Was Flame's Gauss Malware Used To Uncover Hezbollah Money Laundering via Lebanese Banks?

Today, Kaspersky announced that it had discovered yet another nation-state sponsored piece of malware that's closely related to Flame (aka Flamer, SkyWiper) called Gauss which targets Lebanese banks:

Gauss is a project developed in 2011-2012 along the same lines as the Flame project. The malware has been actively distributed in the Middle East for at least the past 10 months. The largest number of Gauss infections has been recorded in Lebanon, in contrast to Flame, which spread primarily in Iran.
Functionally, Gauss is designed to collect as much information about infected systems as possible, as well as to steal credentials for various banking systems and social network, email and IM accounts. The Gauss code includes commands to intercept data required to work with several Lebanese banks – for instance, Bank of Beirut, Byblos Bank, and Fransabank.

On December 13, 2011, the New York Times published an article on the Obama Administration's claim that Lebanese banks were engaging in money laundering services for Hezbollah. The investigation led to the take down of the Lebanese Canadian Bank and it was at least six years old according to the Times article.

On June 27, 2012, the U.S. Treasury Dept designated four individuals under the Kingpin act for laundering money through Lebanese banks.

There's no question that Lebanon's banking system has been a target of the U.S. government for several years and apparently for good reason. I can easily imagine someone in the IC suggesting that an espionage platform (Flame) which has worked well for many years against Iran be tweaked to help conduct intelligence on alleged money laundering by drug cartels and terrorists via Lebanon's banks. 

Mr. Makram Sadr, the Secretary General of Lebanon's Banks, said on July 4, 2012 that the U.S. Treasury Dept has failed to produce any evidence that Lebanese banks are involved in such activities.


  1. Given that Hizballah is a member of the Lebanese government. this qualifies as espionage on the part of the US.

    Equally likely is Israel, since Israel runs espionage operations in Lebanon against Hizballah - and frequently unsuccessfully as Hibzallah is very good at detecting Israeli agents.

    Also, there is no clear evidence of Hizballah being involved in "terrorist" operations outside of its conflict with Israel. Almost all the cases cited are either in Lebanon during the Israeli occupation and the US military intervention there or are probably bogus attributions done by other parties, e.g., the recent Bulgaria bus attack which has all the earmarks of an Israeli "false flag" operation according to many intelligence analysts.

    It is clear to many observers that Israel and the US are "ginning up" another bogus case for an attack on Syria and Lebanon in the near future. This is why the US has just recently imposed more sanctions on Hizballah, as well putting out propaganda about potential Hizballah "terrorist" operations outside of Lebanon, and propaganda about Hizballah getting "chemical weapons" from Syria.

    The Gauss malware is clearly part of the planning for this upcoming new Middle East war.

    All of this is necessary before Israel and the US can attack Iran over an equally bogus "nuclear weapons program." Israel cannot afford to attack Iran as long as Syria and Hizballah have missile arsenals which might be brought into play in concert with Iranian missiles. Therefore both Syria and Hizballah arsenals need to be degraded, which is the sole reason for the current Syrian crisis.


Post a Comment