing websites and
then moving from those host computers to others in the
organization that contained more valuable information.
"They are not `script kiddies,'" as low-skill hackers are
called, Tal said. "But we have to say in terms of technical
advancement, this is not NSA-grade. They are not replacing
hard-drive firmware," as did a nearly undetectable strain of spy
software found recently by Kaspersky Lab.
Tal declined to say what sort of data had been stolen but
said he found the successful infiltration of a defense
contractor to be "alarming."
He said Check Point had notified authorities in all 10
countries where the hundreds of infections had been detected.
The company also passed along technical information to other
security companies so that their anti-virus programs would find
more instances.
Tal said he was not aware of any other major spying campaign
attributed to the Lebanese government or major factions.
Researchers consider the United States, China and Russia to be
the most advanced and prolific electronic spies, while other
major cyber-espionage efforts have been traced to Israel, the
United Kingdom, France and Spain.
(Reporting By Joseph Menn; Editing by Ken Wills)