Mossad hacked Syrian laptop before bombing nuclear facility

Filed Under: Data loss, Malware

Mossad logo
According to reports in Der Spiegel, agents working for the Israel's Mossad intelligence service planted a Trojan horse on a computer belonging to a senior official in the Syrian government, gathering information which lead to an air-raid on a nuclear project in Syria's eastern desert.

The attack on the partly-constructed Syrian nuclear facility occurred in September 2007, a year after a top Syrian official is said to have left his laptop in his room in a swanky hotel in Kensington, London.

According to Der Spiegel:

[The Syrian official] was under Mossad surveillance and turned out to be incredibly careless, leaving his computer in his hotel room when he went out. Israeli agents took the opportunity to install a so-called "Trojan horse" program, which can be used to secretly steal data, onto the Syrian's laptop.

The hard drive contained construction plans, letters and hundreds of photos. The photos, which were particularly revealing, showed the Al Kibar complex at various stages in its development. At the beginning -- probably in 2002, although the material was undated -- the construction site looked like a treehouse on stilts, complete with suspicious-looking pipes leading to a pumping station at the Euphrates. Later photos show concrete piers and roofs, which apparently had only one function: to modify the building so that it would look unsuspicious from above. In the end, the whole thing looked as if a shoebox had been placed over something in an attempt to conceal it. But photos from the interior revealed that what was going on at the site was in fact probably work on fissile material.

One of the photos showed an Asian in blue tracksuit trousers, standing next to an Arab. The Mossad quickly identified the two men as Chon Chibu and Ibrahim Othman. Chon is one of the leading members of the North Korean nuclear program, and experts believe that he is the chief engineer behind the Yongbyon plutonium reactor. Othman is the director of the Syrian Atomic Energy Commission.

The information gathered by the spyware Trojan horse appears to have lead to Israel knocking out Syria's nearly-completed nuclear reactor the following year.

Should we be surprised by these news reports? Probably not. In fact, I think it's likely that many countries around the world are using malware - and more specifically spyware Trojan horses - to spy upon each other.

Earlier this year, Seoul accused North Korea of having a specialist cyberwarfare brigade, stealing information from enemy countries and disrupting rival South Korean and American military networks with computer technology.

Back in September 2007, the Financial Times reported that the Chinese army were being blamed for an attack against a Pentagon computer in the office of US defense secretary Robert Gates. The FT reported that the People's Liberation Army (PLA) had been named as the likely perpetrators of the hacking attempt.

And last year I explained how the conflict between Russia and Georgia spilled into cyberwarfare, described how the German foreign intelligence service had been accused of spying on a ministry in Afghanistan, and described how the Belgian and Indian governments had pointed the finger at China for attacks against their systems.

Countries will use every dirty trick in the book to spy upon each other and grasp an advantage. We shouldn't be surprised if intelligence agencies like Mossad are also engaged in this kind of behaviour, and we shouldn't fool ourselves into thinking that our own countries aren't also using spyware for their own ends too.

And what's the lesson for those of us who aren't spies or Government agents? Well, if you have sensitive information on your laptop - make sure it is properly protected with security software and that any confidential information is encrypted.

Furthermore, maybe it wouldn't be a good idea to leave it unattended in your hotel room if the data contained upon it could be considered extremely sensitive.

, , , , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.