|
THE NEW THREAT: A MASSIVE CYBER ATTACK
MANUEL CEREIJO
NOVEMBER 2002
PREAMBLE
One of the most publicized threats to
security is the intruder. The other is
viruses. Intruders attempt to read
privileged data, perform unauthorized
modifications to data, or disrupt systems.
High level intruders use sophisticated
technology to intrude and have aa
willingness to spend countless hours
“turning knobs” to probe for weaknesses.
However, the main concern at this moment, in
my opinion, are viruses and related threats.
For which Cuba has been getting ready since
1991. ( Partially unclassified CIA
document). We will analyze the spectrum of
cyber threats from
Cuba
and other terrorist governments.
SOFTWARE
We are concerned with application programs
as well as utility programs, such as editors
and compilers.
MALICIOUS PROGRAMS
These threats can be divided into two
categories: those that need a host program,
and those that are independent. We can also
differentiate between those software threats
that do not replicate and those that do.
The former are fragments of programs that
are to be activated when the host program is
invoked to perform a specific function. The
latter consist of either a program fragment
(virus) or an independent program ( worm,
bacterium) that, when executed, may produce
one or more copies of itself to be activated
later on the same system or some other
system.
TRAP DOORS
A trap door is a secret entry into a
program that allows someone that is aware of
the trap door to gain access without going
through the usual security access
procedures. Trap doors have been used
legitimately for years by programmers to
debug and test programs.
The trap door was the basic idea for the
vulnerability portrayed in the movie War
Games.. Another example is that during the
development of Multics, penetration tests
were conducted by an Air Force “tiger
team”(simulating adversaries). One tactic
employed was to send a bogus operating
system update to a site running Multics.
The update contained a Trojan horse that
could be activated by a trap door and that
allowed the tiger team to gain access.
LOGIC BOMBS
One of the oldest types of program threat,
predating viruses and worms, is the logic
bomb. The logic bomb is code embedded in
some legitimate program that is set to
“explode” when certain conditions are met.
Examples of conditions that can be used as
triggers for a logic bomb are the presence
or absence of certain files, a particular
day of the week, or date, or a particular
user running the application.
Once triggered, a bomb may alter or delete
data or entire files, cause a machine halt,
or do some other damage.
D. TROJAN HORSES
A Trojan horse is a useful, or apparently
useful, program or command procedure
containing hidden code that, when invoked,
performs harmful functions. Trojan horse
programs can be used to accomplish functions
indirectly that an unauthorized user could
not accomplish directly. A common motivation
for the Trojan horse is data destruction.
The program appears to be performing a
useful function, but it also be quietly
deleting the user’s file.
VIRUSES
A virus is a program that can “infect” other
programs by modifying them. The modification
includes a copy of the virus program, which
can then go on to infect other programs.
Like its biological counterpart, a computer
virus carries in its instructional code the
recipe for making perfect copies of itself.
Lodged in a host computer, the typical virus
takes temporary control of the computer’s
disk operating system. Then, whenever the
infected computer comes into contact with an
uninfected piece of software, a fresh copy
of the virus passes into the new program.
The infection can be spread from computer to
computer by unsuspecting users, who either
swap disks or send programs to one another
over a network. The area of viruses is one
where Cuba has done more development
creating new versions, and new delivering
techniques.
During its lifetime, a typical virus goes
through the following four stages:
Dormant phase: The virus is idle. The virus
will eventually be activated, by some event,
or date. Not all viruses have this stage
Propagation phase: The virus places an
identical copy of itself into other programs
or into certain system areas on the disk.
Each infected program will now contain a
clone of the virus, which will itself enter
a propagation phase.
Triggering phase: The virus is activated to
perform the function for which it was
intended. The triggering phase can be caused
by a variety of system events, including a
count of the number of times that this copy
of the virus has made copies of itself.
Execution phase: The function is performed.
TYPES OF VIRUSES
Parasitic virus: The traditional and still
most common form of virus.
Memory-resident virus: Lodges in main memory
as part of a resident system program.
Boot sector virus: Infects a master boot
record or boot record and spreads when a
system is booted from the disk containing
the virus
Stealth virus: A form of virus explicitly
designed to hide itself from detection by
antivirus software
Polymorphic virus: A virus that mutates with
every infection, making detection by the
signature of the virus impossible. THIS IS
ONE TYPE WHICH CUBA HAS DONE EXTENSIVELY
DEVELOPMENT.
CUBA’S CYBER DEVELOPMENT
Background
Cuba has surprising talent and experience
in the areas of electronics, computers,
computer software and data processing. The
country benefited from its association with
the former Soviet Union, and some European
countries, which turned out many skilled
electrical and computer engineers, as well
as technicians.
Cuba's electronic industry has its origins
in the mid-1960s when the Ministry for Iron
and Steel Machinery (SIME) began assembly of
radios from imported parts. In 1974 SIME
started producing black-and-white television
sets. Then came a plant to produce batteries
(1975), telephone switchboards (1981), and
color television sets (1985). In 1985 SIME
also started production of semiconductors.
In 1976 a separate electronics institute was
created, the National Institute of Automated
Systems and Computer Skills (INSAC). In 1994
INSAC was incorporated into the newly
created Ministry of Steel, Heavy Machinery
and Electronics. The Ministry of
Communications is also responsible for
small-scale production of certain
electronics-related products.
The entity Cuba Electronica was created in
January 1986 as part of the Foreign Trade
Ministry. It is responsible for importing
electronic equipment and exporting
computers, peripherals, semiconductors and
software.
An Irish expert says that the Cuban
information-technology industry matches that
of the Republic of Ireland, which has been
particularly successful in persuading a
range of information technology companies to
establish their European base in
Cuba.
One of the most advanced areas of the
electronics industry in Cuba is production
of medical equipment. The Central Institute
for Digital Research(ICID) in collaboration
with the Biotechnology Centers, has
developed high technology medical equipment
including the Cardiocid-M, an
electrocardiographic system for diagnosing
cardiovascular system diseases; Neorocid, an
electromyographic and electro-neurographic
system for diagnosing peripheric nervous
system diseases, and various applications
for high- technology genetic engineering
research.
The main developments of
Cuba's
electronic industry occurred between 1975
and 1989. Among others:
Computer equipment plant, established in
1978, with a 4,300 square meters production
area Printed circuit board plant,
established 1982, with a 4,900 square meters
production area Electronic modules
production plant, with 4,000 square meters
production area Mechanical production plant,
with 7,500 square meters production area
Monitors and television set plant,
established in 1975, with an annual capacity
of 100,000 units Alphanumeric keyboards
plant, established in 1988, equipped to
produce keyboards compatible with IBM, DEC
and other microcomputer systems. Production
capacity of 250,000 units per year Printed
circuit boards plant, which can produce
35,000 square meters per year of circuit
boards. It uses Betamax material and carries
out the printing by serigraphy. Electronic
Research and Development Center, established
in 1985. Electronic Components Complex, (CCE),
produces active and passive components,
established in 1985. Medical equipment
complex, established in 1989. Produces
instruments and equipment for the
Biotechnology Centers.
Computing in
Cuba
dates back to the mid- 1950s when two first
generation U.S. computers were installed.
During the 1960s came computers from France,
followed by Soviet and East- European
systems. During the 1970s Cuba embarked on a
program to develop its own second
minicomputers based on Digital's PDP-11.
Most of Cuba's early computer specialists
were trained in
East Germany
and the Soviet Union. In mid 1980s two main
centers of computational research were
established one at the CUJAE and the other
at Universidad Central de Las Villas.
These are all facts.
Cuba
has also developed computer networks.
Presently, there are four networks with
international connectivity: CENIAI, Tinored,
CIGBnet, Infomed. CENIAI began networking in
1986, and has had a UUCP link to the
Internet since 1992. They currently offer
email, database access, and programming and
consulting services. CIGBnet is the network
of the Center for Genetic Engineering and
Biotechnology. It began in 1991 and provides
email, database access, a biological
sequence server.
Since 1991,there has been a surplus of
electrical and computer engineers in Cuba
due to the closing of many industries. Many
of these engineers changed their lines of
work to the areas of telecommunications
espionage and computer interference and
disruption, in special centers created by
the government.
A large group of them received specialized
training in Russia, Vietnam, North Korea and
China As a result, a significant engineering
and technical staff is now dedicated to
research, development and application on
these areas
These are facts.
The beginning
Prior to the August 1991 coup attempt, the
KGB was developing computer viruses with the
intent of using them to disrupt computer
systems in times of war or crisis. In early
1991, a highly restricted project was
undertaken by a group within the Military
Intelligence Directorate of Cuba's Ministry
of the Armed Forces.
The group was instructed to obtain
information to develop a computer virus to
infect U.S. civilian computers. The group
spent about $5,000 dollars to buy
open-source data on computer networks,
computer viruses, SATCOM, and related
communications technology.
This is a fact. Declassified CIA document.
Cuba: Bejucal base
In 1995, Russia started the construction of
an espionage base to be operated by the
Cubans. The base is located at Bejucal,
south of La Habana. The agreement, and the
supervision of the entire project, was
directed by General Guillermo Rodriguez del
Pozo. Equipment for the base was shipped
secretively from Russia through the port of
Riga, in Latvia. This country does not have
an embassy in
Cuba.
However, Cuba maintains a large embassy,
over 50 persons, in
Latvia.
The base is now fully operational, similar
but smaller than Lourdes, and with all
state-of-the-art equipment. The unit is
referred to by some as The Electronic
Warfare Battalion, EWB. The request for the
base came because Cuba does not have access
to Lourdes. They only get copies of the
Russian intelligence summaries on issues
that could affect the nation's security.
Cuba Bejucal's Base is very powerful, and it
has the capabilities, besides running
signals intelligence operations, that is,
eavesdropping, of conducting
cyberwarfare.The Interior Ministry's General
Directorate for Intelligence is in charge of
the Base.
It also runs a smaller center, located at
Paseo, between 11th and 13th streets, in
Vedado, La Habana. The center is mainly
radio listening and transmitting, and for
limited telephone espionage.
The Electronic Warfare Battalion has the
necessary equipment to interfere Radio and
TV Marti, and the equipment to interfere TV
Marti if it transmits in UHF. The equipment
is not used as yet. However, the base has
offensive jamming capabilities, capable of
disrupting communications deep inside the
United states. This is indeed a unique
facility because of its size and location
and capability.
Interference of radio and TV Marti is now
disseminated through the Island, in what is
called project Titan. In charge now of
Chinese personnel, which since March 1999
has also taken partially over the operations
of the Bejucal base, or EWB.
Early in 1999, the Pentagon's military
computer systems were subject to ongoing,
sophisticated and organized cyber attacks.
Officials stated that this latest series of
strikes at defense networks was a
coordinated effort coming from abroad.
Deputy Defense Secretary John Hamre, who
oversees all Pentagon security matters
confirmed the attacks have been occurring
since 1998.
Secretary Hamre called them a "major
concern". Officials believe some of the most
sophisticated attacks are coming from a
country routing through Russian computer
addresses to disguise their origin.
The probes and attacks are also against U.S.
military research and technology
systems-including the nuclear weapons
laboratories run by the Department of
Energy. Rep. Curt Weldon, R-Pa., chairman of
the House Armed Services research and
Development Subcommittee stated "What we
have been seeing in recent months is more
of what could be a coordinated
attack....that could be involved in a very
planned effort to acquire technology and
information about our systems in a way that
we have not seen before".
These attacks coincide with the fact that
the Bejucal base is fully operational, and
also with the new presence of China military
and intelligence personnel in
Cuba.
Rep. Curtis Weldon also stated "it is not a
matter of if America has an electronic Pearl
Harbor, it is a matter of when". For two
days in January, 1999, cyber attacks were
made into military computers at Kelly Air
Force Base in
San Antonio-the
center for the most sensitive Air Force
intelligence, the kind of information
critical to American troops abroad.
Joseph Santos, aka "Mario", one of the
persons arrested by the FBI in an alleged
spy ring, on September 1998, is an
electrical and computer engineer, with great
expertise in computer networks, and member
until 1996 of a research computational
center in a University in Cuba.
According to the indictment,
Santos'
assignment was to infiltrate the new U.S.
Southern Command headquarters in
West Dade.
He had, as his fundamental assignment, the
penetration of the headquarters of said
command. Maps of several cities, including
San Antonio, were found in his apartment.
CONCLUSION
The new threat to be expected from Cuba and
other terrorist nations is a cyber terrorism
attack, to try to disrupt the main networks
and computer facilities of the
United States.
Top
^
|
.gif){kind=small}
.gif){kind=small}