Cyber Warfare and Telecommunications Espionage
Communications networks are systems designed to transmit information. Computers and communications are the technology of technologies. The field is experiencing a revolution several times each decade. Important recent milestones include:
*The Internet: a network of many kinds of networks. The Internet's main importance is its capability for internetworking, allowing any user to find, touch, and connect to a large variety of networks and sources of information, users, and computational resources that each makes available.
*The computer: microprocessors are changing the shape of everything related to computing, communications and control. Home and work computers permit direct data communication from the general public.
*The television: television has become a way of life. Wristwatch television, wall-size television, high definition television, and fully interactive cable television are all available
*The personal communication explosion: cellular phones, facsimiles, two-way pagers, palm pilots.
The most important recent dates in the field are:
| 1964 | The electronic telephone switching system (No.1 ESS) is placed into service |
| 1965 | The first commercial communication satellite is placed into service |
| 1968 | Cable television systems are developed |
| 1971 | The first single chip microprocessor is developed |
| 1972 | The cellular phone is demonstrated to FCC |
| 1976 | Personal computers are developed |
| 1980 | The FT3 fiber optic communication is developed |
| 1980 | The compact disc(CD) is developed |
| 1981 | The IBM PC is introduced |
| 1985 | FAX machines become popular |
| 1989 | Pocket cellular phone is introduced |
| 1990 | Era of digital signal processing. |
Access devices
In homes, the three main access devices deployed at this time are the telephone, the television (TV), and the personal computer (PC). Ninety six percent of U.S. households have a telephone, about 98 percent have a TV, and 55 percent have a PC. At work, the access devices are telephones and PCs. On the road, it is again the telephone, cellular, and the portable PC.
Communications occurs over public and private networks. The access devices will coexist, albeit with an increasingly powerful and flexible set of capabilities. The PC-TV combination will be basically a PC with augmented capabilities for television reception. The television is not becoming a PC, although the PC will be used as a television and telephone.
The PC's will become increasingly important as an access device. Approximately 120 million PC's were deployed in the U.S. workplace at the end of 1998, with close to 85% of them connected to a network. About 50 million were deployed in the home. Millions of portable PC's are used by mobile workers.
About 98% of all U.S. households have a television, of which about 80% of those have cable service. Terrestrial broadcast television uses wide bandwidth that potentially will help to enable other services. Broadening of access is more evident in cable television.
As digital video transmission is deployed, cable service providers will increase the capacity of their networks. This will lead to additional services, including interactive services. The existing cable system will be more hybrid fiber coaxial cable, or HFC, systems.
With 96% of all U.S. households having telephone service, telephone is the most used device as far as communicating- information is concerned. The telephone is also the most used device to access the networks. Cellular and personal communication service (PCS) telephones now provide increasing communications mobility to a broadening slice of society.
Cellular and PCS telephones are now commodity items for the general consumer. They are also becoming smarter, linking into computer networks for data access or for basic telephony over broad regions of the world.
The system and the medium
Of the access devices available, of specific interest for this study are the telephone and the computer, the system used and the transmission medium. Telecommunications espionage, and computer interference and disruption, depends on the telecommunication systems in place, and the form of transmitting the information through the access devices.
Telecommunication systems are designed to transmit voice, data, or visual information over some distance. Historically, telephone systems were designed only to reproduce voice signals that originated from a distant location. Today, modern telephone systems are very sophisticated. They use large digital computers at the central office (CO) to switch calls and to monitor the performance of the system.
The telephone industry is evolving from an analog network to a digital network. The trend is to provide a digital CO and a digital network out to the remote terminal, RT. The "last mile" from the RT to the subscriber is usually analog. A new approach called the integrated service digital network, ISDN, converts the "last mile" analog subscriber line, ASL to a digital subscriber line, DSL. Hence, the digital data can be delivered directly to the subscriber premises.
There are two categories of ISDN: narrow-band or basic rate ISDN, denoted N-ISDN; broadband or primary rate ISDN, denoted B-ISDN. Twisted pair copper lines provide B-ISDN for the last mile to the subscriber since it is not financially feasible to replace all copper lines already installed (about a $100 billion dollars investment for U.S. copper line facilities) with fiber optics. Of course, fiber is installed in all new installations.
Fiber or coaxial lines are required for data rates on the order of 10 Mbits or larger. The standard implementation of N-ISDN uses two -wire twisted pair telephone line. This allows existing copper pairs to be used for N-ISDN simply by connecting the ends of the pairs to the terminating equipment.
The wide-band channels used to connect the toll offices consist of three predominant types: fiber optic cable, microwave radio relay systems, and buried coaxial cable systems. Historically, open-wire pairs, which consist of individual bare wires supported by glass insulators on the cross arms of telephone poles ,provided wide-band service via FDM/SSB signaling.
Occasionally, some open wire lines can still be seen along railroad tracks. Fiber optic cable with TDM/OOK signaling is now rapidly overtaking twisted pair cable, coaxial cable, and microwave relay because of its tremendous capacity and low cost.
Fiber optic cable has an information carrying capacity that is orders of magnitude greater than of copper. Although fiber has been deployed extensively in the backbone sections of telephone networks nationwide, wireline access networks comprising a mix of fiber and copper elements are now being deployed in residential areas, as mentioned above.
For such access networks a very important technical approach is now used-hybrid fiber coaxial cable, HFC. This approach, fiber optic links, connect the community head end to small neighborhoods. Traditional cable technology is then used to fan out inside each neighborhood to reach individual homes.
Another approach is called fiber to the curb, FTTC. It carries fiber to the curb in the distribution network. Then, either twisted pair copper or coaxial cables are connected from the curb to the home. FTTC systems are typical all digital. Beyond FTTC systems are systems that carry fiber all the way to the home.
However, fiber cable provides service only from one fixed point to another. Conversely, communication satellites provide wide-band connections to any point on the globe. Service to isolated locations can be provided almost instantaneously by the use of portable ground stations.
Satellite communication relay a great portion of transoceanic telephone traffic. Satellite communications can provide the relaying of data, telephone, and television signals. Most communication satellites are placed in geostationary orbit, GEO. This is a circular orbit in Earth's equatorial plane.
The orbit is located 22,300 miles above the equator so that the orbital period is the same as that of the Earth. This enables the Earth station antennas to be simplified since they are pointed in a fixed direction and do not have to track a moving object. For communication to the polar regions of the Earth, satellites in polar orbits are used, which require Earth stations with tracking antennas.
Each satellite has a number of transponders aboard to amplify the signal from the uplink and to down-convert the signal for transmission on the downlink. Newer satellites operate at a very high frequency, usually in the 14 GHz range on the uplink, and 12 GHZ on the downlink. Satellite relays provide a channel for data and telephone signaling similar to conventional terrestrial microwave radio links.
Satellite systems are now used for communication directly to personal communication systems, PCS, devices, such as hand-held portable telephones and mobile data terminals. In this case, low-Earth-orbit, LEO, satellites, which are not geosynchronous, are used. These systems provide voice, data, and facsimile service.
Since the invention of radio systems, the goal of telephone engineers has been to provide personal telephone service to individuals by using radio systems to link phone lines with persons in their cars or in the streets. With the development of integrated circuit technology this goal was achieved through the cellular phone. Each user communicates via radio from a cellular telephone set to the cell-site base station.
This base station is connected via telephone lines to the mobile telephone switching office, MTSO. The MTSO connects the user to the called party. If the called party is land base, the connection is via the central office, CO, to the terrestrial telephone network. If the called party is mobile, the connection is made to the cell site that covers in which the cell party is located, using an available radio channel in the cell associated with the called party.
On November, 1998, the Iridium constellation of low-earth orbiting (LEO) satellites made it possible to send and receive phone calls from some of the most remote locations on Earth using radio waves, a satellite, and a satellite phone. These telephones can transmit calls via the Iridium constellation and most land-based tele-communications systems.
Business networking includes interconnection of local area networks, LANs, across wide areas, as well as remote access (connection of remote sites, small offices, mobile workers, and telecommuters to corporate networks). Business networking needs network interface cards (NICs) for computers, wiring, packet switches, routers, and software.
Most networked PCs in corporations today are connected to LANs that are in turn interconnected across the public telephone system. Presently, some 90% of PCs are connected to LANs . Most of the PCs sites with a LAN are connected to the telephone system. Small office, home office, and mobile workers connect to their main workplace server through remote access.
Most of such workers do not have enough data traffic demand to justify a dedicated circuit for connection and therefore will choose to connect via one of three options: analog modems, ISDN, or frame relay.
There are about 900,000 remote offices in the United States. Among those, 96% have some form of remote access. The network connection is achieved using a dial-up modem, or via a router. There are some 180 million total telephone access lines. There are 95 million networked workplace PCs, as well as home-office and mobile PCs.
The complexity of the system, and the medium, raises concerns about security, which not only include telecommunications espionage and computer disruption, the issues of this study. There are considerations of mechanisms that also provide protection for the privacy of personal information, intellectual property, integrity of information and systems, and other vulnerable elements.
Security
The increasing use of general access devices makes security matters increasingly important. Although the need for security is currently appreciated more in businesses than in homes, even in businesses there is limited awareness.
There is a need for the protection of individual, business, and government privacy, and the integrity of material transmitted. Deployment issues relate to securing of infrastructure links and end-to-end applications and therefore affect all levels of the architecture and all players, including users themselves. Dependence on networking activities will broaden concerns about security.
Security of the network is an obvious concern in crises where there is an active adversary seeking to obstruct the response. This is clearly the case in warfare and in confronting terrorism. The response team must keep its plans secret from hostile parties, and it must protect its communications against denial of service. However, security needs are not limited to active, hostile situations.
Robert Kehlet, of the Defense Nuclear Agency, observed that when you operate at a federal level, though, you get access to databases and information that are very sensitive in nature. You don't want to pass that out to the world in general and make it totally and completely public accessible.
Security is essential to national-scale applications such as manufacturing and electronic commerce. It is also important in situations where sensitive information must be communicated. Many traditional ideas of network security must be reconsidered for these applications in light of the greater scale and diversity of the infrastructure and the increased role of non-experts.
On a short-term basis, new security models are needed to handle the new degree of mobility of users and possibly organizations. The usability or user acceptability of security mechanisms will assume new importance, especially those that inconvenience legitimate use too severely.
In many, perhaps all, of the national-scale applications, users can be expected to move from a security policy domain or sphere to another and have a need to continue to function. That is, for example, carrying a portable computer from the wireless network environment of one's employer into that of a customer, supplier, or competitor.
Mobile users who want to connect back to their home domain from a foreign one have several alternatives. It is likely that the local domain will require some form of authentication and authorization of users. The remote domain might either accept that authentication and authorization from the user.
In addition, such remote access may raise problems of exposure of activities, such as lack of privacy, greater potential for spoofing, or denial of service, because all communication must now be transported through environments that may not be trusted.
Unfortunately, the problems of security are very difficult to address with computational and communications facilities. Policy and steps, especially when it involves merging several different security domains, is extremely complex. It must be based on the tasks to be achieved, the probability of subversion, and the capabilities of the mechanisms available.
Satellite stations and monitoring centers are capable of telephone surveillance. A system can monitor and analyze telephone communications, which is, in fact, the largest and most important form of secret intelligence. However, it is impossible for analysts to listen to all but a small fraction of the billions of telephone calls, and other signals which might contain significant information.
But, a network of monitoring stations is able to tap all calls from an specific area, and sift out messages which sound interesting. Computers automatically analyze every message or data signal, and can also identify calls to a target telephone number.
Surveillance systems are highly computerized. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals.
Experts have assessed that, computers with network connectivity, can be entered by an electronic intruder from anywhere in the world. Gaining access to these computers through a network connection is relatively simple, costs very little, and typically involves little risks of detection. This new phase of terrorism is referred to as cyber-terrorism, and with biological warfare, represents the greatest threat of next century.
Cyberterrorism
U.S. vulnerability to infowar is the major security challenge of the next century. Much more important, but not as complex as telephone espionage. Other names for cyberterrorism are: information war, technological warfare, hacking, and computer security.
Every year U.S. companies lose millions of dollars to industrial espionage and sabotage. The attacks come from outside hostile countries or organizations, business competitors, or individuals. People are not aware of how easy it is to breach security at major corporations. Even computer experts hired by companies to make sure their systems are safe find very difficult to fight intruders.
Even military computer systems are vulnerable to intruders. The computer and Internet development are considered by many to be comparable to the development of the atomic bomb in respect to the way it may change our society and warfare. In the Gulf War, computers and telecommunications were used to knock out the Iraqi communications and electrical systems.
However, as the U.S. relies more and more in computers, we become more vulnerable to attacks. Imagine what would happen if Wall Street caught a virus that would cause their network to crash. The prospect is: if we are able to do it, others are also able to do it to us.
Cyberterrorists can attack anywhere where the physical and the virtual worlds combine. The Internet and the computer technology have made possible universal interface. Cyberterrorists can use the Internet and the computer networks to destroy, altercate, and infiltrate valuable information or systems necessary for security.
A terrorist country, such as Cuba, must make its act big enough and well known enough to achieve its goal. The person actually performing the attack can do it from his own home or lab in Cuba. He will not be harmed in the attack, he will probably not be traced, and if he messes up he learns from his mistakes and become even more dangerous when he strikes again.
Assume a possible scenario. Wall Street reports a massive loss of data as computers and backup tapes go up in smoke. ConEd and PG&E power companies' computers crash, plunging the East and West coasts into darkness. At major airports, the FAA's ATC computers crash, causing havoc across the Midwest. 911 emergency systems in major cities go down from a logic bomb. Internet traffic slows to a tickle as ISPs and telecom companies struggle with coordinated large-scale denial-of-service attacks. That's the kind of nightmare we can face.
Some of these attacks have already occurred, in small scale, in various nations. Attackers, as mentioned before, can wage cyberwarfare from computers anywhere in the world.
The core problem: United States' dependence on computers makes it more vulnerable than most countries to cyberattacks. Our national infrastructure depends not only on our interconnected information systems and networks, but also the public switched network, the air-traffic control systems, the power grids and many associated control systems, which themselves depend heavily on computers and communications.
Our defense against isolated attacks and unanticipated events are inadequate. Risks include not just penetrations and insider misuse, but also insidious Trojan horse attacks that can lie dormant until triggered. Our defenses large- scale coordinated attacks are even more inadequate.
According to CIA director George Tenet in congressional testimony, June 1998, "we must rely more and more on computer networks for the flow of essential information. Trillions of dollars in financial and commerce are moving over a medium with minimal protection. The opportunity to disrupt military effectiveness and public safety, with the elements of surprise and anonymity provide plenty of incentives".
The cyberterrorist's traditional weapons of choice include computer viruses such as, logic bombs that wake up on a certain date, worms, and Trojan horse; cracking (accessing computer systems illegally); sniffing (monitoring network traffic for passwords, credit cards, etc); social engineering (fooling people into revealing passwords and other information); and dumpster diving (sorting through the email trash).
In a brief summary, there are:
*Viruses: computer viruses come in all shapes and flavors, from "harmless" prank messages to electronic forms of Ebola that chew up your data and spit it out as garbage. Some viruses infect your PC's boot sector and rewrite the sector, crippling your system. Others infect the files that launch or run most of your software, rendering your programs unusable. Others erase your computer's CMOS setup tables, making it impossible for your computer to work.
*Worms: worms are breeder programs, reproducing themselves endlessly to fill up memory and hard disks. Worms are often designed to send themselves throughout a network, making their spread active and deliberate.
*Logic bombs: logic bombs are embedded pieces of destructive code that detonate on preset dates or when a specified set of instructions is executed, unleashing destructive actions within a computer or through out a network
*Bots: bots are pieces of code designed to rove the internet and perform specific actions
*SYN: SYN attacks involve sending a torrent of connection requests to targeted sites.
*SYN flood: creates a major traffic jam at the site, cutting it off.
But a new tactic, coordinated large-scale attacks, emerged on March 2, 1998. The tactic consists of intrusion attempts involving multiple attackers working together from different IP addresses, many in different locations, and countries. The intent is to make the attacks more difficult to detect, and to increase the "firepower".
Another advanced cyberterrorist tool is monitoring computers, fax machines, printers and other devices by picking up their electromagnetic radiation. They allow cyber spies (at least one of the spies from Cuba arrested recently by the FBI in Miami was a computer engineer, expert on computational technology in Cuba) to intercept passwords and sensitive information.
Such monitors can be as far as 1 mile-or further if they have fast-Fourier-transform chips and other classified systems design by the National Security Agency, or its foreign counterparts, such as Cuba's intelligence services. There is no way to know if a system is monitored.
Information warfare attacks on computers could be classified as attacks through legitimate gateways of the computers such as the modem and the keyboard (software attacks), and attacks through other than legitimate gateways (backdoor attacks). At the current technological level, backdoor attacks can be carried out mainly by utilizing radio frequency (RF) technology and are classified as RF attacks.
Any wire or electronic component is, in fact, an unintended antenna, both transmitting and receiving. Every such unintended antenna is particularly responsive to its specific resonance frequency, and to some extent, to several related frequencies. If the objective is to eavesdrop on the device, then the electromagnetic emanations coming from functioning components of the device are received by highly sensitive receiving equipment and processed in order to duplicate information handled by the device.
If the objective is to affect the device's functioning, then appropriate RF signals are transmitted to the targeted device. Producing and transmitting a signal, which would just disrupt the normal functioning of a target device, is a simple technological task, and Cuba is quite capable of producing such attacks.
It is not science fiction: weapons can zap your computer into oblivion from a distance. Radio frequency (RF) weapons are real They consist of a power supply, transmitter, antenna. One type, referred to as HPM, generates Gigawatts of short, intense energy pulses focused into a narrow beam capable of silently burning out electronic equipment. There have been high ranked military experts testifying in Congress in relation to this matter since mid-1998.
RF weapons are also packaged as RF munitions, which use explosives to produce radio-frequency energy. In the hands of skilled Cuban scientists, these munitions come as hand grenades or mortar grounds. Potential targets of RF weapons include computer and other electronic devices used in national telecommunications systems, the national transportation system, mass media, oil and gas control and refining, civil emergency services, among several important infrastructure.
Ninety percent of our military communications now passes over public networks. If an electromagnetic pulse takes out telephone systems, we are in trouble because our military and non-military nets are virtually inseparable. The former Soviet Union developed RF weapons because of the potential to be effective against our sophisticated electronics, said retired U.S. Army Lieutenant General Robert Schweitzer in congressional testimony in June, 1998.
Russia provided this technology to several countries. China is also well ahead in this field. Since February 1999, China and Cuba have increased their military and intelligence joint activities. The presence of Chinese personnel in Cuba is now very obvious.
A new class of cyberweapon, the Transient Electromagnetic Devices (TEDs) are easier to construct and use. TEDs generate a spike-like pulse that is only one or two hundred picoseconds in length at very high power. TEDs are smaller, cheaper, required less power and are easier to build. As we will analyze later on the report, Cuban engineers have the proper technology and experience to build TEDs.
They can be built using spark-gap switches and can be assembled from automobile ignition, fuel pump and other relative available parts at a cost of $ 300 dollars. TEDs can burn out a broad range of devices, with effect on electronics systems that are similar to a lightning strike. The compact devices could fit in a briefcase, or be placed in a small van. With a six- foot backyard antenna and more advanced spark-gap units, terrorists could point them at flying aircrafts.
"The enemies of peace realize they cannot defeat us with traditional military means", President Bill Clinton, January, 1999.
Cuba: THE THREAT
Cuba is not a challenge or a threat to the United States with conventional weapons on a conventional battlefield. It never was, not even at its military peak of the 1970's. However, Cuba is a real threat to the United States with non-traditional weapons.
Background
Cuba has surprising talent and experience in the areas of electronics, computers, computer software and data processing. The country benefited from its association with the former Soviet Union, and some European countries, which turned out many skilled electrical and computer engineers, as well as technicians.
Cuba's electronic industry has its origins in the mid-1960s when the Ministry for Iron and Steel Machinery (SIME) began assembly of radios from imported parts. In 1974 SIME started producing black-and-white television sets. Then came a plant to produce batteries (1975), telephone switchboards (1981), and color television sets (1985). In 1985 SIME also started production of semiconductors.
In 1976 a separate electronics institute was created, the National Institute of Automated Systems and Computer Skills (INSAC). In 1994 INSAC was incorporated into the newly created Ministry of Steel, Heavy Machinery and Electronics. The Ministry of Communications is also responsible for small-scale production of certain electronics-related products.
The entity Cuba Electronica was created in January 1986 as part of the Foreign Trade Ministry. It is responsible for importing electronic equipment and exporting computers, peripherals, semiconductors and software.
An Irish expert says that the Cuban information-technology industry matches that of the Republic of Ireland, which has been particularly successful in persuading a range of information technology companies to establish their European base in Cuba.
One of the most advanced areas of the electronics industry in Cuba is production of medical equipment. The Central Institute for Digital Research(ICID) in collaboration with the Biotechnology Centers, has developed high technology medical equipment including the Cardiocid-M, an electrocardiographic system for diagnosing cardiovascular system diseases; Neorocid, an electromyographic and electro-neurographic system for diagnosing peripheric nervous system diseases, and various applications for high- technology genetic engineering research.
The main developments of Cuba's electronic industry occurred between 1975 and 1989. Among others:
? Computer equipment plant, established in 1978, with a 4,300 square meters production area
? Printed circuit board plant, established 1982, with a 4,900 square meters production area
? Electronic modules production plant, with 4,000 square meters production area
? Mechanical production plant, with 7,500 square meters production area
? Monitors and television set plant, established in 1975, with an annual capacity of 100,000 units
? Alphanumeric keyboards plant, established in 1988, equipped to produce keyboards compatible with IBM, DEC and other microcomputer systems. Production capacity of 250,000 units per year
? Printed circuit boards plant, which can produce 35,000 square meters per year of circuit boards. It uses Betamax material and carries out the printing by serigraphy.
? Electronic Research and Development Center, established in 1985.
? Electronic Components Complex, (CCE), produces active and passive components, established in 1985.
? Medical equipment complex, established in 1989. Produces instruments and equipment for the Biotechnology Centers.
Computing in Cuba dates back to the mid- 1950s when two first generation U.S. computers were installed. During the 1960s came computers from France, followed by Soviet and East- European systems. During the 1970s Cuba embarked on a program to develop its own second minicomputers based on Digital's PDP-11.
Most of Cuba's early computer specialists were trained in East Germany and the Soviet Union. In mid 1980s two main centers of computational research were established one at the CUJAE and the other at Universidad Central de Las Villas.
Cuba has also developed computer networks. Presently, there are four networks with international connectivity: CENIAI, Tinored, CIGBnet, Infomed. CENIAI began networking in 1986, and has had a UUCP link to the Internet since 1992. They currently offer email, database access, and programming and consulting services. CIGBnet is the network of the Center for Genetic Engineering and Biotechnology. It began in 1991 and provides email, database access, a biological sequence server.
Since 1991,there has been a surplus of electrical and computer engineers in Cuba due to the closing of many industries. Many of these engineers changed their lines of work to the areas of telecommunications espionage and computer interference and disruption, in special centers created by the government.
A large group of them received specialized training in Russia, Vietnam, North Korea and China As a result, a significant engineering and technical staff is now dedicated to research, development and application on these areas.
The Beginning
Prior to the August 1991 coup attempt, the KGB was developing computer viruses with the intent of using them to disrupt computer systems in times of war or crisis. In early 1991, a highly restricted project was undertaken by a group within the Military Intelligence Directorate of Cuba's Ministry of the Armed Forces.
The group was instructed to obtain information to develop a computer virus to infect U.S. civilian computers. The group spent about $5,000 dollars to buy open-source data on computer networks, computer viruses, SATCOM, and related communications technology. These efforts have continued to be made, now in a much larger scale, and could potentially cause irreparable harm to U.S. defense system.
The project is under the direction of Major Guillermo Bello, and his wife, Colonel Sara Maria Jordan, both of the Ministry of the Interior. Several well- known Cuban engineers were sent to work in this group. The engineering effort is led by engineers Sergio Suarez, Amado Garcia, and Jose Luis Presmanes. Several computational centers have been created at either universities or research centers through Cuba, where highly secret research and development activities are conducted.
The development of malicious software requires little in the way of resources- a few computers and an individual or group with the appropriate expertise-making a malicious software R&D program easy to support as well as to hide.
According to reports, Dutch teenagers gained access, apparently through an Internet connection to computer systems at 34 DOD sites, including the Air Force Weapons Laboratory, the David Taylor Research Center, the Army Information Systems Command, and the Navy Ocean Systems Center during operations Desert Shield Storm.
They were snooping in sensitive rather than classified military information. The intrusions normally involved broad-base keywords searches including such words as "rockets", "missiles", and "weapons".
They exploited a trap door to permit future access and modified and copied military information to unauthorized accounts on U.S. university systems. Although no "customer" was identified, the data collected could have been sent electronically anywhere in the world. At that time, some Cuban engineers were receiving specialized training in Holland, Sweden, and Austria.
Cuba: Low Energy Radio Frequency
It is quite possible, and probable, that Cuba is doing research and development on low level radio frequency weapons, or LERF. This technology utilizes relatively low energy, which is spread over a wide frequency spectrum. It can, however, be no less effective in disrupting normal functioning of computers as the high energy RF, or HERF due to the high probability that its wide spectrum contains frequencies matching resonance frequencies of critical components.
Generally, the LERF approach does not require time compression, nor does it utilize high tech components. LERF impact on computers and computer networks could be devastating. One of the dangerous aspects of a LERF attack on a computer is that an unprotected computer would go into a "random output mode".
Different kinds of LERF weapons have already been used over the years, primarily in Eastern Europe. This is one of the reasons it is highly probable that Cuba is active in the development of such weapons. For instance, during the Czechoslovakian invasion of 1968, the Soviet military received advanced notice that Czechoslovakian anti-communist activities had been wary of relying on the telephone communications.
These telephone communications were controlled by the government. They prepared to use radio transceivers to communicate between their groups for coordination of their resistance efforts.
During the invasion Soviet military utilized RF jamming aircraft from the Soviet air force base in Stryi, Western Ukraine. The aircraft jammed all the radio spectrum, with the exception of a few narrow pre-determined "windows" of RF spectrum utilized by the invading Soviet army.
Another example of a LERF attack was the KGB's manipulation of the United States Embassy security system in Moscow in the mid-80s. The security system alarm was repeatedly falsely triggered by the KGB's induced RF interference several times during the night. This was an intent to annoy and fatigue the marines and to cause the turning of the "malfunctioning" system off.
A small group of agents from Cuba, well trained, can put components from Radio Shack, for example, inside a van or a pick up truck, with an antenna. And that is really what an RF weapon looks like, a radar or antenna showing, and drive it around a building, be the White House, the Pentagon, or the FAA facility and pulse.
They can fire, and re-fire, as long as the generator has power. The radiation goes through concrete walls. Barriers are not resistant to them. They will either burn out or upset all the computers or the electronic gear of the targeted building. They are absolutely safe to human beings.
Another aspect of offensive RF technology is its traditional application in information intercept or eavesdropping. Traditionally, the Soviet Union and Russia have placed high priority on the development and use of this technology. Changes of last decade in Russia impacted the KGB, which has been split into independent parts.
The 8th and 16th Directorates, roughly representing Russian equivalent of the NSA, became an independent agency, the Federal Agency of Government Communications and Information (FAPSI). FAPSI is directly subordinate to the President of Russia.
In a wave of privatization, FAPSI was partially privatized as well. Some of the leading FAPSI experts left the agency and founded private security companies. These companies are fully capable of carrying out any offensive operations and serve as consultants to previous ally countries.
There is also a close cooperation between FAPSI and its private spin-off companies. The private companies can provide the FAPSI with some of the products of their intercept, while FAPSI can also share some of its products, along with personnel and equipment, including its powerful and sophisticated facilities, such as the Lourdes in Cuba, for a very productive long-range intercept.
This situation can easily put American private business in a highly unfavorable competitive position since the end of the Cold War somewhat shifted goals, objectives, and some targets of the FAPSI toward a heavier emphasis on intercept of technological, commercial and financial information.
It can take a few days to build a LERF weapon. It takes a few weeks or a few months to establish a successful collection of information through RF intercept. But several countries, including Cuba, have the capacity to do so.
Cuba: Lourdes base
At Lourdes, a suburb of La Habana, south of Centro Habana, and close to Jose Marti's airport, there is a Russian sophisticated electronic espionage base. It encompasses a 28 square mile area and employs some 1,500 Russian engineers, technicians and staff. A satellite view of Lourdes, 1996, is included.
There are two fields of satellite dishes. One group listens in to general U.S. communications. The second group is used for targeted telephones and devices. The areas are designated "Space Associated Electronics Area North" and "Space Associated Electronics Area South". There is also an HO/Administration Area, and a Vehicle/Equipment Maintenance Area.
The Russians have spent over $3 billion dollars on Lourdes. In 1996 they started to upgrade the facilities, in some $250 million dollars. Presently, they have state- of- the art equipment. The computers at the base are programmed to listen for specific phone numbers-when they detect these lines are in use the computers automatically record the conversations on transmissions.
The upgrading now include voice recognition facilities, that is, computers recognize certain targeted voice spectrum, and when so, they automatically record the conversations. Also facsimiles are detected, as well as computer data.
At present, Lourdes is an even more important asset for Russia in its efforts to spy on the United States than it was during the Cold war. Lourdes receives and collects intercepts by spy satellites, ships and planes in the Atlantic region, making it a full fledge regional command and control center.
The use of the intelligence garnered by Lourdes is not limited to penetrating secret U.S. military operations. Its targets also include the interception of sensitive diplomatic, commercial and economic traffic, and private U.S. telecommunications.
The strategic significance of the Lourdes facility also has grown dramatically since the order from Russian Federation President, Boris Yeltsin, of February 7, 1996 demanding that the Russian intelligence community step up the theft of American and other Western economic and trade secrets.
The director of the Defense Intelligence Agency told the Senate Intelligence Committee in August 1996, "Lourdes is being used to collect personal information about U.S. citizens in the private and government sectors". The signal intelligence complexes operated by Russia at Lourdes also offers the means by which to engage in cyberwarfare against the United States.
Cuba: Bejucal base
In 1995, Russia started the construction of an espionage base to be operated by the Cubans. The base is located at Bejucal, south of La Habana. The agreement, and the supervision of the entire project, was directed by General Guillermo Rodriguez del Pozo. Equipment for the base was shipped secretively from Russia through the port of Riga, in Latvia. This country does not have an embassy in Cuba. However, Cuba maintains a large embassy, over 50 persons, in Latvia.
The base is now fully operational, similar but smaller than Lourdes, and with all state-of-the-art equipment. The unit is referred to by some as The Electronic Warfare Battalion, EWB. The request for the base came because Cuba does not have access to Lourdes. They only get copies of the Russian intelligence summaries on issues that could affect the nation's security.
Cuba Bejucal's Base is very powerful, and it has the capabilities, besides running signals intelligence operations, that is, eavesdropping, of conducting cyberwarfare.The Interior Ministry's General Directorate for Intelligence is in charge of the Base.
It also runs a smaller center, located at Paseo, between 11th and 13th streets, in Vedado, La Habana. The center is mainly radio listening and transmitting, and for limited telephone espionage.
The Electronic Warfare Battalion has the necessary equipment to interfere Radio and TV Marti, and the equipment to interfere TV Marti if it transmits in UHF. The equipment is not used as yet. However, the base has offensive jamming capabilities, capable of disrupting communications deep inside the United states. This is indeed a unique facility because of its size and location and capability.
Interference of radio and TV Marti is now disseminated through the Island, in what is called project Titan. In charge now of Chinese personnel, which since March 1999 has also taken partially over the operations of the Bejucal base, or EWB.
Early in 1999, the Pentagon's military computer systems were subject to ongoing, sophisticated and organized cyber attacks. Officials stated that this latest series of strikes at defense networks was a coordinated effort coming from abroad. Deputy Defense Secretary John Hamre, who oversees all Pentagon security matters confirmed the attacks have been occurring since 1998.
Secretary Hamre called them a "major concern". Officials believe some of the most sophisticated attacks are coming from a country routing through Russian computer addresses to disguise their origin.
The probes and attacks are also against U.S. military research and technology systems-including the nuclear weapons laboratories run by the Department of Energy. Rep. Curt Weldon, R-Pa., chairman of the House Armed Services research and Development Subcommittee stated "What we have been seeing in recent months is more of what could be a coordinated attack?.that could be involved in a very planned effort to acquire technology and information about our systems in a way that we have not seen before".
These attacks coincide with the fact that the Bejucal base is fully operational, and also with the new presence of China military and intelligence personnel in Cuba.
Rep. Curtis Weldon also stated "it is not a matter of if America has an electronic Pearl Harbor, it is a matter of when". For two days in January, 1999, cyber attacks were made into military computers at Kelly Air Force Base in San Antonio-the center for the most sensitive Air Force intelligence, the kind of information critical to American troops abroad.
Joseph Santos, aka "Mario", one of the persons arrested by the FBI in an alleged spy ring, on September 1998, is an electrical and computer engineer, with great expertise in computer networks, and member until 1996 of a research computational center in a University in Cuba.
According to the indictment, Santos' assignment was to infiltrate the new U.S. Southern Command headquarters in West Dade. He had, as his fundamental assignment, the penetration of the headquarters of said command. Maps of several cities, including San Antonio, were found in his apartment.
It is a fact that both, Lourdes and the EBW bases, are a threat to the U.S. security, capable of intercepting not only U.S. military secrets but also commercial and trade intelligence.
Cuba: The new China presence
In February, 1999, a top level Chinese military delegation, led by Chi Haotian, Defense Minister, visited Cuba. They met several times with Raul Castro, Cuba's Defense Minister. It was the first time a Chinese minister of defense visited Cuba.
China's President Jiang Zemin visited Cuba in 1993. Castro went to China in 1995. Other important visits have occurred recently. Raul Castro, accompanied by several generals, visited China. Also, general Dong Liang Ju, head of China's Military Commission, visited Cuba.
An important role here is played again by General Guillermo Rodriguez del Pozo, whose son is married to Raul Castro's daughter. All these facts lead to an important conclusion: a very close military relation between Cuba and China.
It is obvious that China sees a presence in Cuba of an important strategic value, and is making Cuba a military and intelligence gathering Center. What Cuba really wants from China? Most probably, economic assistance. But the real important question is what China wants from Cuba?
China has become very active in Cuba's military telecommunications, cyberwarfare and biowarfare activities. China is investing to modernize the satellite- tracking center at Jaruco. China is heavily involved also in the telecommunications-monitoring base at Paseo, between 11thst and 13thst, Vedado.
The government of China has created the 863 and Super-863 Programs, with the sole mission of importing technologies for military use. The 863 program was given a budget split between military and civilian projects, focusing on science and technology.
The following are key areas of military concern: biological warfare; communications and intelligence systems. The People's Liberation Army, PLA, has placed priority on the development of battlefield communications; reconnaissance; intelligence signals operations.
In order to achieve these priorities, the government of China has focused on the use of intelligence services to acquire U.S. military and industrial technology. That is the main reason why China is using and improving Cuban capabilities in this area and moving to develop its own on the island.
After years of hostile relations between China and the Soviet Union, Russia has again become China's main source of advanced weapons, including electronic warfare and electronic eavesdropping, (sigint), equipment.
China has acquired high performance computers, HPC, from the United States. HPCs are important for many military applications and essential for some. It is known that China is modernizing Cuba's computer systems with HPCs.
These computers are in the speed range of 1500-40,000 millions of theoretical operations per second (MTOPS). HPCs are useful in the design, development, manufacturing, performance, and testing of biological weapons, command, control, and communications, information warfare, collection, processing, analysis, and dissemination of intelligence an in the encryption of communications.
Another potential application of HPCs in Cuba is cryptology-the design and breaking of encoded communications. This application, such as in the Bejucal base, demands fast processing, and the ability to handle large amounts of data. As a point of reference, the U.S. National Security Agency uses some of the highest performance computers available.
However, it is true also that significant cryptology capabilities can be achieved through the use of widely available computer equipment, such as networked workstations or parallel processors.
Under the revised HPC policy, Cuba falls in Tier 4 with Iraq, Iran, Libya, North Korea, Sudan , and Syria. Tier 4 means a virtual embargo on all computer exports. This is another factor of the importance of the new China/Cuba relations. In light of China's aggressive espionage campaign against U.S. technology, Cuba fits perfectly with Chinese electronic warfare priorities and electronic collection needs.
Conclusions
The United States' dependence on computers makes it more vulnerable than most countries to cyberattack. The president's Commission on Critical Infrastructure Protection has identified eight critical areas in need of protection: information and communications, electrical power systems, gas and oil industries, banking and finance, transportation, water supply systems, emergency services and government services.
Many traditional and non-traditional adversaries of the United States-according to Louis J. Freeh, Director, FBI, today are technological sophisticated and have modified their intelligence methodologies to use advanced technologies to commit espionage. In telecommunications, even some smaller (Cuba?) intelligence adversaries now use equipment the FBI is unable to monitor.
The international terrorist threat can be divided- according again to Louis J. Freeh- in three general categories. Each poses a serious and distinct threat, and each has a presence in the United States. The first and most important category, and the concern of this study, is state-sponsored terrorism. It violates every convention of international law. State sponsors of terrorism include Iran, Iraq, Syria, Sudan, Cuba, and North Korea. Put simply, these nations view terrorism as a tool of foreign policy.
Public and private sector organizations that rely on information technologies are diverse. The result is a revolutionary and systematic improvement in industrial, services, and commercial processes. However, as commercial information technologies create advantages, their increasingly indispensable nature transforms them into high-value targets.
With very few exceptions, attacks against the nation's cyber assets can be aggregated into one of four categories: crime, terrorism, foreign intelligence, or war. Regardless of the category, any country can acquire the capability to conduct limited attacks against information systems.
Software is one weapon of information-based attacks. Such software includes computer viruses, Trojan horses, worms, logic bombs and eavesdropping sniffers. Advanced electronic hardware can also be useful in information attacks. Examples of such hardware are high-energy radio frequency(RF)weapons, electromagnetic pulse weapons, RF jamming equipment, or RF interception equipment.
Such weapons can be used to destroy property and data; intercept communications or modify traffic; reduce productivity; degrade the integrity of data, communications, or navigation systems; and deny crucial services to users of information and telecommunications systems.
The Cuban government is well aware of this vulnerability. Hence, major terrorists and intelligence services are quickly becoming aware of exploiting the power of information tools and weapons. The Cuban government is well aware of this vulnerability.
The increasing value of trade secrets in the global and domestic marketplaces, and the corresponding spread of technology, have combined to significantly increase both the opportunities and methods for conducting electronic espionage.
The security of trade secrets is essential to maintaining the health and competitiveness of critical segments of the U.S. economy. The U.S. counterintelligence community has specifically identified the suspicious collection and acquisition activities of foreign entities from at least 23 countries, including Cuba.
Cuba has acquired the capacity to conduct cyberterrorism also through simple technology transfer. There are multiple international conferences on the subject. Anyone can attend these conferences.
There is a BEAMS conference that has gone on for 20 years, a EUROEM conference that has gone on for over 20 years also. RF weapons can be made today for a cost of $800 dollars. Therefore, there is no need for a lot of power, or a lot of money to affect the infrastructure. This technology application is quite under the capabilities of Cuba's electronic development.
Electronic monitoring of communications signals will continue to be the largest and most important form of secret intelligence. Cuba's two main facilities-Lourdes and EWB- are quite capable of monitoring telecommunications in the U.S., the Caribbean, and Latin America.
Computers automatically analyze every call or data signal, and can also identify calls to a target telephone number in U.S. no matter from which country they originate. Both, Lourdes and EWB, are highly computerized. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals.
Cuba's intelligence activities against the United States have grown in diversity and complexity in the past few years. Press reports of recent espionage cases involving Russia, South Korea, China, and Cuba are just the tip of a large and dangerous intelligence iceberg.
The director of the CIA stated before the Senate Select Committee on Intelligence, 1998, that there are six countries presently conducting electronic espionage that poses a threat to the United States, they are: France, Israel, China, Russia, Iran, and Cuba.
Cuba represents a serious threat to the security of the United States in the cyberwarfare phase of terrorism.
END
Ing. Manuel Cereijo
Miami, Florida.
September 1999
Este y otros excelentes artículos del mismo autor MANUEL CEREIJO aparecen en la REVISTA GUARACABUYA con dirección electrónica de: http://www.amigospais-guaracabuya.org
|
Éste y otros excelentes artículos del mismo AUTOR aparecen en la REVISTA GUARACABUYA con dirección electrónica de: |
Si usted no es miembro de nuestra lista de distribución y quiere agregarse favor de ir a:
http://lists.guaracabuya.org/mailman/listinfo/lista y favor de seguir las instrucciones.
If you are not a member of our mailing list and wish to be included,
please go to the following link:
http://lists.guaracabuya.org/mailman/listinfo/lista and follow the instructions.
