UK businesses should take urgent steps to check their
systems are secure, police have warned after discovering one of the
world's largest industrial espionage and hacking
operations.
Senior directors of at least 15 leading businesses in Israel are
under investigation for hiring private detective agencies to obtain
confidential documents from rivals' computer systems.
Operation Horse Race, an international investigation by police in
Israel, Germany, the US and the UK, has led to the arrest of 22
suspects in Israel and London.
But the spying operation, which went undetected for two years, may
just be the tip of the iceberg.
The head of Israel's banking authorities has told financial
institutions to check their systems, and Israeli police said firms
in the UK and US may have been targeted.
Israeli investigators believe Michael Haephrati, the London-based
computer specialist at the centre of the spying operation, may have
sold his services to investigative agencies in London.
Haephrati is accused of supplying a sophisticated Trojan horse
program capable of giving hackers access to computer systems to
recover confidential documents and data.
He was arrested with his wife Ruth, also a computer consultant, in
London, following a raid by the UK's National Hi-Tech Crime Unit.
The pair have been remanded in custody until the end of June and
could face extradition to Israel.
Superintendent Pearl Liat of the Israeli police told Computer
Weekly, "We know Haephrati worked abroad. We assume that if he sold
this Trojan horse to private investigators in Israel, he also
offered to it companies abroad. That is why we have involved
through Interpol the police in London, Germany and the US."
Businesses targeted in Israel have suffered serious financial
damage, after private detective agencies working with Haephrati
allegedly stole copies of marketing plans, employee pay slips
business plans, and details of new products from their computer
systems to pass on to rivals.
Israeli investigators have recovered thousands of pages of
confidential documents, posted by the Trojan to servers in the US,
Israel and Germany.
"We are talking about 10 to 11Gbytes of material on different
servers," chief inspector Nir Nativ said on Israeli TV.
Analyst firm Gartner said that with UK firms being potential
targets, they should take precautions to protect their systems, but
there was little they could do against a determined hacker. "There
is always going to be someone who is clever enough to design an
attack that can evade control mechanisms," said vice-president and
director of research Jay Heiser.
Denise Plumpton, chairman of the Corporate IT Forum, said IT
departments should ensure their organisations stay one step ahead
of the hackers.
"This may help CIOs get the board's attention, but it is far better
if they can get it considered by the board as regular review, in
much the same way that companies have regular financial reviews,"
she said.
Brian Collins, vice-president of the British Computer Society and
former global CIO at law firm Clifford Chance, said the Trojan was
"a safe-breaking kit". "Intellectual property is one of the things
we have in this country, and this thing steals it," he said.
Royal Mail director of security David Lacey said the case
highlighted the need for proper funding for law enforcement against
cybercrime. "It is a growing problem. We have to make sure police
authorities are properly trained and funded," he said.