A computer spy virus believed to be linked to Israel targeted three luxury European hotels just before each hosted negotiations between Iran and world powers over the Islamic Republic's nuclear program, the Wall Street Journal reported on Wednesday.
Researchers at the cybersecurity firm Kaspersky, who identified the virus, have concluded that it was an improved version of a spyware first detected in 2011 by the codename "Duqu."
Though Kaspersky was unable to assess exactly how the virus was used and what information was obtained, the security firm said that the use of the virus might have been used to eavesdrop on conversation, steal files, and gain control of any computer-linked system at the hotel, such as phones, elevators and alarms. The virus is also able to target Wi-Fi networks and penetrate the hotels' front desk computers, which could have allowed whoever is controlling it access to room numbers of delegation members.
Kaspersky's findings could shed light on the use of spyware and other surveillance efforts during the talks concerning Iran's nuclear program, the Wall Street Journal said.
Nuclear talks between the U.S., Britain, France, China, Russia and Germany and Iran were held in venues in Switzerland and Austria and Germany, but the report did not identify which of the hotels were targeted by the virus.
According to the report, the Moscow-based firm did not name Israel as the country behind the new virus, but it reportedly named the report "Duqu Bet," implying a link to the second letter in the Hebrew alphabet. Researchers said that substantial parts of virus' code resembles that of Duqu, adding that it’s was practically impossible to create the new virus without access to the original code.
The virus was also found on computers used during the ceremony to commemorate the 70th anniversary of the liberation of the Nazi death camp Auschwitz, which was attended by world leaders.
Duqu, which received its name because it creates files with "DQ" in the prefix, was identified by the security software firm Symantec in 2011. The firm said at the time that the virus appeared to be very similar to Stuxnet, a computer worm that hit computers at Iranian nuclear facilities. The New York Times in 2011 said that Stuxnet was part of a joint Israeli-U.S. operation to undermine Iran's nuclear ambitions.
Last month, the Wall Street Journal reported that Israel spied on closed-door nuclear talks between the United States and Iran last year in order to build a case against the impending deal. In addition to eavesdropping on closed-door talks, the report said, Israel “acquired information from confidential U.S. briefings, informants and diplomatic contacts in Europe.”
The White House reportedly discovered the operation when U.S. intelligence agencies spying on Israel "intercepted communications among Israeli officials that carried details the U.S. believed could have come only from access to the confidential talks,” according to the May report.
In March, ahead of Benjamin Netanyahu's speech in Congress, the White House and the U.S. State Department publicly warned the prime minister that revealing details about the talks with Iran would be seen as betrayal of American trust. U.S. officials said Israel has a great deal of information about the emerging deal with Iran that it obtained independently.
New Duqu virus also targeted Kaspersky
Kaspersky and its CEO, Eugene Kaspersky, are highly regarded in the cybersecurity community, but Kaspersky is also criticized over alleged ties to the Kremlin, which he denies.
The firm said its computers were also the target of the new virus. An employee discovered it when testing a new security program. The company then began monitoring the virus in attempt to evaluate how it worked and what the hackers were after. Kaspersky said the hackers attempted to access information concerning new cybersecurity technologies.
“Spying on cybersecurity companies is a very dangerous tendency," Eugene Kaspersky said in a statement published on Wednesday.
"Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario."