Sophisticated spyware believed linked to Israel infected computers at luxury hotels used as venues for nuclear negotiations with Iran, a Russian cybersecurity firm said Wednesday, but the extent of any possible data breach was not immediately known.
Moscow-based Kaspersky Lab did not specifically identify Israel as the mastermind behind the complex — almost undetectable — virus it stumbled across in early spring during a routine test.
But Eugene Kaspersky, chairman of the company, told a news conference in Moscow that it was most likely “state-sponsored malware” whose stealth and data-grabbing technology he described in Hollywood movie terms: “Kind of a mix of ‘Alien,’ ‘Terminator’ and ‘Predator.’ ”
The apparent attempt at cyberspying on the high-level talks marks another escalation in the widening world of Internet espionage that has governments and militaries spending huge amounts on spyware and countermeasures.
Kaspersky said the attempted intrusion bore all the markings of an improved version of the Duqu malware, which was first identified in 2011 and is believed to be related to the Stuxnet computer worm. In 2010, Stuxnet infiltrated the systems at Iran’s uranium-enrichment sites and caused significant setbacks.
At the time, Iran blamed Israel — and, by extension, its ally the United States — for the Stuxnet virus.
While no definitive origins have been established, many Internet security experts in the past have said Duqu appears to have been developed and deployed by Israel. Stuxnet was the work of U.S. and Israeli experts, current and former U.S. officials have said.
Kaspersky estimated the spyware’s development cost to be at least $10 million, effectively ruling out an amateur hacker.
Duqu is a remote-access Trojan virus that collects information, which could be used for intelligence or to probe further weaknesses in computer defenses. It is unclear, however, what data — if any — was obtained by the spyware.
“We don’t know if the attackers were successful,” said Kaspersky principal security researcher Kurt Baumgartner in an e-mail response to The Washington Post. “What we know is that they have successfully deployed their platform there and were able to attack.”
In Washington, State Department spokesman Jeff Rathke declined to comment on the Russian company’s report. He noted, however, that U.S. envoys take precautions to “ensure confidential and classified negotiating details stay behind closed doors.”
There was no immediate comment on the report from Iran or other nations involved in the nuclear talks: the permanent U.N. Security Council members and Germany. There also was no reaction from Israel, which has never confirmed or denied suspicions that it is linked to Stuxnet and other malware.
Israeli Prime Minister Benjamin Netanyahu has lobbied hard against the potential nuclear deal, which is running up against a June 30 deadline.
The latest negotiations have been held in a string of five-star hotels in Switzerland, Vienna and Oman. Kaspersky did not identify the hotel systems that were hacked or the extent of the possible security breaches.
Earlier this year, U.S. officials said Israel appeared to be spying on the nuclear talks and using the intelligence it gathered to try to undermine the negotiations. Although Israel denied spying on the talks, the suspicion caused the State Department to publicly acknowledge that it was not sharing all the details of the closed-door talks with its close ally.
Kaspersky said the people behind the malware did not appear to be interested in corporate or financial data. Instead, he said, they probed new security software for detecting viruses.
Although the virus went undetected for months, Kaspersky was scornful of the hackers — who also tried to penetrate the Kaspersky network using the same virus.
“It’s stupid to attack an Internet security company,” he said. “Sooner or later, we find it, anyway.”