Is Cuba behind the cyber-terrorism threat?

December 21, 2011 07:11


[W]ith American society increasingly interconnected and ever more dependent on information technology, terrorism experts worry that cyberterrorist attacks could cause as much devastation as more familiar forms of terrorism.

By Dr. Manuel Cereijo at The Americano

 

Iran's Ahmedinejad and Cuba's Raul Castro

What is cyberterrorism?

Terrorism that involves computers, networks, and the information they contain. Computer networks have been attacked during recent conflicts in Kosovo, Kashmir, and the Middle East, but the damage has mostly been limited to defaced Web sites or blocked Internet servers. However, with American society increasingly interconnected and ever more dependent on information technology, terrorism experts worry that cyberterrorist attacks could cause as much devastation as more familiar forms of terrorism.

 Is the United States vulnerable to cyberterrorism?

 Yes, but experts disagree about how large and immediate a threat cyberterrorism poses. In 1997, the Pentagon simulated a cyberattack and found that attackers using ordinary computers and widely available software could disrupt military communications, electrical power, and 911 networks in several American cities. Hacking tools and expertise have become only more widespread since then.

Is cyberterrorism the same as hacking?

No. While some people use the term “cyberterrorism” (which was coined in the 1980s) to refer to any major computer-based attack on the U.S. government or economy, many terrorism experts would not consider cyberattacks by glory-seeking individuals, organizations with criminal motives, or hostile governments engaging in information warfare to be cyberterrorism. Like other terrorist acts, cyberterror attacks are typically premeditated, politically motivated, perpetrated by small groups rather than governments, and designed to call attention to a cause, spread fear, or otherwise influence the public and decision-makers.

Hackers break in to computer systems for many reasons, often to display their own technical prowess or demonstrate the fallibility of computer security. Some on-line activists say that activities such as defacing Web sites are disruptive but essentially nonviolent, much like civil disobedience.

Why would terrorists turn to cyberattacks?

Terrorists try to leverage limited resources to instill fear and shape public opinion, and dramatic attacks on computer networks could provide a means to do this with only small teams and minimal funds. Moreover, “virtual” attacks over the Internet or other networks allow attackers to be far away, making borders, X-ray machines, and other physical barriers irrelevant. Cyberterrorists would not need a complicit or weak government (as al-Qaeda had in Afghanistan) to host them as they train and plot. On-line attackers can also cloak their true identities and locations, choosing to remain anonymous or pretending to be someone else.

Terrorists might also try to use cyberattacks to amplify the effect of other attacks. For example, they might try to block emergency communications or cut off electricity or water in the wake of a conventional bombing or a biological, chemical, or radiation attack. Many experts say that this kind of coordinated attack might be the most effective use of cyberterrorism.

What kinds of attacks are considered cyberterrorism?

Cyberterrorism could involve destroying the actual machinery of the information infrastructure; remotely disrupting the information technology underlying the Internet, government computer networks, or critical civilian systems such as financial networks or mass media; or using computer networks to take over machines that control traffic lights, power plants, or dams in order to wreak havoc.

How do cyberattacks work?

Attacks on the physical components of the information infrastructure would resemble other conventional attacks: for example, a bomb could be used to destroy a government computer bank, key components of the Internet infrastructure, or telephone switching equipment. Another option would be an electromagnetic weapon emitting a pulse that could destroy or interrupt electronic equipment.

Attacks launched in cyberspace could involve diverse methods of exploiting vulnerabilities in computer security: computer viruses, stolen passwords, insider collusion, software with secret “back doors” that intruders can penetrate undetected, and orchestrated torrents of electronic traffic that overwhelm computers—which are known as “denial of service” attacks. Attacks could also involve stealing classified files, altering the content of Web pages, disseminating false information, sabotaging operations, erasing data, or threatening to divulge confidential information or system weaknesses unless a payment or political concession is made. If terrorists managed to disrupt financial markets or media broadcasts, an attack could undermine confidence or sow panic.

Attacks could also involve remotely hijacking control systems, with potentially dire consequences: breaching dams, colliding airplanes, shutting down the power grid, and so on.

Could cyberterrorists really take control of a dam or a power plant?

Yes, although experts disagree as to how likely this is, and in any case, such a feat would be considerably harder to pull off than defacing a Web site or launching a denial of service attack. If the device that controls such a system such as a dam or power plant is connected to the Internet, it would theoretically be vulnerable to cyberhijacking, although terrorists would still need to find a way to exploit the security vulnerabilities of such machines, perhaps with help from a conspirator on the inside. In 2000, hackers working with a former employee of Gazprom, the major Russian energy company, reportedly briefly took control of the computer systems that govern the flow of natural gas through the company’s pipelines.

Does al-Qaeda have cyberterrorist capabilities?

We don’t know. Osama bin Laden’s terror network uses the Internet, encryption software, and other up-to-date information technology to link its members, plan attacks, raise funds, and spread propaganda. But using the Internet is much easier than inflicting damage through the Internet. That said, U.S. officials reportedly think that al-Qaeda has been training members in cyberattack techniques, and U.S. computer logs and data from computers seized in Afghanistan both indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure. In what may be a related development, a Pakistani group hacked into an antiterrorist Web site after September 11, posting messages expressing support for al-Qaeda and threatening to attack U.S. military Web sites. But we don’t know whether the group has ties to al-Qaeda.

Which other terrorist groups could launch cyberattacks?

We don’t know how many groups have the know-how. The Tamil Tigers have mounted on-line attacks against the government of Sri Lanka. The Japanese doomsday cult Aum Shinrikyo, which released sarin gas in the Tokyo subway system in 1995, had previously built a system for tracking Japanese police vehicles, and investigators discovered that the group possessed classified data regarding these vehicles. Other foreign terrorist organizations also use the Internet for communications and propaganda, but it’s hard to know who has cyberterrorist capabilities until they try something. Cyberattacks often lack the drama of traditional terrorist attacks, so they might not be attractive to some terrorist groups.

Could terrorist groups get help from hackers?

Yes. Rather than developing their own computer skills, terrorist groups might try to hire or trick unaffiliated hackers into helping. Experts are particularly worried about highly skilled and underpaid computer specialists from the former Soviet Union. Hackers who dislike America might also decide to perpetrate an attack independently. Following the April 2001 collision of a U.S. Navy spy plane and a Chinese fighter jet, Chinese hackers launched denial of service attacks against American Web sites.

Could states that sponsor terrorism help cyberterrorists?

Conceivably, although highly skilled individual hackers would probably offer better help. The assets states can offer terrorists—funding, training, logistical support, and so on—would matter less for most cyberattacks than for attacks involving conventional weapons or weapons of mass destruction.

Are any state sponsors of terrorism capable of waging war in cyberspace?

Yes. According to a report by Dartmouth University’s Institute for Security Technology Studies, at least four of the seven countries listed by the State Department as sponsors of terrorism have cyberwarfare programs: North Korea and Cuba are developing them. Cuba has the Bejucal Base, capable of producing cyber attacks.  Many other countries, including the United States, Russia, and China, have cyberwarfare programs as part of their military apparatuses.

What can be done to protect against cyberterrorism?

Experts stress vigilance about computer security: patching security flaws quickly once they’re detected, designing systems to withstand attacks, backing up systems off-site so they can bounce back quickly from a disruption, watching for disgruntled employees who might help terrorists penetrate a system.

What is the U.S. government doing to protect against cyberterrorism?

Most of America’s information infrastructure is privately owned and administered, so any government effort requires coordination and information sharing with the private sector. In 1998, the FBI established the National Infrastructure Protection Center to assess cyberthreats and improve communication between government and private information-security officials. Other law enforcement agencies and military branches also have programs to defend the national information infrastructure.

Can individual computer users do anything to combat cyberterrorism?

Yes. Individual computer owners can become unwitting accomplices to denial of service attacks. Information technology experts say that maintaining good security—using a firewall and virus protection software, avoiding suspicious email and programs—can help prevent or minimize cyberattacks.

Cuba: The Threat

Cuba is not a challenge or a threat to the United States with conventional weapons on a conventional battlefield. It never was, not even at its military peak of the 1970′s. However, Cuba is a real threat to the United States with non-traditional weapons.

Background

Cuba has surprising talent and experience in the areas of electronics, computers, computer software and data processing. The country benefited from its association with the former Soviet Union, and some European countries, which turned out many skilled electrical and computer engineers, as well as technicians.

Cuba’s electronic industry has its origins in the mid-1960s when the Ministry for Iron and Steel Machinery (SIME) began assembly of radios from imported parts. In 1974 SIME started producing black-and-white television sets. Then came a plant to produce batteries (1975), telephone switchboards (1981), and color television sets (1985). In 1985 SIME also started production of semiconductors.

In 1976 a separate electronics institute was created, the National Institute of Automated Systems and Computer Skills (INSAC). In 1994 INSAC was incorporated into the newly created Ministry of Steel, Heavy Machinery and Electronics. The Ministry of Communications is also responsible for small-scale production of certain electronics-related products.

The entity Cuba Electronica was created in January 1986 as part of the Foreign Trade Ministry. It is responsible for importing electronic equipment and exporting computers, peripherals, semiconductors and software.

 

An Irish expert says that the Cuban information-technology industry matches that of the Republic of Ireland, which has been particularly successful in persuading a range of information technology companies to establish their European base in Cuba.

 

One of the most advanced areas of the electronics industry in Cuba is production of medical equipment. The Central Institute for Digital Research (ICID), in collaboration with the Biotechnology Centers, has developed high technology medical equipment including the Cardiocid-M, an electrocardiographic system for diagnosing cardiovascular system diseases; Neorocid, an electromyographic and electro-neurographic system for diagnosing peripheric nervous system diseases, and various applications for high- technology genetic engineering research.

The main developments of Cuba’s electronic industry occurred between 1975 and 1989. Among others:

  • Computer equipment plant, established in 1978, with a 4,300 square meters production area
  • Printed circuit board plant, established 1982, with a 4,900 square meters production area
  • Electronic modules production plant, with 4,000 square meters production area
  • Mechanical production plant, with 7,500 square meters  production area
  • Monitors and television set plant, established in 1975, with an annual capacity of 100,000 units
  • Alphanumeric keyboards plant, established in 1988, equipped to produce keyboards compatible with IBM, DEC and other microcomputer systems. Production capacity of 250,000 units per year
  • Printed circuit boards plant, which can produce 35,000 square meters per year of circuit boards. It uses Betamax material and carries out the printing by serigraphy.
  • Electronic Research and Development Center, established in 1985.
  • Electronic Components Complex, (CCE), produces active and passive components, established in 1985.
  • Medical equipment complex, established in 1989. Produces instruments and equipment for the Biotechnology Centers.

Computing in Cuba dates back to the mid- 1950s when two first generation U.S. computers were installed. During the 1960s came computers from France, followed by Soviet and East- European systems. During the 1970s Cuba embarked on a program to develop its own second minicomputers based on Digital’s PDP-11.

Most of Cuba’s early computer specialists were trained in East Germany and the Soviet Union. In mid 1980s two main centers of computational research were established one at the CUJAE and the other at Universidad Central de Las Villas.

Cuba has also developed computer networks. Presently, there are four networks with international connectivity: CENIAI, Tinored, CIGBnet, Infomed. CENIAI began networking in 1986, and has had a UUCP link to the Internet since 1992. They currently offer email, database access, and programming and consulting services. CIGBnet is the network of the Center for Genetic Engineering and Biotechnology. It began in 1991 and provides email, database access, a biological sequence server.

Since 1991, there has been a surplus of electrical and computer engineers in Cuba due to the closing of many industries. Many of these engineers changed their lines of work to the areas of telecommunications espionage and computer interference and disruption, in special centers created by the government.

A large group of them received specialized training in Russia, Vietnam, North Korea and China As a result, a significant engineering and technical staff is now dedicated to research, development and application on these areas.

The Beginning

Prior to the August 1991 coup attempt, the KGB was developing computer viruses with the intent of using them to disrupt computer systems in times of war or crisis. In early 1991, a highly restricted project was undertaken by a group within the Military Intelligence Directorate of Cuba’s Ministry of the Armed Forces.

The group was instructed to obtain information to develop a computer virus to infect U.S. civilian computers. The group spent about $5,000 dollars to buy open-source data on computer networks, computer viruses, SATCOM, and related communications technology. These efforts have continued to be made, now in a much larger scale, and could potentially cause irreparable harm to U.S. defense system.

The project is under the direction of Major Guillermo Bello, and his wife, Colonel Sara Maria Jordan, both of the Ministry of the Interior. Several well- known Cuban engineers were sent to work in this group. The engineering effort is led by engineers Sergio Suarez, Amado Garcia, and

Jose Luis Presmanes. Several computational centers have been created at either universities or research centers through Cuba, where highly secret research and development activities are conducted. The developments of malicious software requires little in the way of resources- a few computers and an individual or group with the appropriate expertise-making a malicious software R&D program easy to support as well as to hide.

According to reports, Dutch teenagers gained access, apparently through an Internet connection to computer systems at 34 DOD sites, including the Air Force Weapons Laboratory, the David Taylor Research Center, the Army Information Systems Command, and the Navy Ocean Systems Center during operations Desert Shield Storm.

They were snooping in sensitive rather than classified military information. The intrusions normally involved broad-base keywords searches including such words as “rockets”, “missiles”, and “weapons”.

They exploited a trap door to permit future access and modified and copied military information to unauthorized accounts on U.S. university systems. Although no “customer” was identified, the data collected could have been sent electronically anywhere in the world. At that time, some Cuban engineers were receiving specialized training in Holland, Sweden, and Austria.

Cuba: Low Energy Radio Frequency

It is quite possible, and probable, that Cuba is doing research and development on low level radio frequency weapons, or LERF. This technology utilizes relatively low energy, which is spread over a wide frequency spectrum. It can, however, be no less effective in disrupting normal functioning of computers as the high energy RF, or HERF due to the high probability that its wide spectrum contains frequencies matching resonance frequencies of critical components.

Generally, the LERF approach does not require time compression, nor does it utilize high tech components. LERF impact on computers and computer networks could be devastating. One of the dangerous aspects of a LERF attack on a computer is that an unprotected computer would go into a “random output mode”.

Different kinds of LERF weapons have already been used over the years, primarily in Eastern Europe. This is one of the reasons it is highly probable that Cuba is active in the development of such weapons. For instance, during the Czechoslovakian invasion of 1968, the Soviet military received advanced notice that Czechoslovakian anti-communist activities had been wary of relying on the telephone communications.

These telephone communications were controlled by the government. They prepared to use radio transceivers to communicate between their groups for coordination of their resistance efforts.

During the invasion Soviet military utilized RF jamming aircraft from the Soviet air force base in Stryi, Western Ukraine. The aircraft jammed all the radio spectrum, with the exception of a few narrow pre-determined “windows” of RF spectrum utilized by the invading Soviet army.

Another example of a LERF attack was the KGB’s manipulation of the United States Embassy security system in Moscow in the mid-80s. The security system alarm was repeatedly falsely triggered by the KGB’s induced RF interference several times during the night. This was intent to annoy and fatigue the marines and to cause the turning of the “malfunctioning” system off.

A small group of agents from Cuba, well trained, can put components from Radio Shack, for example, inside a van or a pick up truck, with an antenna. And that is really what an RF weapon looks like, a radar or antenna showing, and drive it around a building, be the White House, the Pentagon, or the FAA facility and pulse.

They can fire, and re-fire, as long as the generator has power. The radiation goes through concrete walls. Barriers are not resistant to them. They will either burn out or upset all the computers or the electronic gear of the targeted building. They are absolutely safe to human beings.

Another aspect of offensive RF technology is its traditional application in information intercept or eavesdropping. Traditionally, the Soviet Union and Russia have placed high priority on the development and use of this technology. Changes of last decade in Russia impacted the KGB, which has been split into independent parts.

The 8th and 16th Directorates, roughly representing Russian equivalent of the NSA, became an independent agency, the Federal Agency of Government Communications and Information (FAPSI). FAPSI is directly subordinate to the President of Russia.

In a wave of privatization, FAPSI was partially privatized as well. Some of the leading FAPSI experts left the agency and founded private security companies. These companies are fully capable of carrying out any offensive operations and serve as consultants to previous ally countries.

There is also a close cooperation between FAPSI and its private spin-off companies. The private companies can provide the FAPSI with some of the products of their intercept, while FAPSI can also share some of its products, along with personnel and equipment, including its powerful and sophisticated facilities, such as the Lourdes in Cuba, for a very productive long-range intercept.

This situation can easily put American private business in a highly unfavorable competitive position since the end of the Cold War somewhat shifted goals, objectives, and some targets of the FAPSI toward a heavier emphasis on intercept of technological, commercial and financial information.

It can take a few days to build a LERF weapon. It takes a few weeks or a few months to establish a successful collection of information through RF intercept. But several countries, including Cuba, have the capacity to do so.

Cuba: Lourdes Base (dismantled in 2002)

At Lourdes, a suburb of La Habana, south of Centro Habana, and close to Jose Marti’s airport, there is a Russian sophisticated electronic espionage base. It encompasses a 28 square mile area and employs some 1,500 Russian engineers, technicians and staff. A satellite view of Lourdes, 1996, is included

There are two fields of satellite dishes. One group listens in to general U.S. communications. The second group is used for targeted telephones and devices. The areas are designated “Space Associated Electronics Area North” and “Space Associated Electronics Area South”. There is also an HO/Administration Area, and a Vehicle/Equipment Maintenance Area.

The Russians have spent over $3 billion dollars on Lourdes. In 1996 they started to upgrade the facilities, in some $250 million dollars. Presently, they have state- of- the art equipment. The computers at the base are programmed to listen for specific phone numbers-when they detect these lines are in use the computers automatically record the conversations on transmissions.

The upgrading now includes voice recognition facilities, that is, computers recognize certain targeted voice spectrum, and when so, they automatically record the conversations. Also facsimiles are detected, as well as computer data.

At present, Lourdes is an even more important asset for Russia in its efforts to spy on the United States than it was during the Cold war. Lourdes receives and collects intercepts by spy satellites, ships and planes in the Atlantic region, making it a full fledge regional command and control center.

The use of the intelligence garnered by Lourdes is not limited to penetrating secret U.S. military operations. Its targets also include the interception of sensitive diplomatic, commercial and economic traffic, and private U.S. telecommunications.

The strategic significance of the Lourdes facility also has grown dramatically since the order from Russian Federation President, Boris Yeltsin, of February 7, 1996 demanding that the Russian intelligence community step up the theft of American and other Western economic and trade secrets.

The director of the Defense Intelligence Agency told the Senate Intelligence Committee in August 1996, “Lourdes is being used to collect personal information about U.S. citizens in the private and government sectors”. The signal intelligence complexes operated by Russia at Lourdes also offers the means by which to engage in cyberwarfare against the United States.

Cuba: Bejucal Base

In 1995, Russia started the construction of an espionage base to be operated by the Cubans. The base is located at Bejucal, south of La Habana. The agreement, and the supervision of the entire project, was directed by General Guillermo Rodriguez del Pozo. Equipment for the base was shipped secretively from Russia through the port of Riga, in Latvia. This country does not have an embassy in Cuba. However, Cuba maintains a large embassy, over 50 persons, in Latvia

The base is now fully operational, similar but smaller than Lourdes, and with all state-of-the-art equipment. The unit is referred to by some as The Electronic Warfare Battalion, EWB. The request for the base came because Cuba does not have access to Lourdes. They only get copies of the Russian intelligence summaries on issues that could affect the nation’s security.

Cuba Bejucal’s Base is very powerful, and it has the capabilities, besides running signals intelligence operations, that is, eavesdropping, of conducting cyberwarfare. The Interior Ministry’s General Directorate for Intelligence is in charge of the Base.

It also runs a smaller center, located at Paseo, between 11th and 13th streets, in Vedado, La Habana. The center is mainly radio listening and transmitting, and for limited telephone espionage.

The Electronic Warfare Battalion has the necessary equipment to interfere Radio and TV Marti, and the equipment to interfere TV Marti if it transmits in UHF. The equipment is not used as yet. However, the base has offensive jamming capabilities, capable of disrupting communications deep inside the United States. This is indeed a unique facility because of its size and location and capability.

Interference of Radio and TV Marti is now disseminated through the Island, in what is called project Titan. In charge now of Chinese personnel, which since March 1999 has also taken partially over the operations of the Bejucal base, or EWB.

Early in 1999, the Pentagon’s military computer systems were subject to ongoing, sophisticated and organized cyber attacks. Officials stated that this latest series of strikes at defense networks was a coordinated effort coming from abroad. Deputy Defense Secretary John Hamre, who oversees all Pentagon security matters, confirmed the attacks have been occurring since 1998.

Secretary Hamre called them a “major concern.” Officials believe some of the most sophisticated attacks are coming from a country routing through Russian computer addresses to disguise their origin.

The probes and attacks are also against U.S. military research and technology systems-including the nuclear weapons laboratories run by the Department of Energy. Rep. Curt Weldon, R-Pa., chairman of the House Armed Services research and Development Subcommittee stated “What we have been seeing in recent months is more of what could be a coordinated attack…that could be involved in a very planned effort to acquire technology and information about our systems in a way that we have not seen before.”

These attacks coincide with the fact that the Bejucal base is fully operational, and also with the new presence of China military and intelligence personnel in Cuba.

 

Rep. Curtis Weldon also stated “it is not a matter of if America has an electronic Pearl Harbor, it is a matter of when”. For two days in January, 1999, cyber attacks were made into military computers at Kelly Air Force Base in San Antonio-the center for the most sensitive Air Force intelligence, the kind of information critical to American troops abroad.

 

Joseph Santos, also known as “Mario”, one of the persons arrested by the FBI in an alleged spy ring, on September 1998, is an electrical and computer engineer, with great expertise in computer networks, and member until 1996 of a research computational center in a University in Cuba.

According to the indictment, Santos’ assignment was to infiltrate the new U.S. Southern Command headquarters in West Dade.  He had, as his fundamental assignment, the penetration of the headquarters of said command. Maps of several cities, including San Antonio, were found in his apartment. It is a fact that Lourdes, Wajay, Santiago’s farm,  and the EBW bases, are a threat to the U.S. security, capable of intercepting not only U.S. military secrets but also commercial and trade intelligence.

 

Dr. Manuel Cereijo at The Americano



Help Make A Difference By Sharing These Articles On Facebook, Twitter And Elsewhere: