THE NEW THREAT: A MASSIVE CYBER ATTACK

By Manuel Cereijo


NOVEMBER 2001

PREAMBLE


One of the most publicized threats to security is the intruder. The other is viruses. Intruders attempt to read privileged data, perform unauthorized modifications to data, or disrupt systems. High level intruders use sophisticated technology to intrude and have aa willingness to spend countless hours "turning knobs" to probe for weaknesses.

However, the main concern at this moment, in my opinion, are viruses and related threats. For which Cuba has been getting ready since 1991. ( Partially unclassified CIA document). We will analyze the spectrum of cyber threats from Cuba and other terrorist governments.


SOFTWARE

We are concerned with application programs as well as utility programs, such as editors and compilers.


A. MALICIOUS PROGRAMS

These threats can be divided into two categories: those that need a host program, and those that are independent. We can also differentiate between those software threats that do not replicate and those that do. The former are fragments of programs that are to be activated when the host program is invoked to perform a specific function. The latter consist of either a program fragment (virus) or an independent program ( worm, bacterium) that, when executed, may produce one or more copies of itself to be activated later on the same system or some other system.


B. TRAP DOORS

A trap door is a secret entry into a program that allows someone that is aware of the trap door to gain access without going through the usual security access procedures. Trap doors have been used legitimately for years by programmers to debug and test programs.

The trap door was the basic idea for the vulnerability portrayed in the movie War Games.. Another example is that during the development of Multics, penetration tests were conducted by an Air Force "tiger team"(simulating adversaries). One tactic employed was to send a bogus operating system update to a site running Multics. The update contained a Trojan horse that could be activated by a trap door and that allowed the tiger team to gain access.


C. LOGIC BOMBS

One of the oldest types of program threat, predating viruses and worms, is the logic bomb. The logic bomb is code embedded in some legitimate program that is set to "explode" when certain conditions are met. Examples of conditions that can be used as triggers for a logic bomb are the presence or absence of certain files, a particular day of the week, or date, or a particular user running the application.

Once triggered, a bomb may alter or delete data or entire files, cause a machine halt, or do some other damage. D. TROJAN HORSES

A Trojan horse is a useful, or apparently useful, program or command procedure containing hidden code that, when invoked, performs harmful functions. Trojan horse programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. A common motivation for the Trojan horse is data destruction. The program appears to be performing a useful function, but it also be quietly deleting the user's file.


VIRUSES

A virus is a program that can "infect" other programs by modifying them. The modification includes a copy of the virus program, which can then go on to infect other programs. Like its biological counterpart, a computer virus carries in its instructional code the recipe for making perfect copies of itself.

Lodged in a host computer, the typical virus takes temporary control of the computer's disk operating system. Then, whenever the infected computer comes into contact with an uninfected piece of software, a fresh copy of the virus passes into the new program. The infection can be spread from computer to computer by unsuspecting users, who either swap disks or send programs to one another over a network. The area of viruses is one where Cuba has done more development creating new versions, and new delivering techniques.

During its lifetime, a typical virus goes through the following four stages:

Dormant phase: The virus is idle. The virus will eventually be activated, by some event, or date. Not all viruses have this stage

Propagation phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.

Triggering phase: The virus is activated to perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.

Execution phase: The function is performed.


TYPES OF VIRUSES

Parasitic virus: The traditional and still most common form of virus.

Memory-resident virus: Lodges in main memory as part of a resident system program.

Boot sector virus: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus

Stealth virus: A form of virus explicitly designed to hide itself from detection by antivirus software

Polymorphic virus: A virus that mutates with every infection, making detection by the signature of the virus impossible. THIS IS ONE TYPE WHICH CUBA HAS DONE EXTENSIVE DEVELOPMENT.


CUBA'S CYBER DEVELOPMENT


Background

Cuba has surprising talent and experience in the areas of electronics, computers, computer software and data processing. The country benefited from its association with the former Soviet Union, and some European countries, which turned out many skilled electrical and computer engineers, as well as technicians.

Cuba's electronic industry has its origins in the mid-1960s when the Ministry for Iron and Steel Machinery (SIME) began assembly of radios from imported parts. In 1974 SIME started producing black-and-white television sets. Then came a plant to produce batteries (1975), telephone switchboards (1981), and color television sets (1985). In 1985 SIME also started production of semiconductors.

In 1976 a separate electronics institute was created, the National Institute of Automated Systems and Computer Skills (INSAC). In 1994 INSAC was incorporated into the newly created Ministry of Steel, Heavy Machinery and Electronics. The Ministry of Communications is also responsible for small-scale production of certain electronics-related products.

The entity Cuba Electronica was created in January 1986 as part of the Foreign Trade Ministry. It is responsible for importing electronic equipment and exporting computers, peripherals, semiconductors and software.

An Irish expert says that the Cuban information-technology industry matches that of the Republic of Ireland, which has been particularly successful in persuading a range of information technology companies to establish their European base in Cuba.

One of the most advanced areas of the electronics industry in Cuba is production of medical equipment. The Central Institute for Digital Research(ICID) in collaboration with the Biotechnology Centers, has developed high technology medical equipment including the Cardiocid-M, an electrocardiographic system for diagnosing cardiovascular system diseases; Neorocid, an electromyographic and electro-neurographic system for diagnosing peripheric nervous system diseases, and various applications for high- technology genetic engineering research.

The main developments of Cuba's electronic industry occurred between 1975 and 1989. Among others:

· Computer equipment plant, established in 1978, with a 4,300 square meters production area

· Printed circuit board plant, established 1982, with a 4,900 square meters production area

· Electronic modules production plant, with 4,000 square meters production area

· Mechanical production plant, with 7,500 square meters production area

· Monitors and television set plant, established in 1975, with an annual capacity of 100,000 units

· Alphanumeric keyboards plant, established in 1988, equipped to produce keyboards compatible with IBM, DEC and other microcomputer systems. Production capacity of 250,000 units per year

· Printed circuit boards plant, which can produce 35,000 square meters per year of circuit boards. It uses Betamax material and carries out the printing by serigraphy.

· Electronic Research and Development Center, established in 1985.

· Electronic Components Complex, (CCE), produces active and passive components, established in 1985.

· Medical equipment complex, established in 1989. Produces instruments and equipment for the Biotechnology Centers.

Computing in Cuba dates back to the mid- 1950s when two first generation U.S. computers were installed. During the 1960s came computers from France, followed by Soviet and East- European systems. During the 1970s Cuba embarked on a program to develop its own second minicomputers based on Digital's PDP-11.

Most of Cuba's early computer specialists were trained in East Germany and the Soviet Union. In mid 1980s two main centers of computational research were established one at the CUJAE and the other at Universidad Central de Las Villas.

Cuba has also developed computer networks. Presently, there are four networks with international connectivity: CENIAI, Tinored, CIGBnet, Infomed. CENIAI began networking in 1986, and has had a UUCP link to the Internet since 1992. They currently offer email, database access, and programming and consulting services. CIGBnet is the network of the Center for Genetic Engineering and Biotechnology. It began in 1991 and provides email, database access, a biological sequence server.

Since 1991,there has been a surplus of electrical and computer engineers in Cuba due to the closing of many industries. Many of these engineers changed their lines of work to the areas of telecommunications espionage and computer interference and disruption, in special centers created by the government.

A large group of them received specialized training in Russia, Vietnam, North Korea and China As a result, a significant engineering and technical staff is now dedicated to research, development and application on these areas.


The beginning

Prior to the August 1991 coup attempt, the KGB was developing computer viruses with the intent of using them to disrupt computer systems in times of war or crisis. In early 1991, a highly restricted project was undertaken by a group within the Military Intelligence Directorate of Cuba's Ministry of the Armed Forces.

The group was instructed to obtain information to develop a computer virus to infect U.S. civilian computers. The group spent about $5,000 dollars to buy open-source data on computer networks, computer viruses, SATCOM, and related communications technology.

This is a Declassified CIA document.


Cuba: Bejucal base

In 1995, Russia started the construction of an espionage base to be operated by the Cubans. The base is located at Bejucal, south of La Habana. The agreement, and the supervision of the entire project, was directed by General Guillermo Rodriguez del Pozo. Equipment for the base was shipped secretively from Russia through the port of Riga, in Latvia. This country does not have an embassy in Cuba. However, Cuba maintains a large embassy, over 50 persons, in Latvia.

The base is now fully operational, similar but smaller than Lourdes, and with all state-of-the-art equipment. The unit is referred to by some as The Electronic Warfare Battalion, EWB. The request for the base came because Cuba does not have access to Lourdes. They only get copies of the Russian intelligence summaries on issues that could affect the nation's security.

Cuba Bejucal's Base is very powerful, and it has the capabilities, besides running signals intelligence operations, that is, eavesdropping, of conducting cyberwarfare.The Interior Ministry's General Directorate for Intelligence is in charge of the Base.

It also runs a smaller center, located at Paseo, between 11th and 13th streets, in Vedado, La Habana. The center is mainly radio listening and transmitting, and for limited telephone espionage.

The Electronic Warfare Battalion has the necessary equipment to interfere Radio and TV Marti, and the equipment to interfere TV Marti if it transmits in UHF. The equipment is not used as yet. However, the base has offensive jamming capabilities, capable of disrupting communications deep inside the United states. This is indeed a unique facility because of its size and location and capability.

Interference of radio and TV Marti is now disseminated through the Island, in what is called project Titan. In charge now of Chinese personnel, which since March 1999 has also taken partially over the operations of the Bejucal base, or EWB.

Early in 1999, the Pentagon's military computer systems were subject to ongoing, sophisticated and organized cyber attacks. Officials stated that this latest series of strikes at defense networks was a coordinated effort coming from abroad. Deputy Defense Secretary John Hamre, who oversees all Pentagon security matters confirmed the attacks have been occurring since 1998.

Secretary Hamre called them a "major concern". Officials believe some of the most sophisticated attacks are coming from a country routing through Russian computer addresses to disguise their origin.

The probes and attacks are also against U.S. military research and technology systems-including the nuclear weapons laboratories run by the Department of Energy. Rep. Curt Weldon, R-Pa., chairman of the House Armed Services research and Development Subcommittee stated "What we have been seeing in recent months is more of what could be a coordinated attack....that could be involved in a very planned effort to acquire technology and information about our systems in a way that we have not seen before".

These attacks coincide with the fact that the Bejucal base is fully operational, and also with the new presence of China military and intelligence personnel in Cuba.

Rep. Curtis Weldon also stated "it is not a matter of if America has an electronic Pearl Harbor, it is a matter of when". For two days in January, 1999, cyber attacks were made into military computers at Kelly Air Force Base in San Antonio-the center for the most sensitive Air Force intelligence, the kind of information critical to American troops abroad.

Joseph Santos, aka "Mario", one of the persons arrested by the FBI in an alleged spy ring, on September 1998, is an electrical and computer engineer, with great expertise in computer networks, and member until 1996 of a research computational center in a University in Cuba.

According to the indictment, Santos' assignment was to infiltrate the new U.S. Southern Command headquarters in West Dade. He had, as his fundamental assignment, the penetration of the headquarters of said command. Maps of several cities, including San Antonio, were found in his apartment.


CONCLUSION

The new threat to be expected from Cuba and other terrorist nations is a cyber terrorism attack, to try to disrupt the main networks and computer facilities of the United States.


END


Manuel Cereijo
ingmca@aol.com

Este y otros excelentes artículos del mismo AUTOR aparecen en la REVISTA GUARACABUYA con dirección electrónica de:

www.amigospais-guaracabuya.org


Éste y otros excelentes artículos del mismo AUTOR aparecen en la REVISTA GUARACABUYA con dirección electrónica de:

www.amigospais-guaracabuya.org