Cyber Warfare
and Telecommunications Espionage

Dr. Manuel Cereijo *
Contribuitor
La Nueva Cuba
May 24, 2006

Communications networks are systems designed to transmit information. Computers and communications are the technology of technologies. The field is experiencing a revolution several times each decade. Important recent milestones include:

· The Internet: a network of many kinds of networks. The Internet's main importance is its capability for internetworking, allowing any user to find, touch, and connect to a large variety of networks and sources of information, users, and computational resources that each makes available.

· The computer: microprocessors are changing the shape of everything related to computing, communications and control. Home and work computers permit direct data communication from the general public.

· The television: television has become a way of life. Wristwatch television, wall-size television, high definition television, and fully interactive cable television are all available.

· The personal communication explosion: cellular phones, facsimiles, two-way pagers, palm pilots.

The most important recent dates in the field are:

1964 The electronic telephone switching system (No.1 ESS) is placed into service

1965 The first commercial communication satellite is placed into service

1968 Cable television systems are developed

1971 The first single chip microprocessor is developed

1972 The cellular phone is demonstrated to FCC

1976 Personal computers are developed

1980 The FT3 fiber optic communication is developed

1980 The compact disc (CD) is developed

1981 The IBM PC is introduced

1985 FAX machines become popular

1989 Pocket cellular phone is introduced

1990 Era of digital signal processing.

Access devices

In homes, the three main access devices deployed at this time are the telephone, the television (TV), and the personal computer (PC). Ninety six percent of U.S. households have a telephone, about 98 percent have a TV, and 55 percent have a PC. At work, the access devices are telephones and PCs. On the road, it is again the telephone, cellular, and the portable PC.

Communications occurs over public and private networks. The access devices will coexist, albeit with an increasingly powerful and flexible set of capabilities. The PC-TV combination will be basically a PC with augmented capabilities for television reception. The television is not becoming a PC, although the PC will be used as a television and telephone.

The PC's will become increasingly important as an access device. Approximately 120 million PC's were deployed in the U.S. workplace at the end of 1998, with close to 85% of them connected to a network. About 50 million were deployed in the home. Millions of portable PC's are used by mobile workers.

About 98 percent of all U.S. households have a television, of which about 80 percent of those have cable service. Terrestrial broadcast television uses wide bandwidth that potentially will help to enable other services. Broadening of access is more evident in cable television.

As digital video transmission is deployed, cable service providers will increase the capacity of their networks. This will lead to additional services, including interactive services. The existing cable system will be more hybrid fiber coaxial cable, or HFC, systems.

With 96 percent of all U.S. households having telephone service, telephone is the most used device as far as communicating- information is concerned. The telephone is also the most used device to access the networks. Cellular and personal communication service (PCS) telephones now provide increasing communications mobility to a broadening slice of society.

Cellular and PCS telephones are now commodity items for the general consumer. They are also becoming smarter, linking into computer networks for data access or for basic telephony over broad regions of the world. The system and the medium of the access devices available, of specific interest for this study are the telephone and the computer, the system used and the transmission medium. Telecommunications espionage, and computer interference and disruption, depends on the telecommunication systems in place, and the form of transmitting the information through the access devices.

Telecommunication systems are designed to transmit voice, data, or visual information over some distance. Historically, telephone systems were designed only to reproduce voice signals that originated from a distant location. Today, modern telephone systems are very sophisticated. They use large digital computers at the central office (CO) to switch calls and to monitor the performance of the system.

The telephone industry is evolving from an analog network to a digital network. The trend is to provide a digital CO and a digital network out to the remote terminal, RT. The "last mile" from the RT to the subscriber is usually analog. A new approach called the integrated service digital network, ISDN, converts the "last mile" analog subscriber line, ASL to a digital subscriber line, DSL. Hence, the digital data can be delivered directly to the subscriber premises.

There are two categories of ISDN: narrow-band or basic rate ISDN, denoted N-ISDN; broadband or primary rate ISDN, denoted B-ISDN. Twisted pair copper lines provide B-ISDN for the last mile to the subscriber since it is not financially feasible to replace all copper lines already installed (about a $100 billion dollars investment for U.S. copper line facilities) with fiber optics. Of course, fiber is installed in all new installations.

Fiber or coaxial lines are required for data rates on the order of 10 M bits or larger. The standard implementation of N-ISDN uses two –wire twisted pair telephone line. This allows existing copper pairs to be used for N-ISDN simply by connecting the ends of the pairs to the terminating equipment.

The wide-band channels used to connect the toll offices consist of three predominant types: fiber optic cable, microwave radio relay systems, and buried coaxial cable systems. Historically, open-wire pairs, which consist of individual bare wires supported by glass insulators on the cross arms of telephone poles, provided wide-band service via FDM/SSB signaling.

Occasionally, some open wire lines can still be seen along railroad tracks. Fiber optic cable with TDM/OOK signaling is now rapidly overtaking twisted pair cable, coaxial cable, and microwave relay because of its tremendous capacity and low cost.

Fiber optic cable has an information carrying capacity that is orders of magnitude greater than of copper. Although fiber has been deployed extensively in the backbone sections of telephone networks nationwide, wireline access networks comprising a mix of fiber and copper elements are now being deployed in residential areas, as mentioned above.

For such access networks a very important technical approach is now used-hybrid fiber coaxial cable, HFC. This approach, fiber optic links, connects the community head end to small neighborhoods. Traditional cable technology is then used to fan out inside each neighborhood to reach individual homes.

Another approach is called fiber to the curb, FTTC. It carries fiber to the curb in the distribution network. Then, either twisted pair copper or coaxial cables are connected from the curb to the home. FTTC systems are typical all digital. Beyond FTTC systems are systems that carry fiber all the way to the home.

However, fiber cable provides service only from one fixed point to another. Conversely, communication satellites provide wide-band connections to any point on the globe. Service to isolated locations can be provided almost instantaneously by the use of portable ground stations.

Satellite communications relay a great portion of transoceanic telephone traffic. Satellite communications can provide the relaying of data, telephone, and television signals. Most communication satellites are placed in geostationary orbit, GEO. This is a circular orbit in Earth's equatorial plane.

The orbit is located 22,300 miles above the equator so that the orbital period is the same as that of the Earth. This enables the Earth station antennas to be simplified since they are pointed in a fixed direction and do not have to track a moving object. For communication to the polar regions of the Earth, satellites in polar orbits are used, which require Earth stations with tracking antennas.

Each satellite has a number of transponders aboard to amplify the signal from the uplink and to down-convert the signal for transmission on the downlink. Newer satellites operate at a very high frequency, usually in the 14 GHz range on the uplink, and 12 GHZ on the downlink. Satellite relays provide a channel for data and telephone signaling similar to conventional terrestrial microwave radio links.

Satellite systems are now used for communication directly to personal communication systems, PCS, devices, such as hand-held portable telephones and mobile data terminals. In this case, low-Earth-orbit, LEO, satellites, which are not geosynchronous, are used. These systems provide voice, data, and facsimile service.

Since the invention of radio systems, the goal of telephone engineers has been to provide personal telephone service to individuals by using radio systems to link phone lines with persons in their cars or in the streets. With the development of integrated circuit technology this goal was achieved through the cellular phone. Each user communicates via radio from a cellular telephone set to the cell-site base station.

This base station is connected via telephone lines to the mobile telephone switching office, MTSO. The MTSO connects the user to the called party. If the called party is land base, the connection is via the central office, CO, to the terrestrial telephone network. If the called party is mobile, the connection is made to the cell site that covers in which the cell party is located, using an available radio channel in the cell associated with the called party.

On November, 1998, the Iridium constellation of low-earth orbiting (LEO) satellites made it possible to send and receive phone calls from some of the most remote locations on Earth using radio waves, a satellite, and a satellite phone. These telephones can transmit calls via the Iridium constellation and most land-based telecommunications systems.

Business networking includes interconnection of local area networks, LANs, across wide areas, as well as remote access (connection of remote sites, small offices, mobile workers, and telecommuters to corporate networks). Business networking needs network interface cards (NICs) for computers, wiring, packet switches, routers, and software.

Most networked PCs in corporations today are connected to LANs that are in turn interconnected across the public telephone system. Presently, some 90% of PCs are connected to LANs. Most of the PCs sites with a LAN are connected to the telephone system. Small office, home office, and mobile workers connect to their main workplace server through remote access.

Most of such workers do not have enough data traffic demand to justify a dedicated circuit for connection and therefore will choose to connect via one of three options: analog modems, ISDN, or frame relay.

There are about 900,000 remote offices in the United States. Among those, 96 percent have some form of remote access. The network connection is achieved using a dial-up modem, or via a router. There are some 180 million total telephone access lines. There are 95 million networked workplace PCs, as well as home-office and mobile PCs.

The complexity of the system, and the medium, raises concerns about security, which not only include telecommunications espionage and computer disruption, the issues of this study. There are considerations of mechanisms that also provide protection for the privacy of personal information, intellectual property, integrity of information and systems, and other vulnerable elements.

Security

The increasing use of general access devices makes security matters increasingly important. Although the need for security is currently appreciated more in businesses than in homes, even in businesses there is limited awareness.

There is a need for the protection of individual, business, and government privacy, and the integrity of material transmitted. Deployment issues relate to securing of infrastructure links and end-to-end applications and therefore affect all levels of the architecture and all players, including users themselves. Dependence on networking activities will broaden concerns about security.

Security of the network is an obvious concern in crises where there is an active adversary seeking to obstruct the response. This is clearly the case in warfare and in confronting terrorism. The response team must keep its plans secret from hostile parties, and it must protect its communications against denial of service. However, security needs are not limited to active, hostile situations.

Robert Kehlet, of the Defense Nuclear Agency, observed that when you operate at a federal level, though, you get access to databases and information that are very sensitive in nature. You don't want to pass that out to the world in general and make it totally and completely public accessible.

Security is essential to national-scale applications such as manufacturing and electronic commerce. It is also important in situations where sensitive information must be communicated. Many traditional ideas of network security must be reconsidered for these applications in light of the greater scale and diversity of the infrastructure and the increased role of non-experts.

On a short- term basis, new security models are needed to handle the new degree of mobility of users and possibly organizations. The usability or user acceptability of security mechanisms will assume new importance, especially those that inconvenience legitimate use too severely.

In many, perhaps all, of the national-scale applications, users can be expected to move from a security policy domain or sphere to another and have a need to continue to function. That is, for example, carrying a portable computer from the wireless network environment of one's employer into that of a customer, supplier, or competitor.

Mobile users who want to connect back to their home domain from a foreign one have several alternatives. It is likely that the local domain will require some form of authentication and authorization of users. The remote domain might either accept that authentication and authorization from the user.

In addition, such remote access may raise problems of exposure of activities, such as lack of privacy, greater potential for spoofing, or denial of service, because all communication must now be transported through environments that may not be trusted.

Unfortunately, the problems of security are very difficult to address with computational and communications facilities. Policy and steps, especially when it involves merging several different security domains, is extremely complex. It must be based on the tasks to be achieved, the probability of subversion, and the capabilities of the mechanisms available.

Satellite stations and monitoring centers are capable of telephone surveillance. A system can monitor and analyze telephone communications, which is, in fact, the largest and most important form of secret intelligence. However, it is impossible for analysts to listen to all but a small fraction of the billions of telephone calls, and other signals which might contain significant information.

But, a network of monitoring stations is able to tap all calls from a specific area, and sift out messages which sound interesting. Computers automatically analyze every message or data signal, and can also identify calls to a target telephone number.

Surveillance systems are highly computerized. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals.

Experts have assessed that, computers with network connectivity, can be entered by an electronic intruder from anywhere in the world. Gaining access to these computers through a network connection is relatively simple, costs very little, and typically involves little risks of detection. This new phase of terrorism is referred to as cyber-terrorism, and with biological warfare, represents the greatest threat of next century.

Cyberterrorism

U.S. vulnerability to info war is the major security challenge of the next century. Much more important, but not as complex as telephone espionage. Other names for cyber terrorism are: information war, technological warfare, hacking, and computer security.

Every year U.S. companies lose millions of dollars to industrial espionage and sabotage. The attacks come from outside hostile countries or organizations, business competitors, or individuals. People are not aware of how easy it is to breach security at major corporations. Even

computer experts hired by companies to make sure their systems are safe find very difficult to fight intruders.

Even military computer systems are vulnerable to intruders. The computer and Internet development are considered by many to be comparable to the development of the atomic bomb in respect to the way it may change our society and warfare. In the Gulf War, computers and telecommunications were used to knock out the Iraqi communications and electrical systems.

However, as the U.S. relies more and more in computers, we become more vulnerable to attacks. Imagine what would happen if Wall Street caught a virus that would cause their network to crash. The prospect is: if we are able to do it, others are also able to do it to us.

Cyberterrorists can attack anywhere where the physical and the virtual worlds combine. The Internet and the computer technology have made possible universal interface. Cyberterrorists can use the Internet and the computer networks to destroy, altercate, and infiltrate valuable information or systems necessary for security.

A terrorist country, such as Cuba, must make its act big enough and well known enough to achieve its goal. The person actually performing the attack can do it from his own home or lab in Cuba. He will not be harmed in the attack, he will probably not be traced, and if he messes up he learns from his mistakes and become even more dangerous when he strikes again.

Assume a possible scenario. Wall Street reports a massive loss of data as computers and backup tapes go up in smoke. ConEd and PG&E power companies' computers crash, plunging the East and West coasts into darkness. At major airports, the FAA's ATC computers crash, causing havoc across the Midwest. 911 emergency systems in major cities go down from a logic bomb. Internet traffic slows to a tickle as ISPs and telecom companies struggle with coordinated large-scale denial-of-service attacks. That's the kind of nightmare we can face. Some of these attacks have already occurred, in small scale, in various nations. Attackers, as mentioned before, can wage cyberwarfare from computers anywhere in the world.

The core problem: United States' dependence on computers makes it more vulnerable than most countries to cyber attacks. Our national infrastructure depends not only on our interconnected information systems and networks, but also the public switched network, the air-traffic control systems, the power grids and many associated control systems, which themselves depend heavily on computers and communications.

Our defense against isolated attacks and unanticipated events are inadequate. Risks include not just penetrations and insider misuse, but also insidious Trojan horse attacks that can lie dormant until triggered. Our defenses large- scale coordinated attacks are even more inadequate.

According to CIA director George Tenet in congressional testimony, June 2002, "we must rely more and more on computer networks for the flow of essential information. Trillions of dollars in financial and commerce are moving over a medium with minimal protection. The opportunity to disrupt military effectiveness and public safety, with the elements of surprise and anonymity provide plenty of incentives.”

The cyberterrorist's traditional weapons of choice include computer viruses such as, logic bombs that wake up on a certain date, worms, and Trojan horse; cracking (accessing computer systems illegally); sniffing (monitoring network traffic for passwords, credit cards, etc); social engineering (fooling people into revealing passwords and other information); and dumpster diving (sorting through the email trash). In a brief summary, there are:

· Viruses: computer viruses come in all shapes and flavors, from "harmless" prank messages to electronic forms of Ebola that chew up your data and spit it out as garbage. Some viruses infect your PC's boot sector and rewrite the sector, crippling your system. Others infect the files that launch or run most of your software, rendering your programs unusable. Others erase your computer's CMOS setup tables, making it impossible for your computer to work.

· Worms: worms are breeder programs, reproducing themselves endlessly to fill up memory and hard disks. Worms are often designed to send themselves throughout a network, making their spread active and deliberate.

· Logic bombs: logic bombs are embedded pieces of destructive code that detonate on preset dates or when a specified set of instructions is executed, unleashing destructive actions within a computer or through out a network

· Bots: bots are pieces of code designed to rove the internet and perform specific actions

· SYN: SYN attacks involve sending a torrent of connection requests to targeted sites.

· SYN flood: creates a major traffic jam at the site, cutting it off.

But a new tactic, coordinated large-scale attacks, emerged on March 2, 1998. The tactic consists of intrusion attempts involving multiple attackers working together from different IP addresses, many in different locations, and countries. The intent is to make the attacks more difficult to detect, and to increase the "firepower".

Another advanced cyberterrorist tool is monitoring computers, fax machines, printers and other devices by picking up their electromagnetic radiation. They allow cyber spies (at least one of the spies from Cuba arrested recently by the FBI in Miami was a computer engineer, expert on computational technology in Cuba) to intercept passwords and sensitive information.

Such monitors can be as far as 1 mile-or further if they have fast-Fourier-transform chips and other classified systems design by the National Security Agency, or its foreign counterparts, such as Cuba's intelligence services. There is no way to know if a system is monitored.

Information warfare attacks on computers could be classified as attacks through legitimate gateways of the computers such as the modem and the keyboard (software attacks), and attacks through other than legitimate gateways (backdoor attacks). At the current technological level, backdoor attacks can be carried out mainly by utilizing radio frequency (RF) technology and are classified as RF attacks.

Any wire or electronic component is, in fact, an unintended antenna, both transmitting and receiving. Every such unintended antenna is particularly responsive to its specific resonance frequency, and to some extent, to several related frequencies. If the objective is to eavesdrop on the device, then the electromagnetic emanations coming from functioning components of the device are received by highly sensitive receiving equipment and processed in order to duplicate information handled by the device. If the objective is to affect the device's functioning, then appropriate RF signals are transmitted to the targeted device. Producing and transmitting a signal, which would just disrupt the normal functioning of a target device, is a simple technological task, and Cuba is quite capable of producing such attacks.

It is not science fiction: weapons can zap your computer into oblivion from a distance. Radio frequency (RF) weapons are real. They consist of a power supply, transmitter, antenna. One type, referred to as HPM, generates Gigawatts of short, intense energy pulses focused into a narrow beam capable of silently burning out electronic equipment. There have been high ranked military experts testifying in Congress in relation to this matter since mid-1998.

RF weapons are also packaged as RF munitions, which use explosives to produce radio-frequency energy. In the hands of skilled Cuban scientists, these munitions come as hand grenades or mortar grounds. Potential targets of RF weapons include computer and other electronic devices used in national telecommunications systems, the national transportation system, mass media, oil and gas control and refining, civil emergency services, among several important infrastructures.

Ninety percent of our military communications now passes over public networks. If an electromagnetic pulse takes out telephone systems, we are in trouble because our military and non-military nets are virtually inseparable. The former Soviet Union developed RF weapons because of the potential to be effective against our sophisticated electronics, said retired U.S. Army Lieutenant General Robert Schweitzer in congressional testimony in June, 1998.

Russia provided this technology to several countries. China is also well ahead in this field. Since February 1999, China and Cuba have increased their military and intelligence joint activities. The presence of Chinese personnel in Cuba is now very obvious.

A new class of cyberweapon, the Transient Electromagnetic Devices (TEDs) is easier to construct and use. TEDs generate a spike-like pulse that is only one or two hundred picoseconds in length at very high power. TEDs are smaller, cheaper, required less power and are easier to build. As we will analyze later on the report, Cuban engineers have the proper technology and experience to build TEDs.

They can be built using spark-gap switches and can be assembled from automobile ignition, fuel pump and other relative available parts at a cost of $ 300 dollars. TEDs can burn out a broad range of devices, with effect on electronics systems that are similar to a lightning strike. The compact devices could fit in a briefcase, or be placed in a small van. With a six- foot backyard antenna and more advanced spark-gap units, terrorists could point them at flying aircrafts.

"The enemies of peace realize they cannot defeat us with traditional military means", President Bill Clinton, January, 1999.

*