14 DAY TRIAL // The use of a computer Trojan played a critical role in gathering intelligence regarding a now-destroyed secret nuclear reactor in Syria. The information-gathering program was planted by Mossad operatives on the laptop of a Syrian official while he was staying in London.
Journalists from the German publication Der Spiegel have recently published an article describing the events that led and followed Israel's bombing of the Syrian nuclear reactor at Al Kibar. According to them, Israel had reason to believe that Syria might be planning to launch a secret nuclear program even since 2002, but information was scarce at the time.
Their suspicions intensified in 2004 after United States' National Security Agency (NSA) informed them of an unusually high number of calls between Pyongyang, the capital of North Korea, and a region in the Syrian desert situated close to the Euphrates river. This place was called Al Kibar.
Then, in late 2006, Mossad operatives succeeded in obtaining more concrete evidence. Apparently, this was achieved by installing a professional trojan on the computer of a senior Syrian government official. The clandestine program was planted on his laptop left in a Kensington hotel room during a trip to London.
The trojan stole secret documents and images depicting the Al Kibar reactor in various stages of construction. It also captured photos of Chon Chibu, a leading North Korean nuclear scientist, together with Ibrahim Othman, the director of the Syrian Atomic Energy Commission. This intelligence gathering effort eventually led to "Operation Orchard," the bombing by Israeli fighter jets of the Al Kibar complex in September 2007.
There is no mention as to whether the information on this laptop was encrypted or not, but generally with such sensitive information, it is. However, it doesn't matter as this is a perfect example of a so-called "Evil Made" attack, a situation where the attacker can install a boot-level malware on an unattended device, which is then returned to the owner for use.
"People who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe," warns cryptography guru Bruce Schneier. "It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too," he explains.