[33803] in bugtraq
OT: reports of a Trojan horse in the Arrow project
daemon@ATHENA.MIT.EDU (Gadi Evron)
Wed Feb 18 13:15:48 2004
Message-ID: <40317BE6.5080309@egotistical.reprehensible.net>
Date: Tue, 17 Feb 2004 04:26:46 +0200
From: Gadi Evron <ge@egotistical.reprehensible.net>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Cc: full-disclosure@lists.netsys.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
The Arrow is a counter-ballistic missiles project run by Israel.
There have been reports the past couple of days about a Trojan horse in
the code, inserted by Egypt. As one of the Israelis on the list I feel
obligated to provide with some facts. It's an interesting story in any case.
You can find the Hebrew URL at:
http://www.maariv.co.il/channels/1/ART/648/326.html.
I am willing to translate it if anyone is really interested.
Here are some facts:
Some MOTIF code that was done by IBM Israel was being debugged in the
Cairo (Egypt) office. The IDF has not commented on this and IBM claims
that no restricted code was shared.
Some reports claim Egypt inserted a Trojan horse into that code, I've
seen no facts that verify that, so I doubt it for now. I'll post more
information as it becomes available.
That's all there is to it as far as facts go right now. Some code was
being debugged in the Egypt office and that's about it. This fact raises
the concern for such a Trojan horse existing, but there is a long way to
go from such concerns to actual facts.
It is clearly a security fluke on Israel's side that such a
relationship, on any level, existed, but no biggie.
What Trojan horse? Talk about hype. I'll see if I can find out some more
facts.
This comes to show once again how security is not only about firewalls
and IDS systems. Controlling who has access to what and how information
is managed is just as if not more important.
Gadi Evron.
