Cybercriminals have been doing it for years: developing viruses that enable them to steal bank account login information. But now, it appears a nation-state is using the technique for classic espionage purposes.
Kaspersky Lab, a Moscow-based computer security firm, reported this week that it had discovered a new state-sponsored virus infecting computers in the Middle East. Kaspersky researchers dubbed the virus "Gauss" and said it appeared to have been designed to target several large banks in Lebanon.
"We have never seen any malware target such a specific range of banks," Kaspersky's director of global research, Costin Raiu, told The New York Times.
The Kaspersky researchers say the Gauss virus appears to have been developed by the same programmers who built the Flame virus, which in turn shared some features with the Stuxnet virus, deployed against Iranian nuclear installations.
Kaspersky did not say which nation-state it suspected of developing the Gauss virus, but some officials have privately hinted that the United States and Israel developed the Flame and Stuxnet viruses.
If the Gauss virus was developed to gather inside information on Lebanese banks, it would be consistent with a U.S. desire to monitor financial transactions carried out by the Lebanon-based Hezbollah organization.
Bilal Saab, a Lebanon expert at the Monterey Institute of International Studies, notes that Hezbollah's ties to the regimes in Syria and Iran have only heightened U.S. officials' interest in Lebanese banks.
"They want to see if there's money-laundering in these banks," Saab says, "whether Hezbollah is using them, or perhaps even the Syrian government or the Iranian government to sustain their operations."
The United States maintains normal relations with Lebanon, but Saab points out that U.S. intelligence agencies may still want to gather information on Lebanese banking operations through clandestine means.
"Keep in mind that Lebanon has a banking secrecy law, which means you cannot really obtain any information about accounts in Lebanon," Saab says. "That may give an indication, if [the Americans] are actually involved behind [Gauss], why they may have felt a need to come up with this virus."
If the Kaspersky Lab report is accurate, it would suggest that countries, notably the United States, are already using sophisticated cybertools to spy on and possibly even attack other countries.
But the intrigue doesn't stop there. Stuxnet, Flame and now Gauss have all been "outed" by the Kaspersky Lab in Moscow, founded by Eugene Kaspersky, who has ties to the Russian government.
"He's a graduate of the KGB's cryptological academy," says Noah Shachtman, who profiled Kaspersky in a recent edition of Wired magazine. "He was an intelligence officer in the Soviet military, and then got out of the military and started a business with his former KGB professor."
A suggestion that the U.S. is waging cyberwar could serve the political interests of U.S. adversaries because the United States would more likely be seen as an aggressor in cyberspace.
"We're in a new era where code has become geopolitics," Shachtman says. "These nation-state, online espionage operations [are not] just nuisances or things that happen quietly on some government official's computer. [They have] become a major focus of international relations, international strategy and international power struggles."
In any case, the United States and its allies have been put on the defensive. Neither the Defense Department nor the Treasury Department is commenting on the revelations about the Gauss virus.