A Russian security firm has revealed that complex spyware linked to Israel has been found on devices at venues used for nuclear talks with Iran.
Kaspersky Lab has revealed that it cannot say to what extent data was breached by the sophisticated attack, which was almost undetectable. The Moscow-based security company stopped short of explicitly identifying Israel as the culprit behind the attack, but did say that it was most likely “state-sponsored malware,” writes Carol Morello for The Washington Post.
Security company detects sophisticated attack
Company chairman Eugene Kaspersky told the Russian press that the malware was well-hidden and capable of recording data. He described it as “kind of a mix of ‘Alien,’ ‘Terminator’ and ‘Predator,'” referring to the Hollywood movies.
Negotiations aimed at reaching an agreement on nuclear policy are ongoing between Iran and six world powers. Attempted cyber espionage at the high-level talks shows quite how far cyber spying has developed as an important form of modern warfare.
Kaspersky told the press that the malware appeared to be an improved version of the Duqu virus, first identified in 2011. Duqu is thought to be related to the Stuxnet computer worm which infected devices at Iran’s nuclear facilities in 2010, causing important setbacks to its program.
In the aftermath of that attack, Iran blamed Israel and the U.S. for infecting its machines. Security experts have not reached a definitive conclusion as to the origins of the malware, but many have previously claimed that Duqu appears to be the product of the Israeli cyber warfare program.
Cost of development effectively rules out amateur hacker
According to Kaspersky, a piece of spyware such as Duqu would have cost around $10 million to develop, making it more likely to be the work of a state-sponsored group rather than an individual.
Duqu can be used to collect information or to look for other weaknesses in computer defense systems, but Kaspersky do not know whether any information was obtained by this specific hack. “We don’t know if the attackers were successful,” said Kaspersky principal security researcher Kurt Baumgartner, writing to The Washington Post. “What we know is that they have successfully deployed their platform there and were able to attack.”
Jeff Rathke, a spokesman for the U.S. State Deparment, stated that U.S. envoys follow protocols designed to “ensure confidential and classified negotiating details stay behind closed doors.” He did not make any comment on the Kaspersky report.
None of the countries involved in the talks commented on the report, and neither did Israel. Officials from Benjamin Netanyahu’s government have never confirmed or denied Israeli links to the Stuxnet virus.
Spotlight on Israel due to opposition to negotiations
Another reason for suspicions over Israeli responsibility for the Duqu attack is Netanyahu’s opposition to a potential nuclear deal with Iran. He has lobbied hard to prevent a deal being reached, and negotiators are fast approaching the June 30 deadline.
Negotiations have taken place in a number of luxury hotels in Switzerland, Austria and Oman. Specific details of the hotels were not revealed.
Israel has been accused of spying on the talks and undermining them using the information that it gathers. U.S. officials made the allegations earlier this year, and confirmed that it was not sharing all of the details of the negotiations with its ally, which denied the claims.
Kaspersky revealed that the hackers were not looking for corporate or financial data, but were instead looking for weaknesses in new security software. He was scornful of the attack, saying “it’s stupid to attack an Internet security company. Sooner or later, we find it, anyway.”