Swiss investigators drop nuclear talks malware spying case

Investigators have decided to drop an investigation into malware found in a hotel in Geneva after they failed to establish who was behind it

Prosecutors found spying malware on computers but case gets closed
Prosecutors found spying malware on computers but case gets closed

Swiss prosecutors have revealed that computer as a hotel in Geneva used to host nuclear talks with ran were infected with malware, but the case has been dropped after they failed to establish who was behind the attacks.

The hotel in question, thought to be Hotel President Wilson was raided on 12 May 2015 after the Swiss state prosecutor's office, OAD, launched an investigation over alleged foreign intelligence services operating in the country. The hotel held talks on Iran's nuclear activities.

“Investigations revealed that a significant number of computers (servers and clients) at a hotel in Geneva had been infected with a form of malware,” the state prosecutor said in a statement to the press. “This malware was developed for the purposes of espionage and is basically used to gather data from the computers infected.”

Investigators said that they had failed to come up with “evidence as to the identity of the perpetrators," and that “accordingly, although there is evidence of criminal activity, it cannot be attributed to specific persons.”

A spokesman for the Swiss state prosecutor, told the Neue Zürcher Zeitung newspaper that investigations could be restarted should new evidence arise.

Meanwhile Austrian prosecutors were continuing their own investigations related to later talks over Iran that successfully concluded last year. Prosecutors there are investigation a couple of crimes, namely the misuse of audio recording and listening devices, and secret intelligence service activity to the detriment of Austria by persons unknown, according to reports from Reuters.

Tony Rowan, solution architect director at SentinelOne told SCMagazineUK.com that there is an assumption that this is a nation state action but there are others who have the motivation to intercept communications and documentation relating to the Iran nuclear talks.

“Regardless of the attribution, a hotel chain can only be expected to provide a reasonable level of protection. If the talks were supposed to be secret, a commercial hotel doesn't strike me as the best choice,” he said.

“Continuous vigilance, monitoring for unusual activity and hunting for attackers on internal systems is the best practise for discovering nation-state level attackers.”

He added that as long as there is an advantage to be gained, “there will be someone ready to steal information and especially when that can be achieved with little or no risk to the perpetrator”.


Sign up to our newsletters