Watch Live: The Washington Ideas Forum 2014

Did the Bounds of Cyber War Just Expand to Banks and Neutral States?

A new virus called Gauss, the apparent successor to Stuxnet and Flame, seems to target Lebanon's Swiss-like financial sector.

zzzzzzFlame aricle.jpg
A computer analyzes the code in Flame, a viral predecessor to Gauss. (AP)

Last week the Russian security research group Kaspersky Labs announced they had found a new computer virus infecting thousands of computers in the Middle East. Called "Gauss," after a filename found in its codebase, the malware can capture information about the infected computer, including Internet browsing histories, user login details, and system configuration details. The existence of Gauss suggests that countries may be using cyber warfare for more than just countering imminent threats, and that, with the rules of digital engagement so ambiguous, there's little to restrain or guide cyberwar's development.

Kaspersky Labs was blunt: Gauss, it says, is likely a "nation-state sponsored banking Trojan" built by the same programmers behind Stuxnet and Flame, the recent, sophisticated digital pathogens often speculated as designed by the United States and Israel. However, unlike these viruses, which both targeted Iran, Gauss appears to have a very different target: the banking system of Lebanon.

Gauss is the latest in a line of massive malware attacks, and much like its predecessors, it appears to be so complex and sophisticated that it's assumed to have been built by a sovereign state. Gauss uses the same platform as Flame, a "cyber espionage" program that was found in a number of locations in Iran in early 2012 and was capable of comprehensive surveillance of infected computers. Flame itself bore a strong family resemblance to Stuxnet, a 2010 virus that targeted the Iranian nuclear research program.

Like Flame, Gauss transmits detailed records of user activity back to its central command. Like Stuxnet, it carries a special encrypted "payload" that targets machines that carry specific system configurations. Stuxnet's payload would identify and disable nuclear research systems, but the encryption for the Gauss payload has not yet been broken, and its purpose remains unknown.

However, unlike Flame and Stuxnet, which targeted a rogue state's government networks, Gauss goes after the commercial sector in a country that has normalized relations with the United States. Out of more than 2,500 identified instances of Gauss, nearly two-thirds of have been found in Lebanon. And, unlike the broad spying capacity of Flame, Gauss seems designed for the narrow purpose of capturing transaction data from financial institutions and digital payment providers; specifically, Lebanese banks Fransabank, Bank of Beirut, BLOM, Credit Libanais, Byblos Bank, and EBLF, as well as siphoning data from PayPal and Citibank.

Why Lebanon? Why banks? Stealing financial transaction data is traditionally the province of, say, shadowy underground criminal gangs. Lebanon is a small country better known for its vibrant nightlife and perpetual domestic volatility. Neither its banking sector nor the state itself are obvious targets for the U.S. or Israeli ntelligence services, which, though they haven't been connected to Gauss, are the only groups with both the know-how and, if they truly were behind Stuxnet and Flame, the track record.

However, Lebanon's size belies its importance as a regional entrepôt and banking haven; its cosmopolitan libertarianism, along with old-world discretion, have long made the country a popular choice for foreign depositors of all profiles and persuasions. Think of it as something like the Switzerland of the modern Middle East. More than 60 banks manage nearly $120 billion in private deposits in a country of 4.3 million people, and account for roughly 35 percent of the country's economic activity.

These are not mere corner retail banks serving up loans, mortgages, and checking accounts to Lebanese citizens. They are among the most private banks in the world, bound by genteel conventions of secrecy long since abandoned elsewhere. Since 1956, domestic and foreign banks operating in Lebanon have been legally required to protect the names and assets of their clients from all inquiring authorities.

Presented by

Katherine Maher, a Middle East policy fellow at the digital rights organization Access, is also a fellow at the Truman National Security Project.

Things Not to Say to a Pregnant Woman

You don't have to tell her how big she is. You don't need to touch her belly.

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register.

blog comments powered by Disqus

Video

Things Not to Say to a Pregnant Woman

You don't have to tell her how big she is. You don't need to touch her belly.

Video

Maine's Underground Street Art

"Graffiti is the farthest thing from anarchy."

Video

The Joy of Running in a Beautiful Place

A love letter to California's Marin Headlands

Video

'I Didn't Even Know What I Was Going Through'

A 17-year-old describes his struggles with depression.

Video

Google Street View, Transformed Into a Tiny Planet

A 360-degree tour of our world, made entirely from Google's panoramas

Video

The Farmer Who Won't Quit

A filmmaker returns to his hometown to profile the patriarch of a family farm

Video

Riding Unicycles in a Cave

"If you fall down and break your leg, there's no way out."

Video

Carrot: A Pitch-Perfect Satire of Tech

"It's not just a vegetable. It's what a vegetable should be."

More in Global

Just In