Private eyes jailed in industrial espionage spyware case

April 29, 2008 Sophos Press Release

Spyware
The private investigation company used spyware to steal information from Israeli firms.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned businesses to be on their guard against agencies who offer them information on their competitors, following the jailing of a team of private investigators who used spyware to steal information on behalf of legitimate companies.

According to media reports, four members of the Israeli Modi'in Ezrahi private investigation firm have been sentenced after they were found guilty of using a Trojan horse to steal commercial information.

The Trojan horse was said to have been used by a number of different private investigation firms to spy on the Rani Rahav PR agency (whose clients include Israel's second biggest mobile phone operator, Partner Communications), and the HOT cable television group. Another alleged victim was Champion Motors, who import Audi and Volkswagen motor vehicles.

Asaf Zlotovsky, a manager at the Modi'in Ezrahi detective firm, was given a 19 month jail sentence. Two other employees, Haim Zissman and Ron Barhoum, were sent to prison for 18 and nine months respectively. The firm's former CEO, Yitzhak Rett, escaped a jail sentence after admitting the allegations under a plea bargain - he has been fined 250,000 Israeli Shekels (US $72,000) and will face 10 months on parole.

"It's understandable that firms would want information on what their business rivals are planning to do, and try to seek a competitive advantage over them. What isn't acceptable is to hire firms that will use illegal methods, such as computer spyware, to gather that information," said Graham Cluley, senior technology consultant at Sophos. "Firms need to be very careful about the third parties they hire to help them grow their business, and seek assurances that their partners will not be behaving unethically or illegally. If they do not, the consequences could not only be a swathe of bad publicity but also a spell in prison."

London-based Michael Haephrati, who honed his computer skills during three years' military service in the Israeli army, developed the spyware Trojan horse, while his wife, Ruth, marketed it to several private investigation firms who bought the code and installed it onto the computers of its clients' rivals. The Haephratis were fined and sentenced to jail by an Israeli court for their involvement in the case in 2006.

"Regular cybercriminals may be attempting to steal your employees' credit card details, but spyware can also be used for corporate espionage designed to steal your business plans and customer databases," explained Cluley. "Firms should be on their guard and have proper defenses in place to avoid falling foul of this kind of attack."

Sophos recommends all computer users protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.