21 people, including top executives, held in unparalleled industrial spying affair
Dozens of leading companies and top private investigators were named yesterday as suspects in a massive industrial espionage investigation that local police have been conducting for the past six months.
The companies suspected of commissioning the espionage, which was carried out by planting Trojan horse software in their competitors' computers, include the satellite television company Yes, which is suspected of spying on cable television company HOT; cell-phone companies Pelephone and Cellcom, suspected of spying on their mutual rival Partner; and Mayer, which imports Volvos and Hondas to Israel and is suspected of spying on Champion Motors, importer of Audis and Volkswagens. Spy programs were also located in the computers of major companies such as Strauss-Elite, Shekem Electric and the business daily Globes.
Police are currently investigating several other companies that may have been involved in the affair, which was under a court gag order until yesterday.
The Trojan horse software program allows the person who plants it to track all activity conducted via the "victim's" computer and even to seize control of the computer. Police suspect that this program was employed by three private investigation agencies to conduct industrial espionage against their clients' commercial rivals. The software apparently enabled the PIs to obtain vast quantities of secret information from the targeted computers.
The investigation began last November, when author Amnon Jacont and his wife, Varda Raziel-Jacont, complained to the Tel Aviv police that someone had hacked into their computer and stolen information from it. They reached this conclusion after discovering that personal documents, as well as parts of a book Jacont was writing, which had thus far never left his personal computer, had been posted on the Internet. Police examined their computer and concluded that it had been infected with a Trojan horse.
Police investigators eventually determined that the program had been written by Michael Haephrati, 41, a former in-law of Varda Raziel-Jacont. Haephrati, an Israeli citizen, currently lives in Germany and England and has no previous police record.
Investigators then found that Haephrati had sold his program to three private investigation agencies: Modi'in Ezrahi, Zvika Krochmal and Pilosof-Balali. All three agencies are licensed by the Israel Justice Ministry and enjoy excellent reputations.
"The program was essentially customized for each and every one of the `victims' that the PI agencies wanted to attack," said Chief Inspector Nir Nativ, one of the officers who investigated the
case. "Haephrati adapted the software to penetrate a specific company, at the request of the PI agency's client."
For each customized program, the agencies paid Haephrati about NIS 16,000. Haephrati took care of planting the virus in the target computer, then gave the PIs a username and password that enabled them to access the program, and thereby the victim's computer.
According to Chief Superintendent Arye Edelman, head of the Tel Aviv fraud squad, which ran the investigation, Haephrati used two methods to plant his malicious software (or malware) in the target computers. One was to send it via e-mail. The other was to send a disk to the target company that purported to contain a business proposal from a well-known company that would arouse no suspicions. Then, when an employee loaded the disk to view the proposal, the Trojan horse would infect his computer.
Police eventually obtained court orders to access several FTP servers based in Israel and the United States, and then discovered tens of thousands of documents stored there that belonged to major Israeli companies, including many files labeled "internal" and "secret." For the past two weeks, police have been examining these documents to determine which companies have been victimized.
Nativ explained that even anti-virus programs cannot detect Haephrati's malware, because each is unique. Moreover, the Trojan horses were generally unwittingly introduced by company employees who inserted the infected disks, rather than "attacking" from outside, making detection even more difficult.
Police believe that industrial espionage using Haephrati's programs has been going on for at least a year and a half. But because none of the victims knew about the malware, no one ever filed a complaint with the police. Only last week did police inform the victims about the software implanted in their computers.
Police said that they are not yet able to quantify the economic damage suffered by the victims, but it appears to have been considerable - thanks both to the program's capabilities and to the sheer number of companies involved.
Last week, police finally decided to end their undercover investigation. They therefore had Haephrati and his wife, Ruti, arrested in London, with the help of Interpol and the London police. Last Thursday, Haephrati was brought to a London court for a remand hearing, and Israel has requested his extradition as soon as possible.
Two days before his arrest, police raided the three private investigation agencies suspected of using the Trojan horse program, confiscated their computers and arrested nine PIs. From Modi'in Ezrahi, they arrested CEO Yitzhak Rath plus investigators Eyal Abramowitz, Haim Zisman and Assaf Zlotovsky; from Krochmal they arrested CEO Zvika Krochmal plus investigators Ofer Fried and Alex Weinstein; and from Pilosof-Balali they arrested the joint CEOs, Eliezer Pilosof and Avraham Balali. Police also arrested the 17-year-old son of one suspect after investigators caught him trying to erase information from his arrested father's computer.
Later that week, police also arrested five executives from the companies suspected of commissioning the espionage: Uzi Mor, CEO of Mayer; Yoram Cohen, CEO of Hamafil; Moriah Katriel, financial vice president of Yes; Shai Raz, director of Pelephone's security department; and Ofer Reichman, director of Cellcom's security department.
In addition, they arrested Avner Kass and Or Shahar, sons of Mayer owners Israel Kass and Jacob Shahar, who were released on bail.
At a remand hearing for the PIs last Wednesday, police told the Tel Aviv Magistrate's Court that the investigators are suspected of penetrating a computer for the purpose of committing a crime, making and propagating a computer virus, violating the Protection of Privacy Law, conspiring to commit a crime, wiretapping and fraud. Police also suspect the three agencies of cooperating with each other to perpetrate their industrial espionage.
Rath, like many of the others, claimed at the hearing that he had no idea he was committing a crime. "When the investigators came, I opened the safe for them and helped with the papers. We didn't know we were breaking the law."
But that did not persuade Judge Mordechai Peled, who remanded them for nine days. Peled said the evidence indicated that they not only engaged in widespread industrial espionage, but made great efforts to conceal their illegal activities.
At a separate remand hearing for three of the corporate executives, Mor, Cohen and Katriel, last Thursday, the suspects admitted to commissioning the investigations, but claimed that they had no idea the material they were being given had been obtained illegally. All stressed that their contracts with the PI agencies explicitly obligated the agencies not to violate the law.
Police argued in response that upon being given their rivals' most closely guarded internal documents, they could hardly have failed to realize that the documents were obtained illegally.
Judge Peled accepted the police's argument on this score and remanded the three executives for five days.
On Friday, two more executives, Raz and Reichman, were remanded, along with two more PIs, Roni Barhum of Modi'in Ezrahi and Yitzhak Dekel of Krochmal.
That same day, however, police encountered their first hitch: A corporate executive whom they had planned to arrest that very morning left the country. Police blame his sudden departure on a report of Haephrati's arrest that appeared in that morning's daily Yedioth Ahronoth, and was later picked up by the Globes Web site. They have therefore begun investigating both newspapers on suspicion of violating the gag order on the affair.
Yesterday, Cellcom CEO Yitzhak Peterburg was questioned by police.
The next step, police sources said, is to meet with executives of the victim companies to determine whether any have recently suffered damage from rivals that could be attributed to industrial espionage. That will give them leads to other corporate lawbreakers, the sources explained.