US Indymedia Global Indymedia Publish About us
Printed from Boston IMC :
IVAW Winter Soldier

Winter Soldier
Brad Presente

Other Local News

Spare Change News
Open Media Boston
Somerville Voices
Cradle of Liberty
The Sword and Shield

Local Radio Shows

WMBR 88.1 FM
What's Left
WEDS at 8:00 pm
Local Edition
FRI (alt) at 5:30 pm

WMFO 91.5 FM
Socialist Alternative
SUN 11:00 am

WZBC 90.3 FM
Sounds of Dissent
SAT at 11:00 am
Truth and Justice Radio
SUN at 6:00 am

Create account Log in
Comment on this article | Email this article | Printer-friendly version
News :: Technology
Israelis jailed for spyware espionage
04 May 2008
London-based Michael Haephrati, who honed his computer skills during three years' military service in the Israeli army, developed the spyware Trojan horse, while his wife, Ruth, marketed it to several private investigation firms who bought the code and installed it onto the computers of its clients' rivals.
Written by Adrie van der Luijt
Friday, 02 May 2008

Experts have warned businesses to be on their guard against agencies who offer them information on their competitors.

The call, by virus software firm Sophos, follows the jailing of a team of private investigators who used spyware to steal information on behalf of legitimate companies.

Commercial information

According to media reports, four members of the Israeli Modi'in Ezrahi private investigation firm have been sentenced after they were found guilty of using a Trojan horse to steal commercial information.

The Trojan horse was said to have been used by a number of different private investigation firms to spy on the Rani Rahav PR agency - whose clients include Israel's second biggest mobile phone operator, Partner Communications -, and the HOT cable television group. Another alleged victim was Champion Motors, who import Audi and Volkswagen motor vehicles.

Asaf Zlotovsky, a manager at the Modi'in Ezrahi detective firm, was given a 19 month jail sentence. Two other employees, Haim Zissman and Ron Barhoum, were sent to prison for 18 and nine months respectively.

The firm's former CEO, Yitzhak Rett, escaped a jail sentence after admitting the allegations under a plea bargain. He has been fined 250,000 Israeli Shekels (£36,000) and will face 10 months on parole.

Bad publicity

Graham Cluley, senior technology consultant at Sophos, says that it is understandable that firms would want information on what their business rivals are planning to do, and try to seek a competitive advantage over them.

He adds, however, that it is not acceptable to hire firms that will use illegal methods, such as computer spyware, to gather that information.

"Firms need to be very careful about the third parties they hire to help them grow their business, and seek assurances that their partners will not be behaving unethically or illegally. If they do not, the consequences could not only be a swathe of bad publicity but also a spell in prison," Cluley warns.

London-based Michael Haephrati, who honed his computer skills during three years' military service in the Israeli army, developed the spyware Trojan horse, while his wife, Ruth, marketed it to several private investigation firms who bought the code and installed it onto the computers of its clients' rivals.

The Haephratis were fined and sentenced to jail by an Israeli court for their involvement in the case in 2006.

Infected web pages

"Regular cyber criminals may be attempting to steal your employees' credit card details, but spyware can also be used for corporate espionage designed to steal your business plans and customer databases," explained Cluley.

He warns that firms should be on their guard and have proper defences in place to avoid falling foul of this kind of attack.

Sophos reported an average of more than 15,000 new infected - "hacked" - web pages every day in the first quarter of 2008, three times more than in 2007, and 79 per cent of these were legitimate websites.

High-profile losses of customer details were reported from both US companies Hannaford and Advanced Auto Parts.

In March 2008, it was reported that the credit card numbers of 4.2 million customers had been stolen from the supermarket chain Hannaford Bros using malware installed on servers at the grocery chain’s stores in New England and Florida.

The credit card details were then sent overseas. According to media reports at the time of writing, the Secret Service is continuing its investigations and approximately 1800 fraud cases have already been reported as a result of the incident.

The high profile breach resulted in a letter of apology from Hannaford’s CEO Ron Hodge being placed in every customer’s shopping bag.

Vigilant companies not immune

March also saw US motoring parts retailer Advance Auto Parts announcing that hackers had gained access to the financial information of 56,000 of its customers, through an attack which affected 14 of its stores worldwide.

Companies remain under pressure to become compliant with new payment card industry (PCI) guidelines.

Ironically, the largest reported data breach so far this year followed Hannaford’s implementation of the guidelines, highlighting that even the most vigilant of companies are not immune to data loss.

The threat of infected emails declined, however, with only 1 in every 2500 emails infected, compared to 1 in every 909 in 2007.

Rather than incorporating malware into the email in the form of an attachment, cyber criminals are using unsolicited email to provide links to compromised websites.

Sophos said that there is still a common belief that unsolicited email, or spam, is a non-threat. With virtually all of it unwanted, and a large proportion linking to infected websites, Sophos warned that organisations would be wise to address this problem before they become a victim.

Security industry

January saw reports of thousands of websites belonging to Fortune 500 companies, government agencies and schools being infected with malicious code.

In February, UK broadcaster ITV was the victim of a poisoned web advert campaign, designed to deliver scareware to Windows and Mac users.

Even companies in the security industry have suffered attacks. Trend Micro’s malware analysis pages were compromised for a few days early in 2008.

This was not the first example of a security company’s website being hacked, with Symantec and Computer Associates both reportedly attacked.

Even a Mac security forum suffered from vast amounts of spam pushing hardcore porn and malware.

This work is in the public domain
Add a quick comment
Your name Your email


Text Format
Anti-spam Enter the following number into the box:
To add more detailed comments, or to upload files, see the full comment form.