Russian cyber-security firm says improved Duqu virus was found in computers of 3 European hotels that hosted negotiations
Three European hotels that hosted negotiations between Iran and the world powers over limiting Iran’s nuclear program were targeted by a computer virus widely believed to be used as spyware by Israel, according to a leading cyber-security firm.
According to the Wall Street Journal, Kaspersky checked thousands of computers in other European hotels, all of them coming up clean – and it also quoted “current and former US officials and many cybersecurity experts (as believing that) Duqu was designed to carry out Israel’s most sensitive intelligence-collection operations.” The report did not offer any specific evidence of the allegations.
Israel, the Wall Street Journal report said, “has denied spying on the US or Israel’s other allies, although they acknowledge conducting close surveillance on Iranians generally. Israeli officials declined to comment specifically on the allegations relating to the Duqu virus and the hotel intrusions.”
The Wall Street Journal reported in March that Israel allegedly spied on the Iran nuclear talks in 2014.
A report by Kaspersky on the virus, which has been linked to Israel, was released on Wednesday.
Kaspersky does not identify Israel by name as being responsible for the virus, which allows the hacker to eavesdrop on conversations and steal electronic files, and could also enable the hacker to operate two-way microphones in hotel elevators, computers and alarm systems, according to the Wall Street Journal. However, it does conclude the threat came from the same source as the original Duqu virus, and says it was likely carried out by a nation-state.
The report said Kaspersky had contacted police departments in several countries about the malware attack.
““The people behind Duqu are one of the most skilled and powerful [advanced persistent threat] groups and they did everything possible to try to stay under the radar,” said Costin Raiu, head of Kaspersky Lab’s Global Research & Analysis Team, in a statement released by the company.
Hotels that have served as venues for the nuclear talks, the Wall Street Journal reported, “include: the Beau-Rivage Palace in Lausanne, Switzerland, the Intercontinental in Geneva, the Palais Coburg in Vienna, the Hotel President Wilson in Geneva, the Hotel Bayerischer Hof in Munich and Royal Plaza Montreux in Montreux, Switzerland.”
Israeli officials declined to comment on the report. Israel has denied spying on its allies.
US intelligence agencies view Duqu infections as Israeli spy operations, former US officials said, according to the report.
Dr. Tal Pavel, whose MiddleEasterNet website chronicles the cyber-war in the region and worldwide, said it would be nearly impossible to definitively trace the virus to Israel. The nature of computer hacking is that it’s anonymous, and even if you trace an attack to a server, you cannot know for sure that the owners of that server are behind the attack.
“We will probably never know definitively,” Pavel said.
The Duqu virus reportedly is related to Stuxnet, the computer worm that set back Iran’s nuclear program by several months or years by affecting some of Iran’s computer systems and centrifuges used to enrich uranium after it was released in 2010. The New York Times reported that Stuxnet was a joint project of Israel and the United States.
In addition to the three hotels that were hacked, the virus was found in computers at a site used to commemorate the 70th anniversary of the liberation of the Nazi death camp at Auschwitz, which was attended by several world leaders.
A former US intelligence official told the Journal that it was common for Israel and other countries to target large international gatherings such as that one held in late January.
As reported by The Times of Israel