[ISN] YES, Pele-Phone, Cellcom execs arrested for computer espionage

InfoSec News isn at c4i.org
Tue May 31 03:07:33 EDT 2005


Noam Sharvit    
Globes Online
29 May 05

The Tel Aviv Magistrates Court today lifted a gag order concerning a
wide-ranging Israel Police investigation into suspected industrial
espionage involving some of the country's largest companies. It is
suspected that three private investigator firms uploaded a Trojan
Horse virus into the targeted companies' computers.

Arrests in the affair include Mayer Cars and Trucks CEO Uzi Mor, who
is suspected of ordering espionage against Champion Motors (Israel);  
YES CFO Moriah Kathriel, suspected of ordering espionage against HOT,
its cable competitor; office equipment and photocopy company Hamafil
Services CEO Yoram Cohen, suspected of ordering espionage against its
rival Zilumatik Ltd.

Pele-Phone Communications security director Shay Raz has been arrested
for ordering industrial espionage against Ran Rahav Communications and
PR Ltd., one of whose accounts in Partner Communications Co. Ltd.  
(Nasdaq: PTNR; TASE:PTNR; LSE:PCCD). Cellcom Israel Ltd. security
director Ofer Reichman is suspected of ordering espionage against the
ad agency Reuveni-Pridan, which also handles the Partner account.

The most prominent private investigator detained is Lt.-Col. (res.)  
Zvi Krochmal, a former senior Military Police officer who was chief
investigator in the Rami Dotan affair (Dotan was the former head of
IDF procurement). Krochmal is suspected of uploading Trojan Horses in
targeted companies on behalf of his clients. Three investigators from
Krochmal's agency have also been arrested: Alex Weinstein, Yitzhak
Dekel, and Ofer Fried.

Another prominent private investigator who has been arrested is
Modi'in Ezrahi CEO Yitzhak Rath, suspected of the same offenses. Three
employees from his agency have also been arrested.

Eliezer Pelosoff and Avraham Balali of the Pelosoff-Balali
investigative agency have also been arrested.

Possible invasion at "Globes", too

The investigation is being conducted in cooperation with the British,
and German police forces, with the support of Interpol.

Tana Industries (known as Tami 4) is another company suspected of
ordering industrial espionage about competitor Eden Springs (Maayanot
Eden) (TASE:MEYD), but no arrests have yet been made.

The police also suspect that industrial espionage was ordered by a
local high tech company against "Globes".

Among the companies known to have been damaged by the industrial
espionage case so far: merged cable comany HOT, Strauss-Elite
(TASE:STEL), wireless communications company Orange, car importer
Champion Motors (Israel), advertising agencies Shalmor-Avnon-Amichay
Young & Rubicam, and Reuveni-Pridan, public relations firm Ran Rahav
Communications and PR Ltd., Eden Springs (Maayanot Eden), Shekem
Electric, ACE Marketing Chains (ACE Israel), Soglowek, the Malam
Group, and Zilumatik.

Unpleasant surprise for the Jackont family

The affair was uncovered in November 2004, when author-consultant and
former capital market player Amnon Jackont was shocked to discover
that details from a book he was writing had appeared on a website,
without him disclosing the material to anyone. Together with his wife,
Varda Raziel-Jackont, a marriage counselor, Jackont filed a complaint
with the police.

The police opened an investigation, eventually code-named "Horse
Races", and took Jackont's home computer for testing. The
investigation found that a Trojan Horse virus had been uploaded into
the computer, which was sending documents and pictures to FTP
file-storage servers in Israel and overseas. The virus was highly
sophisticated, enabling remote control of Jackont's computer.

The police investigation discovered that the virus had been uploaded
via e-mail. The police fraud squad computer unit used technological
aids to find the source of the virus, Michael Haephrati, 41, a former
high-tech expert and resident of Bat Yam, who currently splits his
time between the UK and Germany. Haephrati was arrested in London last
week. The police were not surprised to discover that Haephrati was the
ex-husband of Raziel-Jackont's daughter.

The Israeli investigators, in cooperation with Interpol, the London
Metropolitan Police, and the German Police, found dozens of FTP
servers in Israel and overseas, including the US. Haephrati is
suspected of transferring stolen material from other computers to
these FTP servers. The police realized the extent of the affair when
they examined some of the files.

Tailor-made Trojan Horse

It is suspected that the Trojan Horse virus was uploaded into the
computers of many commercial companies via e-mail or CD, sent as
business proposals to the recipients. Merely inserting the CD into a
computer was enough to upload the virus without the user's knowledge.  
The police say that this kind of CD had been found at many companies.

After obtaining a warrant, a more thorough investigation of the
documents found on the FTP servers revealed that Haephrati had
deliberately created the virus for three of Israel's largest private
investigator firms: Modi'in Ezrahi, Krochmal Special Investigations,
and Pelosoff-Balali.

At the same time as the arrests, the police raided the suspects' homes
and seized dozens of computers, tens of thousands of documents and
photocopies, which are presently being studied.

Most of the suspects are being accused of creating and distributing a
computer virus, penetrating computer material, wiretapping, criminal
conspiracy, aggravated fraud, and infringement of the Protection of
Privacy Law (5741-1981). The police emphasize that any direct
interception of computer files and documents is considered illegal

During the investigation, the police remembered that a few years ago,
the same suspects offered the police virus-based technology for
legitimate uses, but the technology was unsuited to the police's
requirements. The police had held intermittent negotiations lately,
during which they examined the software's applications.

The State Prosecutor and Tel Aviv District Prosecutor have accompanied
the investigation from the beginning, due to its complexity and
sensitivity. The police fraud squad had the help of the Israel Police
Tel Aviv district central unit, the Israel Police Investigation and
Intelligence Department, and computer investigators from all police

Israel Police National Fraud Unit head, Chief Superintendent Arie
Edelman, said the virus was unique because, "It not only penetrated
the computer and sent material to wherever you wanted, but it also
enabled you to completely control it, to change or erase files, for
example. It also enabled you to see what was being typed in real
time." He said the extent of those involved in the affair, and the
program's capabilities were "exceptional".

The police suspect that Haephrati adapted the virus for his clients'
needs. He charged his clients .2,000 (NIS 17,000) per computer per
month, including support.

Since the virus was adapted for each client's purposes, it was not
detected by information security systems. Edelman said, "This is not a
common software that anti-virus software makers have had to fix."

The police say that the virus had been used in Israel for at least the
past two years. One of the first things checked was whether it had
been used to uncover the internal correspondence of Channel 2
franchisee Tel-Ad Jerusalem Studios Ltd., published before the new
Channel 2 tender, allegedly in an attempt to harm the company's
chances in the tender. The answer was no.

Uniform denials

Hamafil Services chairman Yossi Zwillinger said today in response to
reports about the investigation, "In business dealings, the company
associates only with top-tier companies, where it is clear beyond any
doubt that matters are conducted honestly.

"We are sure, beyond a shadow of a doubt, in the professional
integrity and trustworthiness of CEO Yoram Cohen".

Cohen's attorney, Adv. Esther Bar-Zion said that the company's actions
were legal, and that Cohen had cooperated fully with his
interrogators, providing all evidence and documents they required.

"Hamafil's personnel had no reason to suspect that anything was being
done improperly or dishonestly," Bar-Zion said.

Mor's attorney, Adv. Giora Aderet, said that the Mayer Cars and Trucks
and Mor had acted completely within the law. He denied police
allegations that Mor should have known that the information being
supplied by Modiin Ezrachi was obtained through deceitful means.

"Mayer's personnel had no suspicions whatsoever that Modiin Ezrachi
operated unlawfully."

Mayer's Cars and Trucks owners Shachar and Kass stated that they were
sure, beyond all doubt, in Mor's outstanding professional and personal
integrity, and his uninvolvement in the affair.

Pele-Phone stated in response: "Pele-Phone and its workers have no
connection to the illegal obtaining of information. "The company and
its workers were surprised by the recent reports, and have cooperated
with the police in clarifying the facts in this affair."

The victims respond

PR man Rani Rahav said, "If it was up to me, the guilty would hang."

Partner stated in response, "We are shocked by the findings that are
being released. "We are sure that the Israel Police is making every
effort to discover the entities that acted to obtain the information,
and will uncover the truth."

Strauss-Elite stated, "We are examining the ramifications for us, as
much as possible. We thank the Israel Police for discovering this
affair. At this stage, matters speak for themselves, and we would
prefer not to respond any further."

HOT stated, "We are shocked by the investigation's findings, as
reported by the media, and are studying the details. We expect
competition between companies to be fierce and aggressive, but it
should be conducted according to a code of ethics, and by law, just as
HOT has done in the past, and will continue to do."

Ad man Rami Shalmor said, "It is disgraceful that company executives,
instead of creating real competition, take short-cuts and give in to
temptation, buying commercial material so as to win the market. This
is a norm that has got to stop. Competition should be fair."

Ad man Udi Pridan said, "At this stage, we are learning, together with
the police, what materials were stolen, and will act accordingly."

"Globes" editor-in-chief Haggai Golan said, "Obtaining confidential
information from the newspaper's computers does serious harm,
particularly to the newspaper's freedom of expression, and its
obligation to provide reliable information to its customers. We hope
that this was an isolated incident. "Globes" will continue to bring
its readers the best information possible."

More information about the ISN mailing list