An interesting article from The Wall Street Journal confirmed what I have been writing in my posts since a couple of weeks: Mobile Technologies are destined to play a crucial role in modern conflicts (what I defined Mobile Warfare) and the traditional Military Corps of Engineers will necessarily have to be complemented by Corps of Network and Security Engineers dedicated to establish and maintain connectivity in war zones.
This is exactly what happened in Libya where the rebels, with the support of a Libyan-American telecom executive Ousama Abushagur and oil-rich Arab nations, were able to hijack Libyana Phone Network, the cellular network owned by one of the Colonel’s sons, to steal from Libyana a database of phone numbers, and to build from (partial) scratch a new cell network serving 2 million Libyans, renamed “Free Libyana”. This action was aimed to restore internal Cellular communications after Gaddafi shut down the country’s cellular and data networks.
The operation was led from Abu Dhabu by Ousama Abushagur, a 31-year-old Libyan telecom executive. Mr. Abushagur and two childhood friends started fund-raising on Feb. 17 to support the political protests that were emerging in Libya. During one mission to bring humanitarian aid convoys to eastern Libya, they found their cellphones jammed or out of commission, making nearly impossible planning and logistics. This was the reason why Mr.Abushagur decided to draw a plan for hijacking the Libyana Network, divert the signal and establish a new backbone free of Tripoli’s control, also with the intention to provide backing to the rebels forces which were beginning to feel the effects of the loyalist counteroffensive.
In a race against time to solve technical, engineering and legal challenges, U.A.E. and Qatar (whose officials didn’t respond to requests for comment) provided diplomatic (and economical) support to buy the telecommunications equipment needed in Benghazi. A direct support was provided also by Etilsat, Emirates Teleccomunications Corporation, which refused to comment as well). The support of the Gulf nation was necessary also because, meanwhile, it looks like that Huawei Technologies Ltd., the Chinese Company among the original contractors for Libyana’s cellular network backbone, refused to sell equipment for the rebel project, causing Mr. Abushagur and his engineers to implement a hybrid technical solution to match other companies’ hardware with the existing Libyan network.
By March 21, most of the main pieces of equipment had arrived in the U.A.E. and Mr. Abushagur shipped them to Benghazi with a team composed by three Libyan telecom engineers, four Western engineers and a team of bodyguards: the Corps of Network Engineers committed to build the new infrastructure in the war zone.
Since Col. Gaddafi’s forces were bombing the rebel capital, Mr. Abushagur diverted the Corps of Network Engineers and their equipment to an Egyptian air base on the Libyan border (another indirect show of Arab support for rebels). Once in Libya, the Corps paired with Libyana engineers and executives based in Benghazi. Together, they fused the new equipment into the existing cellphone network, creating an independent data and routing system free from Tripoli’s command. To be free from Tripoli was also a security requirement, since Col. Gaddafi had built his telecommunications infrastructure in order to route all calls (and data) through the capital in order to be easily intercepted and eavesdropped.
After implementing the network, the new Telco had to attract “customers”. A war zone is not the ideal place for advertisement, so nothing better than capturing the Tripoli-based database of phone numbers, and inserting Libyana customers and phone numbers into the new system called “Free Libyana.” The last piece of the puzzle was securing a satellite feed, through Etisalat, with which the Free Libyana calls could be routed.
An important detail: all the operation was successfully performed without the support of allied forces, the result is that rebels now can use cellphones to communicate between the front lines and opposition leaders.
If for a moment we forget that we are speaking about cellular networks, we could assimilate this event as part of a civil war operation, in which friendly countries and dissidents from abroad endeavor to provide weapons to rebels in order to turn the tide of a conflict (examples of which the history is full). In this circumstance this operation did not turn the tide of the conflict (at least so far but mobile warfare, while important, has still a smaller weight in a conflict than real warfare), nevertheless, for sure, restored mobile communications are supporting the leaders of the rebellion to better communicate among them and to better organize the resistance against the loyalists: as a matter of fact the March cutoff forced rebels to use flags to communicate on the battlefield. I will never tire of saying that the events in the Mediterranean area do (and did) not rely solely on conventional weapons but also on weapons of communications (the mobile warfare) through which rebels forces provided abroad the information necessary to witness exactly the brutal internal events and rallied international backing.
After so much theory depicted in my posts, finally the first real and meaningful example of the importance of mobile warfare in the events of Northern Africa, and that example! One single event has unleashed the importance of mobile technologies in war zone and the crucial role played by specialized teams dedicated to establish and maintain communications: the Corps of (Network and Security) Engineers.
I spent some time in reading the declarations of Comodo Hacker, the alleged author of the fake Certificates issued by mean of the compromising of a couple of (sigh!) Italian Comodo Partners, and I found some very interesting points far beyond the single event.
Actually, it had been clear from the beginning that the attack had been performed from an Iranian ISP, feeding the hypothesis of an Iranian Cyber Army action aimed to intercept emails from dissidents in a quite troubled moment from the Middle East after the winds of change blowing from the Maghreb.
Anyway Comodo Hacker was anxious to quickly put the record straight, declaring he was the only author of the attack, and, if one just wanted to involve an army on the event, had to consider that he was the only army, being able to rely on his own experience of 1000 programmers, 1000 project managers, 1000 hackers:
Now, even if the political connotation of the message still makes me think that behind this act there might be a real cyber army (but this is my personal opinion), this is not the real point. The real point is that this attack occurred as a kind of revenge against Stuxnet, and more in general the fact, supported by Comodo Hacker, that the U.S. and Israel where behind it.
Fight fire with fire, fight code with code…
The attack to Comodo Certificates has left a wide impact in the INFOSEC world and probably things will not be the same anymore since in few days all the strongholds, the identity security model relied on, have been miserably compromised (I took the liberty to add the RSA affaire to this event even if there is no evidence so far of a political matrix behind it). But there is another interesting point, and it is the third law of motion (you will not probably know I was a physic in my previous life) which, with not too much imagination, could be applied to infosec as well, if one considers the events that are happening: “the mutual forces of action and reaction between two bodies are equal, opposite and collinear”, which, in few and simple words should sound as: “to every cber-action corresponds an equal and opposite cyber-reaction”. If this is true, this means to me, as an infosec professional, that we will have to get used to similar cyber actions. Also from this point of view things will not be the same anymore…
Armed with this awareness, my mind runs inevitably among the dunes of the Libyan desert, where a civil war is being fought, now sadly familiar to all. Let me fly (but not too much) with my imagination and think that the Civil War will end up with the exile of Mr. Muammar Gaddafi. In this case it is likely to expect that he will find his revenge, not only with real terrorists act, but also with (cyber)terrorist acts, in the wake of the Comodo affaire, which, even if related to Iran, is the first known example of a cyber-terrorist act strictly related not only to the Stuxnet attack, but also to the movements flooding from Maghreb to Middle East, what I called the Mobile Warfare due to the primary role played by the mobile technologies inside these events.
We don’t have privacy in internet, we don’t have security in digital world, just wait and see… These lines can be considered as a kind of Declaration of Cyber-war against everything…
Targets of Cyberwar
Nowadays everything has a stream of bit inside and as a matter of fact is vulnerable to malware. What is happening in Libya (and the consequences on our energy bills), together with the risk of nuclear meltdown in Fukushima is pushing the so called Western world to reconsider its energy policy and accelerate the development of Smart Grids in order to promote a better, wiser use of energy. In these circumstances compromising an energy facility would have a huge practical and symbolic impact (do you remember the Night Dragon APT, tailored specifically for Oil Facilities?), that is the reason why, in my opinion, the first targets of this Cyber-terrorism reaction will be energy utilities. Few weeks ago I wrote an article (in Italian) concerning vulnerabilities and security of Smart Grids, which can be considered the “world of unknown” from a security perspective since they adopt an Internet open model to interconnect old legacy SCADA systems and, to make matters worse, the structures that govern the IT world and the SCADA world have a silo-ed approach being often mutually suspicious against each other. As a dark omen, few days later, a list of 34 0-day SCADA vulnerabilities was released by Luigi Auriemma, an Italian Researcher.
Think about it: compromising a smart grid with a SCADA malware could have potentially devastating consequences and should sound as a kind of dark revenge: imagine an Iranian SCADA malware sabotaging the energy facilities of U.S., and more in general the facilities the Western World is building to cut the umbilical cord that ties him strictly to the Middle East countries (that often are also the hottest as far as the political temperature is concerned).
Moreover, the development of electric vehicles will further complicate the scenario since they will be able to interconnect Directly to Home Area Networks (the borderline of Smart Grids), offering an unexpected (and probably not so complicated) ingress point for Cyber-Terrorists to Smart Grids, if it is true that nowadays a small car owns 30-50 ECU (Electronic Control Units) interconnected by a bidirectional Synchronous bus and governed by something like 100 millions of lines of codes. My dear friend and colleague, ICT Security expert and Aviation Guru, David Cenciotti will be glad to know that an F-22 Raptor owns about one tenth of lines of codes (“only” 1.7 millions), the F-35 Joint Strike Fighter about 5.7 millions and Boeing 787 Dreamliner about 6.5 millions used to manage avionics and on-board systems. Of course one may not exclude a priori that these systems may be target as well of specific tailored malware (do you remember the intrepid Jeff Goldbum injecting on the mother ship of Aliens on Independence Day?)
Prepare ourselves for a Smart Grid Stuxnet? I think there is enough to be worried about for the next years…