Lebanese banks infected by 'Gauss' virus

Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais among those targeted by espionage tool

(Image for illustrative purposes)

(Image for illustrative purposes)

Several Lebanese banks were targeted by a sophisticated new virus capable of stealing financial data, researchers say, with evidence suggesting the cyber attack may have been state-backed.

According to Kasperky Lab, which discovered the attack it dubbed ‘Gauss’, the virus was based on the same platform as Stuxnet, a cyber weapon that attacked Iranian nuclear infrastructure in 2010, and cyber espionage tools Duqu and Flame.

“We’re talking here about Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais - most of them are banks that are based in Lebanon,” Stefan Tanase, a senior security researcher for Kaspersky Lab based in Moscow, told Arabian Business.

He added that systems belonging to Citibank and online payments firm Paypal had also been infected.

Tanase said that the virus, which is spread via USB drives, was designed to monitor financial transactions and emails and had so far infected around 1,600 computers in the Levant country. He said that researchers had so far not seen evidence to suggest other machines in other countries in the region had been infected.

“The likely case is that [the attacker] is monitoring transaction flows to gather intelligence about their victims,” Tanase said, adding that the virus could be used by “a nation state operation that is financing itself by stealing money from the victims,” but he thought this was unlikely.

Kaspersky Lab refused to speculate on who might be behind the attack, but said that the complexity of Gauss’s code and its shared characteristics with Stuxnet, Duqu and Flame strongly suggested the attack was state-sponsored.

Tanase said that Gauss contained a heavily encrypted payload which would only be triggered when the virus infected a specific machine.

Stuxnet, which also spread via USB drives, had a similarly encrypted module that was only triggered when it infected centrifuges at Iran’s uranium enrichment facility in Natanz. Stuxnet was designed to cause nuclear centrifuges to spin out of control and eventually break, but the plant’s operators discovered the attack before this could occur.

Kasperky Lab’s Tanase said that the security firm had seen the type of encryption used in Gauss before and was hopeful that the company could decrypt the mystery module within a few weeks.

Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais, Citigroup and Paypal did not immediately response to Arabian Business's request for comment.

Join the Discussion

Disclaimer:The view expressed here by our readers are not necessarily shared by Arabian Business, its employees, sponsors or its advertisers.

NOTE: Comments posted on arabianbusiness.com may be printed in the magazine Arabian Business

Please post responsibly. Commenter Rules

Posted by: socalmonk

Kaspersky Labs may have declined to speculate openly about which state or states might be the origin of this new cyber attack, but I have no doubts, and will be more than happy to call out Israel and the United States, the two nations already most responsible for the instability that plagues the Middle East. Had another nation done this to Israel or the U.S. it would be cause for military action. This cyber-warfare against non-aligned nations has got to stop.

All comments are subject to approval before appearing

Further reading

Features & Analysis
Why the Qatar hacking incident has revived Gulf tensions

Why the Qatar hacking incident has revived Gulf tensions

Analysts say the incident was far more than a security breach...

The cost of cloud seeding in the UAE

The cost of cloud seeding in the UAE

As the country ramps up efforts to increase artificial rainfall...

Inside Google's brave new world

Inside Google's brave new world

The $500bn technology giant is extending its reach into hardware...

Most Discussed