Meet Gauss, the Latest Weapon in the Unfolding U.S.-Israeli Cyberwar
To the steadily growing list of digital weapons that appear to have been jointly created by the combined resources of the U.S. and Israel, we can now add another. The researchers at Russia-based Kasperky Labs who discovered it have christened it Gauss, and say it is aimed at pinching the pocketbooks of its intended targets, whoever they may be, by stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal.
It’s complicated, but not difficult, to surmise the nature, if not the names, of the targets of this latest state-sponsored malware campaign: Of the 2,500-odd infections that Kasperky’s researchers have counted so far, 1,660 — more than two thirds of them — have occurred in Lebanon. The software is designed to intercept data intended for use with accounts at the Bank of Beirut, Byblos Bank, Fransabank, all of which are either based, or which have significant operations in Lebanon.
Gauss, they say, bears a lot of the same markers as Stuxnet, Duqu, and Flame, which all predated it. It is the latest evidence that the U.S. is participating in a covert, undeclared campaign of computer warfare against parties unknown and of uncertain intent.
Anyone who reads the news of the world can guess at Gauss’s purpose. The prospect of a shooting war with Iran involving the U.S. and Israel in some combination is never far from the minds of anyone in that region these days, as that country continues to develop its capacity to produce materials that might be used in nuclear weapons.
Lebanon is the home base of Hezbollah, a militant and terrorist group that is backed financially by both Iran and Syria, and which even has a political arm that has seats in the current Lebanese government. If there is to be a war with Iran, it follows that Hezbollah would act as an Iranian proxy, and would probably serve as Iran’s offensive arm, launching missile and other attacks against Israel. Naturally, intelligence about the movements of money in that country might be useful information. It might also be useful to drain certain accounts of funds as a way of slowing down operations. You can’t shoot guns and missiles if you can’t buy them first.
Another purpose might also have to do with the efforts to undermine the regime of president Bashar al-Assad in neighboring Syria. For years, Syria essentially occupied Lebanon, and it continues to have a significant interest in the country.
Naturally, there’s a potential for unintended consequences. Attacking the banking services and infrastructure of one country invites a response. And few things give people more pause than the thought that their banking information might be compromised, altered or even wiped out. Imagine going to an ATM tomorrow and seeing a negative balance where you expected plentiful cash.
There is one bit of encouraging news in this: It seems the cyber-warriors are learning from their mistakes. Having watched as Stuxnet was first detected and then de-constructed by the global community of computer security researchers, Gauss’ meatier functions have been carefully and shielded by a cloak of strong encryption. When it encounters a computer of a specific type and configuration, then and only then do those parts decrypt themselves. Stuxnet did something similar, and it was later discovered to be aimed at a specific combination of systems thought to be used in Iran.
Stuxnet was difficult and expensive to create, and as such never intended to be seen in the wild. When it did leak into public view, researchers working for both the good guys and bad guys tore it apart in order to learn as much as they could from it. This time, the most sensitive parts of the weapon — for that is what it is — have been locked up relatively tightly in hope that the bad guys learn less this time around. For people like me who wring their hands over the implications of all this, that has to count as progress.