http://www.globes.co.il/serveen/globes/docview.asp?did=918528&fid=942 Noam Sharvit Globes Online 29 May 05 The Tel Aviv Magistrates Court today lifted a gag order concerning a wide-ranging Israel Police investigation into suspected industrial espionage involving some of the country's largest companies. It is suspected that three private investigator firms uploaded a Trojan Horse virus into the targeted companies' computers. Arrests in the affair include Mayer Cars and Trucks CEO Uzi Mor, who is suspected of ordering espionage against Champion Motors (Israel); YES CFO Moriah Kathriel, suspected of ordering espionage against HOT, its cable competitor; office equipment and photocopy company Hamafil Services CEO Yoram Cohen, suspected of ordering espionage against its rival Zilumatik Ltd. Pele-Phone Communications security director Shay Raz has been arrested for ordering industrial espionage against Ran Rahav Communications and PR Ltd., one of whose accounts in Partner Communications Co. Ltd. (Nasdaq: PTNR; TASE:PTNR; LSE:PCCD). Cellcom Israel Ltd. security director Ofer Reichman is suspected of ordering espionage against the ad agency Reuveni-Pridan, which also handles the Partner account. The most prominent private investigator detained is Lt.-Col. (res.) Zvi Krochmal, a former senior Military Police officer who was chief investigator in the Rami Dotan affair (Dotan was the former head of IDF procurement). Krochmal is suspected of uploading Trojan Horses in targeted companies on behalf of his clients. Three investigators from Krochmal's agency have also been arrested: Alex Weinstein, Yitzhak Dekel, and Ofer Fried. Another prominent private investigator who has been arrested is Modi'in Ezrahi CEO Yitzhak Rath, suspected of the same offenses. Three employees from his agency have also been arrested. Eliezer Pelosoff and Avraham Balali of the Pelosoff-Balali investigative agency have also been arrested. Possible invasion at "Globes", too The investigation is being conducted in cooperation with the British, and German police forces, with the support of Interpol. Tana Industries (known as Tami 4) is another company suspected of ordering industrial espionage about competitor Eden Springs (Maayanot Eden) (TASE:MEYD), but no arrests have yet been made. The police also suspect that industrial espionage was ordered by a local high tech company against "Globes". Among the companies known to have been damaged by the industrial espionage case so far: merged cable comany HOT, Strauss-Elite (TASE:STEL), wireless communications company Orange, car importer Champion Motors (Israel), advertising agencies Shalmor-Avnon-Amichay Young & Rubicam, and Reuveni-Pridan, public relations firm Ran Rahav Communications and PR Ltd., Eden Springs (Maayanot Eden), Shekem Electric, ACE Marketing Chains (ACE Israel), Soglowek, the Malam Group, and Zilumatik. Unpleasant surprise for the Jackont family The affair was uncovered in November 2004, when author-consultant and former capital market player Amnon Jackont was shocked to discover that details from a book he was writing had appeared on a website, without him disclosing the material to anyone. Together with his wife, Varda Raziel-Jackont, a marriage counselor, Jackont filed a complaint with the police. The police opened an investigation, eventually code-named "Horse Races", and took Jackont's home computer for testing. The investigation found that a Trojan Horse virus had been uploaded into the computer, which was sending documents and pictures to FTP file-storage servers in Israel and overseas. The virus was highly sophisticated, enabling remote control of Jackont's computer. The police investigation discovered that the virus had been uploaded via e-mail. The police fraud squad computer unit used technological aids to find the source of the virus, Michael Haephrati, 41, a former high-tech expert and resident of Bat Yam, who currently splits his time between the UK and Germany. Haephrati was arrested in London last week. The police were not surprised to discover that Haephrati was the ex-husband of Raziel-Jackont's daughter. The Israeli investigators, in cooperation with Interpol, the London Metropolitan Police, and the German Police, found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files. Tailor-made Trojan Horse It is suspected that the Trojan Horse virus was uploaded into the computers of many commercial companies via e-mail or CD, sent as business proposals to the recipients. Merely inserting the CD into a computer was enough to upload the virus without the user's knowledge. The police say that this kind of CD had been found at many companies. After obtaining a warrant, a more thorough investigation of the documents found on the FTP servers revealed that Haephrati had deliberately created the virus for three of Israel's largest private investigator firms: Modi'in Ezrahi, Krochmal Special Investigations, and Pelosoff-Balali. At the same time as the arrests, the police raided the suspects' homes and seized dozens of computers, tens of thousands of documents and photocopies, which are presently being studied. Most of the suspects are being accused of creating and distributing a computer virus, penetrating computer material, wiretapping, criminal conspiracy, aggravated fraud, and infringement of the Protection of Privacy Law (5741-1981). The police emphasize that any direct interception of computer files and documents is considered illegal wiretapping. During the investigation, the police remembered that a few years ago, the same suspects offered the police virus-based technology for legitimate uses, but the technology was unsuited to the police's requirements. The police had held intermittent negotiations lately, during which they examined the software's applications. The State Prosecutor and Tel Aviv District Prosecutor have accompanied the investigation from the beginning, due to its complexity and sensitivity. The police fraud squad had the help of the Israel Police Tel Aviv district central unit, the Israel Police Investigation and Intelligence Department, and computer investigators from all police units. Israel Police National Fraud Unit head, Chief Superintendent Arie Edelman, said the virus was unique because, "It not only penetrated the computer and sent material to wherever you wanted, but it also enabled you to completely control it, to change or erase files, for example. It also enabled you to see what was being typed in real time." He said the extent of those involved in the affair, and the program's capabilities were "exceptional". The police suspect that Haephrati adapted the virus for his clients' needs. He charged his clients .2,000 (NIS 17,000) per computer per month, including support. Since the virus was adapted for each client's purposes, it was not detected by information security systems. Edelman said, "This is not a common software that anti-virus software makers have had to fix." The police say that the virus had been used in Israel for at least the past two years. One of the first things checked was whether it had been used to uncover the internal correspondence of Channel 2 franchisee Tel-Ad Jerusalem Studios Ltd., published before the new Channel 2 tender, allegedly in an attempt to harm the company's chances in the tender. The answer was no. Uniform denials Hamafil Services chairman Yossi Zwillinger said today in response to reports about the investigation, "In business dealings, the company associates only with top-tier companies, where it is clear beyond any doubt that matters are conducted honestly. "We are sure, beyond a shadow of a doubt, in the professional integrity and trustworthiness of CEO Yoram Cohen". Cohen's attorney, Adv. Esther Bar-Zion said that the company's actions were legal, and that Cohen had cooperated fully with his interrogators, providing all evidence and documents they required. "Hamafil's personnel had no reason to suspect that anything was being done improperly or dishonestly," Bar-Zion said. Mor's attorney, Adv. Giora Aderet, said that the Mayer Cars and Trucks and Mor had acted completely within the law. He denied police allegations that Mor should have known that the information being supplied by Modiin Ezrachi was obtained through deceitful means. "Mayer's personnel had no suspicions whatsoever that Modiin Ezrachi operated unlawfully." Mayer's Cars and Trucks owners Shachar and Kass stated that they were sure, beyond all doubt, in Mor's outstanding professional and personal integrity, and his uninvolvement in the affair. Pele-Phone stated in response: "Pele-Phone and its workers have no connection to the illegal obtaining of information. "The company and its workers were surprised by the recent reports, and have cooperated with the police in clarifying the facts in this affair." The victims respond PR man Rani Rahav said, "If it was up to me, the guilty would hang." Partner stated in response, "We are shocked by the findings that are being released. "We are sure that the Israel Police is making every effort to discover the entities that acted to obtain the information, and will uncover the truth." Strauss-Elite stated, "We are examining the ramifications for us, as much as possible. We thank the Israel Police for discovering this affair. At this stage, matters speak for themselves, and we would prefer not to respond any further." HOT stated, "We are shocked by the investigation's findings, as reported by the media, and are studying the details. We expect competition between companies to be fierce and aggressive, but it should be conducted according to a code of ethics, and by law, just as HOT has done in the past, and will continue to do." Ad man Rami Shalmor said, "It is disgraceful that company executives, instead of creating real competition, take short-cuts and give in to temptation, buying commercial material so as to win the market. This is a norm that has got to stop. Competition should be fair." Ad man Udi Pridan said, "At this stage, we are learning, together with the police, what materials were stolen, and will act accordingly." "Globes" editor-in-chief Haggai Golan said, "Obtaining confidential information from the newspaper's computers does serious harm, particularly to the newspaper's freedom of expression, and its obligation to provide reliable information to its customers. We hope that this was an isolated incident. "Globes" will continue to bring its readers the best information possible." _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue May 31 2005 - 14:36:23 PDT