the latest in a line of massive malware attacks, and much like its
predecessors, it appears to be so complex and sophisticated that it's assumed
to have been built by a sovereign state. Gauss uses the same platform as Flame,
a "cyber espionage" program that was found in a number of locations in Iran in
early 2012 and was capable of comprehensive surveillance of infected computers.
Flame itself bore a strong family resemblance to Stuxnet, a 2010 virus that targeted
the Iranian nuclear research program.
Flame, Gauss transmits detailed records of user activity back to its central
command. Like Stuxnet, it carries a special encrypted "payload" that targets
machines that carry specific system configurations. Stuxnet's payload would identify
and disable nuclear research systems, but the encryption for the Gauss payload has
not yet been broken, and its purpose remains unknown.
unlike Flame and Stuxnet, which targeted a rogue state's government networks, Gauss
goes after the commercial sector in a country that has normalized relations
with the United States. Out of more than 2,500 identified instances of Gauss,
nearly two-thirds of have been found in Lebanon. And, unlike the broad spying capacity
of Flame, Gauss seems designed for the narrow purpose of capturing transaction
data from financial institutions and digital payment providers; specifically,
Lebanese banks Fransabank, Bank of Beirut, BLOM, Credit Libanais, Byblos Bank,
and EBLF, as well as siphoning data from PayPal and Citibank.
Lebanon? Why banks? Stealing financial transaction data is traditionally the
province of, say, shadowy underground criminal gangs. Lebanon is a small
country better known for its vibrant nightlife and perpetual domestic
volatility. Neither its banking sector nor the state itself are obvious targets
for the U.S. or Israeli ntelligence services, which,
though they haven't been connected to Gauss, are the only groups with both the
know-how and, if they truly were behind Stuxnet and Flame, the track record.
Lebanon's size belies its importance as a regional entrepôt and banking haven; its cosmopolitan
libertarianism, along with old-world discretion, have long made the country a
popular choice for foreign depositors of all profiles and persuasions. Think of
it as something like the Switzerland of the modern Middle East. More than 60
banks manage nearly
$120 billion in private deposits in a country of 4.3 million people, and
account for roughly 35 percent of the country's economic activity.
are not mere corner retail banks serving up loans, mortgages, and checking
accounts to Lebanese citizens. They are among the most private banks in the
world, bound by genteel conventions of secrecy long since abandoned elsewhere.
Since 1956, domestic and foreign banks operating in Lebanon have been legally
required to protect the names and assets of their clients from all inquiring