Israel implicated in nuclear spy attack

Israel has closely followed the talks over Iran's nuclear ambitions, with Prime Minister Benjamin Netanyahu denouncing a possible agreement as a "historic mistake". Photo / AP

An ambitious attempt to spy on foreign ministers as they negotiated over Iran's nuclear programme came to light yesterday when a cyber security firm uncovered new malware called "Duqu 2".

The company which found the highly sophisticated virus, Kaspersky Lab, said that only a state could have been responsible for its development - but declined to name the country involved. However, Kaspersky disclosed enough evidence to implicate Israeli intelligence. Israel has closely followed the talks over Iran's nuclear ambitions, with Benjamin Netanyahu, the Prime Minister, denouncing a possible agreement as a "historic mistake".

Last year, Kaspersky's own systems were infected with Duqu 2, perhaps to discover how to penetrate cyber defences. When the company tried to establish who else had been targeted, it discovered that three luxury hotels in Europe had been singled out.

The hotels had one thing in common: each had hosted nuclear negotiations between John Kerry, the US secretary of state, and his Iranian counterpart, Mohammad Javad Zarif. In every case, the malware had been infiltrated into the relevant hotel systems a few weeks before the meetings between Zarif and Kerry. These vital negotiations are designed to resolve the confrontation over Iran's nuclear ambitions by a deadline of June 30. The talks also include ministers from the "P5 plus 1" group of countries, consisting of the Security Council's five permanent members plus Germany.

But those outside the meetings - particularly Israel - are anxious to gain an insight into their progress.

Kaspersky described Duqu 2 as a "generation ahead of anything we'd seen". Once infiltrated into a hotel's systems, Duqu 2 could have penetrated communications, including the Wi-Fi network. The operators could have ransacked the hotel records to discover the room numbers of important guests, downloaded video feeds from surveillance cameras or sound files recorded by any microphones in the lifts.

The "infections are linked to the P5 plus 1 events and venues related to the negotiations with Iran about a nuclear deal," said Kaspersky's report.

As for who might be responsible, the company declined to point the finger, beyond saying that a "government" was behind Duqu 2.

An earlier version of this malware, known simply as Duqu, was discovered in 2011. At the time, Kaspersky noted the attackers were working according to a pattern that coincided with the working week in Israel.