A sophisticated computer virus was found at hotels linked to the Iranian nuclear negotiations, Russian computer security company Kaspersky Labs announced Wednesday. The virus, which can allow hackers to use the target computers for surveillance, has been attributed to Israel.
The Wall Street Journal reported that the virus was first uncovered by the Russian company on its own computers, where it had sat for six months before being found. When researchers at Kaspersky investigated further, they found “three luxury European hotels” had been infected. All three had been venues which hosted negotiations between Iran and the P5+1 world powers.
Kaspersky Labs dubbed the virus, which they discovered in early spring, Duqu 2.0, since it bears a striking similarity to the Duqu virus first identified in 2011. In fact, the Kaspersky report on the matter notes Duqu 2.0 borrows so heavily from the original, “it could not have been created by anyone without access to the original Duqu source code.”
Although Israel denies spying on the US or other allies, America considers Duqu infections to be Israeli spy operations, one former US official told the Wall Street Journal. Israel does acknowledge gathering intelligence on Iran generally. In March, the US accused Israel of spying on the Iranian nuclear negotiations.
According to Kaspersky Labs, the virus was designed to spy on its technology, research, and internal processes. It moves from the infected computer to other computers in the network, spreading slowly and stealthily, leaving behind files that allow hackers to control infected computers at a later date. The virus can provide access to video feeds and communication systems, from telephones to Wi-Fi networks. In the hotels, the virus could enable hackers to activate two-way microphones in elevators, computers and alarm systems, allowing them to eavesdrop on conversations. The virus had even infiltrated hotel reception computers, so hackers could track the room numbers of specific delegations.
In addition to the hotels, Kaspersky found traces of the virus on client computers in Western Europe, the Middle East and Asia, but not the US. Another Duqu 2.0 infection was discovered in a computer at a site used for a 70th anniversary commemoration of the liberation of Auschwitz. The event was attended by several heads of state.
Kaspersky called the hacker team responsible for Duqu 2.0 “one of the most skilled, mysterious and powerful threat actors in the APT (advanced persistent threat) world”. Stopping short of naming Israel as the originator of the virus, the company said in a statement, “Kaspersky Lab believes this is a nation state-sponsored campaign.”
According to Ynet, Eugene Kaspersky, CEO of the company that bears his name, warned of the dangers of state-sponsored hacking. Speaking at a news conference in London, he said, “Cybercriminals are copying the technologies from the state-sponsored attacks. They educate the bad guys.”
Kaspersky Labs maintains its security services have not been compromised by the infection. In the statement which accompanied its report, the company wrote, “Kaspersky Lab is confident that its clients and partners are safe and that there is no impact on the company’s products, technologies and services.”
