'Complete takeover':Israel unleashed one of the world's most sophisticated cyber weapons on the Iran talks

Iran talks kerryREUTERS/Ruben SprichU.S. Secretary of State John Kerry looks out of his room at the Beau Rivage Palace Hotel during a break during the Iran nuclear program talks in Lausanne April 1, 2015. Six world powers and Iran met again on Wednesday in a bid to reach a preliminary accord on reining in Tehran’s nuclear programme, after failing to agree crucial details such as the lifting of U.N. sanctions by a midnight deadline.

The computers in three luxury hotels that hosted high-stakes negotiations on Iran’s nuclear program were infected with an improved version of one of the world’s most powerful computer viruses, The Wall Street Journal reports.

The discovery of the Duqu virus — a collection of malware used primarily for sensitive intelligence-collection operations — by cybersecurity firm Kaspersky Lab ZAO provides the first solid evidence that Israel had in fact been spying on the talks, a suspicion that was first reported in March 2014.

Kaspersky has not officially named Israel as the source of the attack. But the uncovered virus “was so complex and borrowed so heavily from Duqu that it ‘could not have been created by anyone without access to the original Duqu source code,” according to the Journal and Kaspersky’s report.

Duqu — and malware linked to it — has been used by Israel to spy on Iran in the past, copying blueprints of Iran’s nuclear program. The malware has a variety of functions to suck up information.

“Since Duqu uses root capabilities and exploits vulnerabilities that allows for an elevation of privileges, Duqu can be used to install other code that can keystroke log, record conversations, record video, extract files, track any activity that occurs on the infected Windows PC or laptop,” Jeff Bardin, chief intelligence officer of Treadstone 71, told Business Insider. “This includes the capturing of user ids, passwords, and sensitive files.”

In 2012, Kasperskpy told The New York Times that that it believed that Duqu was created by the same state-sponsored program as the Stuxnet and Flame viruses, which also targeted Iran’s nuclear program.

Stuxnet, a joint U.S.-Israel project, is known for reportedly destroying roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control. Flame is a massive program that leaves a backdoor (i.e. Trojan) on computers through which it sucks information from networks by actions Bardin described as functions of Duqu.

“Once the [Duqu] code is installed, most anti-virus software cannot detect or remove this malware,” Bardin said. “Duqu allows for the complete takeover of the target Windows devices.”

Kerry zarifREUTERS/Ronald Zak/PoolU.S. Secretary of State John Kerry (L) and Iranian Foreign Minister Javad Zarif (R) are pictured before a meeting in Vienna November 23, 2014. Iran, the United States and other world powers are all but certain to miss Monday’s deadline for negotiations to resolve a 12-year stand-off over Tehran’s atomic ambitions, forcing them to seek an extension, sources say. The talks in Vienna could lead to a transformation of the Middle East, open the door to ending economic sanctions on Iran and start to bring a nation of 76 million people in from the cold after decades of hostility with the West.

After intercepting communications between Israeli officials early last year, the White House suspected that Israel had been spying on the negotiations to gather sensitive information that it could then reveal to Congress in the hopes of sinking the deal.

The administration did not elaborate on the tactics used, however, saying only that Israeli officials couldn’t have possibly known certain details surrounding the talks without actually being in the room.

Kaspersky researchers were alerted to Duqu’s resurgence after detecting the virus in their own system earlier this year — it had been there, Kaspersky believes, for at least six months.

The FBI is investigating Kaspersky’s claims, according to the Journal. The firm has declined to name the three European hotels that were targeted.

Nuclear talks were held at the Beau-Rivage Palace in Lausanne, Switzerland, the Intercontinental in Geneva, the Palais Coburg in Vienna, the Hotel President Wilson in Geneva, the Hotel Bayerischer Hof in Munich and Royal Plaza Montreux in Montreux, Switzerland.

NOW WATCH: Why Putin is the most powerful man in the world

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.