Cybercriminals have been doing it for years: developing viruses that enable them to steal bank account login information. But now, it appears a nation-state is using the technique for classic espionage purposes.
Kaspersky Lab, a Moscow-based computer security firm, reported this week that it had discovered a new state-sponsored virus infecting computers in the Middle East. Kaspersky researchers dubbed the virus "Gauss" and said it appeared to have been designed to target several large banks in Lebanon.
"We have never seen any malware target such a specific range of banks," Kaspersky's director of global research, Costin Raiu, told The New York Times.
The Kaspersky researchers say the Gauss virus appears to have been developed by the same programmers who built the Flame virus, which in turn shared some features with the Stuxnet virus, deployed against Iranian nuclear installations.
Kaspersky did not say which nation-state it suspected of developing the Gauss virus, but some officials have privately hinted that the United States and Israel developed the Flame and Stuxnet viruses.
If the Gauss virus was developed to gather inside information on Lebanese banks, it would be consistent with a U.S. desire to monitor financial transactions carried out by the Lebanon-based Hezbollah organization.
Bilal Saab, a Lebanon expert at the Monterey Institute of International Studies, notes that Hezbollah's ties to the regimes in Syria and Iran have only heightened U.S. officials' interest in Lebanese banks.
"They want to see if there's money-laundering in these banks," Saab says, "whether Hezbollah is using them, or perhaps even the Syrian government or the Iranian government to sustain their operations."
The United States maintains normal relations with Lebanon, but Saab points out that U.S. intelligence agencies may still want to gather information on Lebanese banking operations through clandestine means.
"Keep in mind that Lebanon has a banking secrecy law, which means you cannot really obtain any information about accounts in Lebanon," Saab says. "That may give an indication, if [the Americans] are actually involved behind [Gauss], why they may have felt a need to come up with this virus."
If the Kaspersky Lab report is accurate, it would suggest that countries, notably the United States, are already using sophisticated cybertools to spy on and possibly even attack other countries.
But the intrigue doesn't stop there. Stuxnet, Flame and now Gauss have all been "outed" by the Kaspersky Lab in Moscow, founded by Eugene Kaspersky, who has ties to the Russian government.
"He's a graduate of the KGB's cryptological academy," says Noah Shachtman, who profiled Kaspersky in a recent edition of Wired magazine. "He was an intelligence officer in the Soviet military, and then got out of the military and started a business with his former KGB professor."
A suggestion that the U.S. is waging cyberwar could serve the political interests of U.S. adversaries because the United States would more likely be seen as an aggressor in cyberspace.
"We're in a new era where code has become geopolitics," Shachtman says. "These nation-state, online espionage operations [are not] just nuisances or things that happen quietly on some government official's computer. [They have] become a major focus of international relations, international strategy and international power struggles."
In any case, the United States and its allies have been put on the defensive. Neither the Defense Department nor the Treasury Department is commenting on the revelations about the Gauss virus.
MELISSA BLOCK, HOST:
This is ALL THINGS CONSIDERED. From NPR News, I'm Melissa Block.
We learned this week of a new cyber-weapon, another tool possibly being used by countries gearing up for computer war. This one is called Gauss. Researchers say it appears to be related to Stuxnet. That's the computer virus that was directed against Iran's nuclear program. The Gauss virus was found in Lebanon, where it's infected a number of banks. NPR's Tom Gjelten says Gauss may bring new insight to the nature of war, espionage and superpower rivalry.
TOM GJELTEN, BYLINE: The researchers who discovered the Gauss worm say it bears a strong resemblance to viruses developed for the purpose of extracting money from people's bank accounts. It can be used to steal account login information, something cybercriminals do all the time.
What's different about Gauss, according to the virus researchers, is that it only targeted particular banks, largely in Lebanon. So who would have an interest in finding out what's in Lebanese bank accounts?
Bilal Saab from the Monterey Institute of International Studies knows that the U.S. government tries to keep track of financial activity carried out by the Hezbollah group based in Lebanon. And Hezbollah's ties to the regimes in Syria and Iran, Saab says, have only heightened the Americans' interest in Lebanese banks.
BILAL SAAB: They want to see if there's any extensive money laundering in these banks, whether Hezbollah is using them or perhaps even the Syrian government and the Iranian government to sustain their operations.
GJELTEN: Kaspersky Lab, the Moscow-based company that discovered the virus, did not speculate on who developed Gauss. But the lab did say it appeared to have come from a nation state, and probably from the same programmers who developed the Stuxnet and Flame viruses. Both of those have been tied to the United States and Israel. And Bilal Saab says if the Americans wanted to learn about Lebanese banking activities, they would probably need inside information.
SAAB: Keep in mind that Lebanon has a banking secrecy law, which means that you really cannot obtain any information about accounts in Lebanon. So that just might give you an indication why they felt the need to - if they are, actually, involved behind it - why they felt the need to come up with this virus.
GJELTEN: If the Kaspersky Lab report is accurate, it would suggest that countries - most notably the United States - are already using sophisticated cyber-tools to spy on and possibly even attack other countries.
But the intrigue does not stop there. Stuxnet, Flame and now Gauss have all been outed by the Kaspersky Lab in Moscow, founded by Eugene Kaspersky. Noah Shachtman, who recently profiled him for Wired magazine, notes that Kaspersky has close ties to the Russian government.
NOAH SHACHTMAN: He's a graduate of the KGB's cryptological academy. He was an officer in the Soviet military, an intelligence officer, and then got out of the military and started a business with his former KGB professor.
GJELTEN: A suggestion that the U.S. is waging cyber-war could serve the political interests of U.S. adversaries. The United States may now be seen as an aggressor in cyberspace. All this adds up to a new era, Shachtman says. Computer code has become geopolitics.
SHACHTMAN: These nation-state online espionage operations have become a major focus of international relations, of international strategy and of international power struggles.
GJELTEN: And from a propaganda perspective, the United States and its allies have been put on the defensive. Neither the Defense Department nor the Treasury Department is commenting on these revelations about the Gauss virus. Tom Gjelten, NPR News, Washington. Transcript provided by NPR, Copyright NPR.