So, it wasn't the IT people who busted this hacker, but the police. Good for the police, but bad for the IT folks. They better look at their practices. Some highlights of the article:
The companies suspected of commissioning the espionage, which was carried out by planting Trojan horse software in their competitors' computers, include the satellite television company Yes, which is suspected of spying on cable television company HOT; cell-phone companies Pelephone and Cellcom, suspected of spying on their mutual rival Partner; and Mayer, which imports Volvos and Hondas to Israel and is suspected of spying on Champion Motors, importer of Audis and Volkswagens. Spy programs were also located in the computers of major companies such as Strauss-Elite, Shekem Electric and the business daily Globes.
"The program was essentially customized for each and every one of the `victims' that the PI agencies wanted to attack," said Chief Inspector Nir Nativ, one of the officers who investigated the case. "Haephrati adapted the software to penetrate a specific company, at the request of the PI agency's client."
Haephrati used two methods to plant his malicious software (or malware) in the target computers. One was to send it via e-mail. The other was to send a disk to the target company that purported to contain a business proposal from a well-known company that would arouse no suspicions. Then, when an employee loaded the disk to view the proposal, the Trojan horse would infect his computer.
Nativ explained that even anti-virus programs cannot detect Haephrati's malware, because each is unique. Moreover, the Trojan horses were generally unwittingly introduced by company employees who inserted the infected disks, rather than "attacking" from outside, making detection even more difficult.
Police believe that industrial espionage using Haephrati's programs has been going on for at least a year and a half.
Police said that they are not yet able to quantify the economic damage suffered by the victims, but it appears to have been considerable - thanks both to the program's capabilities and to the sheer number of companies involved.
Police eventually obtained court orders to access several FTP servers based in Israel and the United States, and then discovered tens of thousands of documents stored there that belonged to major Israeli companies, including many files labeled "internal" and "secret."
This sort of thing - with internal users introducing the Trojan - is going to be discovered more and more often. We're going to find that criminal enterprises are the ones behind it as well and not just competitors or hackers with an axe to grind.