Cyber Warfare and Telecommunications Espionage by yaofenji


									Cyber Warfare and Telecommunications Espionage

Cyber Warfare and Telecommunications Espionage

Communications networks are systems designed to transmit information. Computers and
communications are the technology of technologies. The field is experiencing a revolution several
times each decade. Important recent milestones include:
*The Internet: a network of many kinds of networks. The Internet's main importance is its capability
for internetworking, allowing any user to find, touch, and connect to a large variety of networks and
sources of information, users, and computational resources that each makes available.
*The computer: microprocessors are changing the shape of everything related to computing,
communications and control. Home and work computers permit direct data communication from the
general public.
*The television: television has become a way of life. Wristwatch television, wall-size television, high
definition television, and fully interactive cable television are all available
*The personal communication explosion: cellular phones, facsimiles, two-way pagers, palm pilots.
The most important recent dates in the field are:

   1964       The electronic telephone switching system (No.1 ESS) is placed into

   1965       The first commercial communication satellite is placed into service

   1968       Cable television systems are developed

   1971       The first single chip microprocessor is developed

   1972       The cellular phone is demonstrated to FCC

   1976       Personal computers are developed

   1980       The FT3 fiber optic communication is developed

   1980       The compact disc(CD) is developed

   1981       The IBM PC is introduced (1 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

   1985       FAX machines become popular

   1989       Pocket cellular phone is introduced

   1990       Era of digital signal processing.

Access devices

In homes, the three main access devices deployed at this time are the telephone, the television (TV),
and the personal computer (PC). Ninety six percent of U.S. households have a telephone, about 98
percent have a TV, and 55 percent have a PC. At work, the access devices are telephones and PCs. On
the road, it is again the telephone, cellular, and the portable PC.
Communications occurs over public and private networks. The access devices will coexist, albeit with
an increasingly powerful and flexible set of capabilities. The PC-TV combination will be basically a
PC with augmented capabilities for television reception. The television is not becoming a PC, although
the PC will be used as a television and telephone.
The PC's will become increasingly important as an access device. Approximately 120 million PC's
were deployed in the U.S. workplace at the end of 1998, with close to 85% of them connected to a
network. About 50 million were deployed in the home. Millions of portable PC's are used by mobile
About 98% of all U.S. households have a television, of which about 80% of those have cable service.
Terrestrial broadcast television uses wide bandwidth that potentially will help to enable other services.
Broadening of access is more evident in cable television.
As digital video transmission is deployed, cable service providers will increase the capacity of their
networks. This will lead to additional services, including interactive services. The existing cable system
will be more hybrid fiber coaxial cable, or HFC, systems.
With 96% of all U.S. households having telephone service, telephone is the most used device as far as
communicating- information is concerned. The telephone is also the most used device to access the
networks. Cellular and personal communication service (PCS) telephones now provide increasing
communications mobility to a broadening slice of society.
Cellular and PCS telephones are now commodity items for the general consumer. They are also
becoming smarter, linking into computer networks for data access or for basic telephony over broad
regions of the world.

The system and the medium

Of the access devices available, of specific interest for this study are the telephone and the computer,
the system used and the transmission medium. Telecommunications espionage, and computer (2 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

interference and disruption, depends on the telecommunication systems in place, and the form of
transmitting the information through the access devices.
Telecommunication systems are designed to transmit voice, data, or visual information over some
distance. Historically, telephone systems were designed only to reproduce voice signals that originated
from a distant location. Today, modern telephone systems are very sophisticated. They use large digital
computers at the central office (CO) to switch calls and to monitor the performance of the system.
The telephone industry is evolving from an analog network to a digital network. The trend is to provide
a digital CO and a digital network out to the remote terminal, RT. The "last mile" from the RT to the
subscriber is usually analog. A new approach called the integrated service digital network, ISDN,
converts the "last mile" analog subscriber line, ASL to a digital subscriber line, DSL. Hence, the digital
data can be delivered directly to the subscriber premises.
There are two categories of ISDN: narrow-band or basic rate ISDN, denoted N-ISDN; broadband or
primary rate ISDN, denoted B-ISDN. Twisted pair copper lines provide B-ISDN for the last mile to the
subscriber since it is not financially feasible to replace all copper lines already installed (about a $100
billion dollars investment for U.S. copper line facilities) with fiber optics. Of course, fiber is installed
in all new installations.
Fiber or coaxial lines are required for data rates on the order of 10 Mbits or larger. The standard
implementation of N-ISDN uses two -wire twisted pair telephone line. This allows existing copper
pairs to be used for N-ISDN simply by connecting the ends of the pairs to the terminating equipment.
The wide-band channels used to connect the toll offices consist of three predominant types: fiber optic
cable, microwave radio relay systems, and buried coaxial cable systems. Historically, open-wire pairs,
which consist of individual bare wires supported by glass insulators on the cross arms of telephone
poles ,provided wide-band service via FDM/SSB signaling.
Occasionally, some open wire lines can still be seen along railroad tracks. Fiber optic cable with
TDM/OOK signaling is now rapidly overtaking twisted pair cable, coaxial cable, and microwave relay
because of its tremendous capacity and low cost.
Fiber optic cable has an information carrying capacity that is orders of magnitude greater than of
copper. Although fiber has been deployed extensively in the backbone sections of telephone networks
nationwide, wireline access networks comprising a mix of fiber and copper elements are now being
deployed in residential areas, as mentioned above.
For such access networks a very important technical approach is now used-hybrid fiber coaxial cable,
HFC. This approach, fiber optic links, connect the community head end to small neighborhoods.
Traditional cable technology is then used to fan out inside each neighborhood to reach individual
Another approach is called fiber to the curb, FTTC. It carries fiber to the curb in the distribution
network. Then, either twisted pair copper or coaxial cables are connected from the curb to the home.
FTTC systems are typical all digital. Beyond FTTC systems are systems that carry fiber all the way to
the home.
However, fiber cable provides service only from one fixed point to another. Conversely, (3 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

communication satellites provide wide-band connections to any point on the globe. Service to isolated
locations can be provided almost instantaneously by the use of portable ground stations.
Satellite communication relay a great portion of transoceanic telephone traffic. Satellite
communications can provide the relaying of data, telephone, and television signals. Most
communication satellites are placed in geostationary orbit, GEO. This is a circular orbit in Earth's
equatorial plane.
The orbit is located 22,300 miles above the equator so that the orbital period is the same as that of the
Earth. This enables the Earth station antennas to be simplified since they are pointed in a fixed
direction and do not have to track a moving object. For communication to the polar regions of the
Earth, satellites in polar orbits are used, which require Earth stations with tracking antennas.
Each satellite has a number of transponders aboard to amplify the signal from the uplink and to
down-convert the signal for transmission on the downlink. Newer satellites operate at a very high
frequency, usually in the 14 GHz range on the uplink, and 12 GHZ on the downlink. Satellite relays
provide a channel for data and telephone signaling similar to conventional terrestrial microwave radio
Satellite systems are now used for communication directly to personal communication systems, PCS,
devices, such as hand-held portable telephones and mobile data terminals. In this case, low-Earth-orbit,
LEO, satellites, which are not geosynchronous, are used. These systems provide voice, data, and
facsimile service.
Since the invention of radio systems, the goal of telephone engineers has been to provide personal
telephone service to individuals by using radio systems to link phone lines with persons in their cars or
in the streets. With the development of integrated circuit technology this goal was achieved through the
cellular phone. Each user communicates via radio from a cellular telephone set to the cell-site base
This base station is connected via telephone lines to the mobile telephone switching office, MTSO. The
MTSO connects the user to the called party. If the called party is land base, the connection is via the
central office, CO, to the terrestrial telephone network. If the called party is mobile, the connection is
made to the cell site that covers in which the cell party is located, using an available radio channel in
the cell associated with the called party.
On November, 1998, the Iridium constellation of low-earth orbiting (LEO) satellites made it possible to
send and receive phone calls from some of the most remote locations on Earth using radio waves, a
satellite, and a satellite phone. These telephones can transmit calls via the Iridium constellation and
most land-based tele-communications systems.
Business networking includes interconnection of local area networks, LANs, across wide areas, as well
as remote access (connection of remote sites, small offices, mobile workers, and telecommuters to
corporate networks). Business networking needs network interface cards (NICs) for computers, wiring,
packet switches, routers, and software.
Most networked PCs in corporations today are connected to LANs that are in turn interconnected
across the public telephone system. Presently, some 90% of PCs are connected to LANs . Most of the
PCs sites with a LAN are connected to the telephone system. Small office, home office, and mobile (4 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

workers connect to their main workplace server through remote access.
Most of such workers do not have enough data traffic demand to justify a dedicated circuit for
connection and therefore will choose to connect via one of three options: analog modems, ISDN, or
frame relay.
There are about 900,000 remote offices in the United States. Among those, 96% have some form of
remote access. The network connection is achieved using a dial-up modem, or via a router. There are
some 180 million total telephone access lines. There are 95 million networked workplace PCs, as well
as home-office and mobile PCs.
The complexity of the system, and the medium, raises concerns about security, which not only include
telecommunications espionage and computer disruption, the issues of this study. There are
considerations of mechanisms that also provide protection for the privacy of personal information,
intellectual property, integrity of information and systems, and other vulnerable elements.


The increasing use of general access devices makes security matters increasingly important. Although
the need for security is currently appreciated more in businesses than in homes, even in businesses
there is limited awareness.
There is a need for the protection of individual, business, and government privacy, and the integrity of
material transmitted. Deployment issues relate to securing of infrastructure links and end-to-end
applications and therefore affect all levels of the architecture and all players, including users
themselves. Dependence on networking activities will broaden concerns about security.
Security of the network is an obvious concern in crises where there is an active adversary seeking to
obstruct the response. This is clearly the case in warfare and in confronting terrorism. The response
team must keep its plans secret from hostile parties, and it must protect its communications against
denial of service. However, security needs are not limited to active, hostile situations.
Robert Kehlet, of the Defense Nuclear Agency, observed that when you operate at a federal level,
though, you get access to databases and information that are very sensitive in nature. You don't want to
pass that out to the world in general and make it totally and completely public accessible.
Security is essential to national-scale applications such as manufacturing and electronic commerce. It is
also important in situations where sensitive information must be communicated. Many traditional ideas
of network security must be reconsidered for these applications in light of the greater scale and
diversity of the infrastructure and the increased role of non-experts.
On a short-term basis, new security models are needed to handle the new degree of mobility of users
and possibly organizations. The usability or user acceptability of security mechanisms will assume new
importance, especially those that inconvenience legitimate use too severely.
In many, perhaps all, of the national-scale applications, users can be expected to move from a security
policy domain or sphere to another and have a need to continue to function. That is, for example,
carrying a portable computer from the wireless network environment of one's employer into that of a (5 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

customer, supplier, or competitor.
Mobile users who want to connect back to their home domain from a foreign one have several
alternatives. It is likely that the local domain will require some form of authentication and authorization
of users. The remote domain might either accept that authentication and authorization from the user.
In addition, such remote access may raise problems of exposure of activities, such as lack of privacy,
greater potential for spoofing, or denial of service, because all communication must now be transported
through environments that may not be trusted.
Unfortunately, the problems of security are very difficult to address with computational and
communications facilities. Policy and steps, especially when it involves merging several different
security domains, is extremely complex. It must be based on the tasks to be achieved, the probability of
subversion, and the capabilities of the mechanisms available.
Satellite stations and monitoring centers are capable of telephone surveillance. A system can monitor
and analyze telephone communications, which is, in fact, the largest and most important form of secret
intelligence. However, it is impossible for analysts to listen to all but a small fraction of the billions of
telephone calls, and other signals which might contain significant information.
But, a network of monitoring stations is able to tap all calls from an specific area, and sift out messages
which sound interesting. Computers automatically analyze every message or data signal, and can also
identify calls to a target telephone number.
Surveillance systems are highly computerized. They rely on near total interception of international
commercial and satellite communications in order to locate the telephone or other messages of target
Experts have assessed that, computers with network connectivity, can be entered by an electronic
intruder from anywhere in the world. Gaining access to these computers through a network connection
is relatively simple, costs very little, and typically involves little risks of detection. This new phase of
terrorism is referred to as cyber-terrorism, and with biological warfare, represents the greatest threat of
next century.


U.S. vulnerability to infowar is the major security challenge of the next century. Much more important,
but not as complex as telephone espionage. Other names for cyberterrorism are: information war,
technological warfare, hacking, and computer security.
Every year U.S. companies lose millions of dollars to industrial espionage and sabotage. The attacks
come from outside hostile countries or organizations, business competitors, or individuals. People are
not aware of how easy it is to breach security at major corporations. Even computer experts hired by
companies to make sure their systems are safe find very difficult to fight intruders.
Even military computer systems are vulnerable to intruders. The computer and Internet development
are considered by many to be comparable to the development of the atomic bomb in respect to the way
it may change our society and warfare. In the Gulf War, computers and telecommunications were used (6 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

to knock out the Iraqi communications and electrical systems.
However, as the U.S. relies more and more in computers, we become more vulnerable to attacks.
Imagine what would happen if Wall Street caught a virus that would cause their network to crash. The
prospect is: if we are able to do it, others are also able to do it to us.
Cyberterrorists can attack anywhere where the physical and the virtual worlds combine. The Internet
and the computer technology have made possible universal interface. Cyberterrorists can use the
Internet and the computer networks to destroy, altercate, and infiltrate valuable information or systems
necessary for security.
A terrorist country, such as Cuba, must make its act big enough and well known enough to achieve its
goal. The person actually performing the attack can do it from his own home or lab in Cuba. He will
not be harmed in the attack, he will probably not be traced, and if he messes up he learns from his
mistakes and become even more dangerous when he strikes again.
Assume a possible scenario. Wall Street reports a massive loss of data as computers and backup tapes
go up in smoke. ConEd and PG&E power companies' computers crash, plunging the East and West
coasts into darkness. At major airports, the FAA's ATC computers crash, causing havoc across the
Midwest. 911 emergency systems in major cities go down from a logic bomb. Internet traffic slows to a
tickle as ISPs and telecom companies struggle with coordinated large-scale denial-of-service attacks.
That's the kind of nightmare we can face.
Some of these attacks have already occurred, in small scale, in various nations. Attackers, as mentioned
before, can wage cyberwarfare from computers anywhere in the world.
The core problem: United States' dependence on computers makes it more vulnerable than most
countries to cyberattacks. Our national infrastructure depends not only on our interconnected
information systems and networks, but also the public switched network, the air-traffic control systems,
the power grids and many associated control systems, which themselves depend heavily on computers
and communications.
Our defense against isolated attacks and unanticipated events are inadequate. Risks include not just
penetrations and insider misuse, but also insidious Trojan horse attacks that can lie dormant until
triggered. Our defenses large- scale coordinated attacks are even more inadequate.
According to CIA director George Tenet in congressional testimony, June 1998, "we must rely more
and more on computer networks for the flow of essential information. Trillions of dollars in financial
and commerce are moving over a medium with minimal protection. The opportunity to disrupt military
effectiveness and public safety, with the elements of surprise and anonymity provide plenty of
The cyberterrorist's traditional weapons of choice include computer viruses such as, logic bombs that
wake up on a certain date, worms, and Trojan horse; cracking (accessing computer systems illegally);
sniffing (monitoring network traffic for passwords, credit cards, etc); social engineering (fooling
people into revealing passwords and other information); and dumpster diving (sorting through the
email trash).
In a brief summary, there are: (7 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

*Viruses: computer viruses come in all shapes and flavors, from "harmless" prank messages to
electronic forms of Ebola that chew up your data and spit it out as garbage. Some viruses infect your
PC's boot sector and rewrite the sector, crippling your system. Others infect the files that launch or run
most of your software, rendering your programs unusable. Others erase your computer's CMOS setup
tables, making it impossible for your computer to work.
*Worms: worms are breeder programs, reproducing themselves endlessly to fill up memory and hard
disks. Worms are often designed to send themselves throughout a network, making their spread active
and deliberate.
*Logic bombs: logic bombs are embedded pieces of destructive code that detonate on preset dates or
when a specified set of instructions is executed, unleashing destructive actions within a computer or
through out a network
*Bots: bots are pieces of code designed to rove the internet and perform specific actions
*SYN: SYN attacks involve sending a torrent of connection requests to targeted sites.
*SYN flood: creates a major traffic jam at the site, cutting it off.
But a new tactic, coordinated large-scale attacks, emerged on March 2, 1998. The tactic consists of
intrusion attempts involving multiple attackers working together from different IP addresses, many in
different locations, and countries. The intent is to make the attacks more difficult to detect, and to
increase the "firepower".
Another advanced cyberterrorist tool is monitoring computers, fax machines, printers and other devices
by picking up their electromagnetic radiation. They allow cyber spies (at least one of the spies from
Cuba arrested recently by the FBI in Miami was a computer engineer, expert on computational
technology in Cuba) to intercept passwords and sensitive information.
Such monitors can be as far as 1 mile-or further if they have fast-Fourier-transform chips and other
classified systems design by the National Security Agency, or its foreign counterparts, such as Cuba's
intelligence services. There is no way to know if a system is monitored.
Information warfare attacks on computers could be classified as attacks through legitimate gateways of
the computers such as the modem and the keyboard (software attacks), and attacks through other than
legitimate gateways (backdoor attacks). At the current technological level, backdoor attacks can be
carried out mainly by utilizing radio frequency (RF) technology and are classified as RF attacks.
Any wire or electronic component is, in fact, an unintended antenna, both transmitting and receiving.
Every such unintended antenna is particularly responsive to its specific resonance frequency, and to
some extent, to several related frequencies. If the objective is to eavesdrop on the device, then the
electromagnetic emanations coming from functioning components of the device are received by highly
sensitive receiving equipment and processed in order to duplicate information handled by the device.
If the objective is to affect the device's functioning, then appropriate RF signals are transmitted to the
targeted device. Producing and transmitting a signal, which would just disrupt the normal functioning
of a target device, is a simple technological task, and Cuba is quite capable of producing such attacks.
It is not science fiction: weapons can zap your computer into oblivion from a distance. Radio frequency (8 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

(RF) weapons are real They consist of a power supply, transmitter, antenna. One type, referred to as
HPM, generates Gigawatts of short, intense energy pulses focused into a narrow beam capable of
silently burning out electronic equipment. There have been high ranked military experts testifying in
Congress in relation to this matter since mid-1998.
RF weapons are also packaged as RF munitions, which use explosives to produce radio-frequency
energy. In the hands of skilled Cuban scientists, these munitions come as hand grenades or mortar
grounds. Potential targets of RF weapons include computer and other electronic devices used in
national telecommunications systems, the national transportation system, mass media, oil and gas
control and refining, civil emergency services, among several important infrastructure.
Ninety percent of our military communications now passes over public networks. If an electromagnetic
pulse takes out telephone systems, we are in trouble because our military and non-military nets are
virtually inseparable. The former Soviet Union developed RF weapons because of the potential to be
effective against our sophisticated electronics, said retired U.S. Army Lieutenant General Robert
Schweitzer in congressional testimony in June, 1998.
Russia provided this technology to several countries. China is also well ahead in this field. Since
February 1999, China and Cuba have increased their military and intelligence joint activities. The
presence of Chinese personnel in Cuba is now very obvious.
A new class of cyberweapon, the Transient Electromagnetic Devices (TEDs) are easier to construct and
use. TEDs generate a spike-like pulse that is only one or two hundred picoseconds in length at very
high power. TEDs are smaller, cheaper, required less power and are easier to build. As we will analyze
later on the report, Cuban engineers have the proper technology and experience to build TEDs.
They can be built using spark-gap switches and can be assembled from automobile ignition, fuel pump
and other relative available parts at a cost of $ 300 dollars. TEDs can burn out a broad range of devices,
with effect on electronics systems that are similar to a lightning strike. The compact devices could fit in
a briefcase, or be placed in a small van. With a six- foot backyard antenna and more advanced
spark-gap units, terrorists could point them at flying aircrafts.
"The enemies of peace realize they cannot defeat us with traditional military means", President Bill
Clinton, January, 1999.


Cuba is not a challenge or a threat to the United States with conventional weapons on a conventional
battlefield. It never was, not even at its military peak of the 1970's. However, Cuba is a real threat to
the United States with non-traditional weapons.


Cuba has surprising talent and experience in the areas of electronics, computers, computer software and
data processing. The country benefited from its association with the former Soviet Union, and some
European countries, which turned out many skilled electrical and computer engineers, as well as (9 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

Cuba's electronic industry has its origins in the mid-1960s when the Ministry for Iron and Steel
Machinery (SIME) began assembly of radios from imported parts. In 1974 SIME started producing
black-and-white television sets. Then came a plant to produce batteries (1975), telephone switchboards
(1981), and color television sets (1985). In 1985 SIME also started production of semiconductors.
In 1976 a separate electronics institute was created, the National Institute of Automated Systems and
Computer Skills (INSAC). In 1994 INSAC was incorporated into the newly created Ministry of Steel,
Heavy Machinery and Electronics. The Ministry of Communications is also responsible for small-scale
production of certain electronics-related products.
The entity Cuba Electronica was created in January 1986 as part of the Foreign Trade Ministry. It is
responsible for importing electronic equipment and exporting computers, peripherals, semiconductors
and software.
An Irish expert says that the Cuban information-technology industry matches that of the Republic of
Ireland, which has been particularly successful in persuading a range of information technology
companies to establish their European base in Cuba.
One of the most advanced areas of the electronics industry in Cuba is production of medical
equipment. The Central Institute for Digital Research(ICID) in collaboration with the Biotechnology
Centers, has developed high technology medical equipment including the Cardiocid-M, an
electrocardiographic system for diagnosing cardiovascular system diseases; Neorocid, an
electromyographic and electro-neurographic system for diagnosing peripheric nervous system diseases,
and various applications for high- technology genetic engineering research.
The main developments of Cuba's electronic industry occurred between 1975 and 1989. Among others:
? Computer equipment plant, established in 1978, with a 4,300 square meters production area
? Printed circuit board plant, established 1982, with a 4,900 square meters production area
? Electronic modules production plant, with 4,000 square meters production area
? Mechanical production plant, with 7,500 square meters production area
? Monitors and television set plant, established in 1975, with an annual capacity of 100,000 units
? Alphanumeric keyboards plant, established in 1988, equipped to produce keyboards compatible with
IBM, DEC and other microcomputer systems. Production capacity of 250,000 units per year
? Printed circuit boards plant, which can produce 35,000 square meters per year of circuit boards. It
uses Betamax material and carries out the printing by serigraphy.
? Electronic Research and Development Center, established in 1985.
? Electronic Components Complex, (CCE), produces active and passive components, established in
? Medical equipment complex, established in 1989. Produces instruments and equipment for the
Biotechnology Centers. (10 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

Computing in Cuba dates back to the mid- 1950s when two first generation U.S. computers were
installed. During the 1960s came computers from France, followed by Soviet and East- European
systems. During the 1970s Cuba embarked on a program to develop its own second minicomputers
based on Digital's PDP-11.
Most of Cuba's early computer specialists were trained in East Germany and the Soviet Union. In mid
1980s two main centers of computational research were established one at the CUJAE and the other at
Universidad Central de Las Villas.
Cuba has also developed computer networks. Presently, there are four networks with international
connectivity: CENIAI, Tinored, CIGBnet, Infomed. CENIAI began networking in 1986, and has had a
UUCP link to the Internet since 1992. They currently offer email, database access, and programming
and consulting services. CIGBnet is the network of the Center for Genetic Engineering and
Biotechnology. It began in 1991 and provides email, database access, a biological sequence server.
Since 1991,there has been a surplus of electrical and computer engineers in Cuba due to the closing of
many industries. Many of these engineers changed their lines of work to the areas of
telecommunications espionage and computer interference and disruption, in special centers created by
the government.
A large group of them received specialized training in Russia, Vietnam, North Korea and China As a
result, a significant engineering and technical staff is now dedicated to research, development and
application on these areas.

The Beginning

Prior to the August 1991 coup attempt, the KGB was developing computer viruses with the intent of
using them to disrupt computer systems in times of war or crisis. In early 1991, a highly restricted
project was undertaken by a group within the Military Intelligence Directorate of Cuba's Ministry of
the Armed Forces.
The group was instructed to obtain information to develop a computer virus to infect U.S. civilian
computers. The group spent about $5,000 dollars to buy open-source data on computer networks,
computer viruses, SATCOM, and related communications technology. These efforts have continued to
be made, now in a much larger scale, and could potentially cause irreparable harm to U.S. defense
The project is under the direction of Major Guillermo Bello, and his wife, Colonel Sara Maria Jordan,
both of the Ministry of the Interior. Several well- known Cuban engineers were sent to work in this
group. The engineering effort is led by engineers Sergio Suarez, Amado Garcia, and Jose Luis
Presmanes. Several computational centers have been created at either universities or research centers
through Cuba, where highly secret research and development activities are conducted.
The development of malicious software requires little in the way of resources- a few computers and an
individual or group with the appropriate expertise-making a malicious software R&D program easy to
support as well as to hide.
According to reports, Dutch teenagers gained access, apparently through an Internet connection to
computer systems at 34 DOD sites, including the Air Force Weapons Laboratory, the David Taylor (11 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

Research Center, the Army Information Systems Command, and the Navy Ocean Systems Center
during operations Desert Shield Storm.
They were snooping in sensitive rather than classified military information. The intrusions normally
involved broad-base keywords searches including such words as "rockets", "missiles", and "weapons".
They exploited a trap door to permit future access and modified and copied military information to
unauthorized accounts on U.S. university systems. Although no "customer" was identified, the data
collected could have been sent electronically anywhere in the world. At that time, some Cuban
engineers were receiving specialized training in Holland, Sweden, and Austria.

Cuba: Low Energy Radio Frequency

It is quite possible, and probable, that Cuba is doing research and development on low level radio
frequency weapons, or LERF. This technology utilizes relatively low energy, which is spread over a
wide frequency spectrum. It can, however, be no less effective in disrupting normal functioning of
computers as the high energy RF, or HERF due to the high probability that its wide spectrum contains
frequencies matching resonance frequencies of critical components.
Generally, the LERF approach does not require time compression, nor does it utilize high tech
components. LERF impact on computers and computer networks could be devastating. One of the
dangerous aspects of a LERF attack on a computer is that an unprotected computer would go into a
"random output mode".
Different kinds of LERF weapons have already been used over the years, primarily in Eastern Europe.
This is one of the reasons it is highly probable that Cuba is active in the development of such weapons.
For instance, during the Czechoslovakian invasion of 1968, the Soviet military received advanced
notice that Czechoslovakian anti-communist activities had been wary of relying on the telephone
These telephone communications were controlled by the government. They prepared to use radio
transceivers to communicate between their groups for coordination of their resistance efforts.
During the invasion Soviet military utilized RF jamming aircraft from the Soviet air force base in Stryi,
Western Ukraine. The aircraft jammed all the radio spectrum, with the exception of a few narrow
pre-determined "windows" of RF spectrum utilized by the invading Soviet army.
Another example of a LERF attack was the KGB's manipulation of the United States Embassy security
system in Moscow in the mid-80s. The security system alarm was repeatedly falsely triggered by the
KGB's induced RF interference several times during the night. This was an intent to annoy and fatigue
the marines and to cause the turning of the "malfunctioning" system off.
A small group of agents from Cuba, well trained, can put components from Radio Shack, for example,
inside a van or a pick up truck, with an antenna. And that is really what an RF weapon looks like, a
radar or antenna showing, and drive it around a building, be the White House, the Pentagon, or the
FAA facility and pulse.
They can fire, and re-fire, as long as the generator has power. The radiation goes through concrete (12 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

walls. Barriers are not resistant to them. They will either burn out or upset all the computers or the
electronic gear of the targeted building. They are absolutely safe to human beings.
Another aspect of offensive RF technology is its traditional application in information intercept or
eavesdropping. Traditionally, the Soviet Union and Russia have placed high priority on the
development and use of this technology. Changes of last decade in Russia impacted the KGB, which
has been split into independent parts.
The 8th and 16th Directorates, roughly representing Russian equivalent of the NSA, became an
independent agency, the Federal Agency of Government Communications and Information (FAPSI).
FAPSI is directly subordinate to the President of Russia.
In a wave of privatization, FAPSI was partially privatized as well. Some of the leading FAPSI experts
left the agency and founded private security companies. These companies are fully capable of carrying
out any offensive operations and serve as consultants to previous ally countries.
There is also a close cooperation between FAPSI and its private spin-off companies. The private
companies can provide the FAPSI with some of the products of their intercept, while FAPSI can also
share some of its products, along with personnel and equipment, including its powerful and
sophisticated facilities, such as the Lourdes in Cuba, for a very productive long-range intercept.
This situation can easily put American private business in a highly unfavorable competitive position
since the end of the Cold War somewhat shifted goals, objectives, and some targets of the FAPSI
toward a heavier emphasis on intercept of technological, commercial and financial information.
It can take a few days to build a LERF weapon. It takes a few weeks or a few months to establish a
successful collection of information through RF intercept. But several countries, including Cuba, have
the capacity to do so.

Cuba: Lourdes base

At Lourdes, a suburb of La Habana, south of Centro Habana, and close to Jose Marti's airport, there is a
Russian sophisticated electronic espionage base. It encompasses a 28 square mile area and employs
some 1,500 Russian engineers, technicians and staff. A satellite view of Lourdes, 1996, is included.
There are two fields of satellite dishes. One group listens in to general U.S. communications. The
second group is used for targeted telephones and devices. The areas are designated "Space Associated
Electronics Area North" and "Space Associated Electronics Area South". There is also an
HO/Administration Area, and a Vehicle/Equipment Maintenance Area.
The Russians have spent over $3 billion dollars on Lourdes. In 1996 they started to upgrade the
facilities, in some $250 million dollars. Presently, they have state- of- the art equipment. The
computers at the base are programmed to listen for specific phone numbers-when they detect these
lines are in use the computers automatically record the conversations on transmissions.
The upgrading now include voice recognition facilities, that is, computers recognize certain targeted
voice spectrum, and when so, they automatically record the conversations. Also facsimiles are
detected, as well as computer data. (13 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

At present, Lourdes is an even more important asset for Russia in its efforts to spy on the United States
than it was during the Cold war. Lourdes receives and collects intercepts by spy satellites, ships and
planes in the Atlantic region, making it a full fledge regional command and control center.
The use of the intelligence garnered by Lourdes is not limited to penetrating secret U.S. military
operations. Its targets also include the interception of sensitive diplomatic, commercial and economic
traffic, and private U.S. telecommunications.
The strategic significance of the Lourdes facility also has grown dramatically since the order from
Russian Federation President, Boris Yeltsin, of February 7, 1996 demanding that the Russian
intelligence community step up the theft of American and other Western economic and trade secrets.
The director of the Defense Intelligence Agency told the Senate Intelligence Committee in August
1996, "Lourdes is being used to collect personal information about U.S. citizens in the private and
government sectors". The signal intelligence complexes operated by Russia at Lourdes also offers the
means by which to engage in cyberwarfare against the United States.

Cuba: Bejucal base

In 1995, Russia started the construction of an espionage base to be operated by the Cubans. The base is
located at Bejucal, south of La Habana. The agreement, and the supervision of the entire project, was
directed by General Guillermo Rodriguez del Pozo. Equipment for the base was shipped secretively
from Russia through the port of Riga, in Latvia. This country does not have an embassy in Cuba.
However, Cuba maintains a large embassy, over 50 persons, in Latvia.
The base is now fully operational, similar but smaller than Lourdes, and with all state-of-the-art
equipment. The unit is referred to by some as The Electronic Warfare Battalion, EWB. The request for
the base came because Cuba does not have access to Lourdes. They only get copies of the Russian
intelligence summaries on issues that could affect the nation's security.
Cuba Bejucal's Base is very powerful, and it has the capabilities, besides running signals intelligence
operations, that is, eavesdropping, of conducting cyberwarfare.The Interior Ministry's General
Directorate for Intelligence is in charge of the Base.
It also runs a smaller center, located at Paseo, between 11th and 13th streets, in Vedado, La Habana.
The center is mainly radio listening and transmitting, and for limited telephone espionage.
The Electronic Warfare Battalion has the necessary equipment to interfere Radio and TV Marti, and the
equipment to interfere TV Marti if it transmits in UHF. The equipment is not used as yet. However, the
base has offensive jamming capabilities, capable of disrupting communications deep inside the United
states. This is indeed a unique facility because of its size and location and capability.
Interference of radio and TV Marti is now disseminated through the Island, in what is called project
Titan. In charge now of Chinese personnel, which since March 1999 has also taken partially over the
operations of the Bejucal base, or EWB.
Early in 1999, the Pentagon's military computer systems were subject to ongoing, sophisticated and
organized cyber attacks. Officials stated that this latest series of strikes at defense networks was a (14 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

coordinated effort coming from abroad. Deputy Defense Secretary John Hamre, who oversees all
Pentagon security matters confirmed the attacks have been occurring since 1998.
Secretary Hamre called them a "major concern". Officials believe some of the most sophisticated
attacks are coming from a country routing through Russian computer addresses to disguise their origin.
The probes and attacks are also against U.S. military research and technology systems-including the
nuclear weapons laboratories run by the Department of Energy. Rep. Curt Weldon, R-Pa., chairman of
the House Armed Services research and Development Subcommittee stated "What we have been
seeing in recent months is more of what could be a coordinated attack?.that could be involved in a very
planned effort to acquire technology and information about our systems in a way that we have not seen
These attacks coincide with the fact that the Bejucal base is fully operational, and also with the new
presence of China military and intelligence personnel in Cuba.
Rep. Curtis Weldon also stated "it is not a matter of if America has an electronic Pearl Harbor, it is a
matter of when". For two days in January, 1999, cyber attacks were made into military computers at
Kelly Air Force Base in San Antonio-the center for the most sensitive Air Force intelligence, the kind
of information critical to American troops abroad.
Joseph Santos, aka "Mario", one of the persons arrested by the FBI in an alleged spy ring, on
September 1998, is an electrical and computer engineer, with great expertise in computer networks,
and member until 1996 of a research computational center in a University in Cuba.
According to the indictment, Santos' assignment was to infiltrate the new U.S. Southern Command
headquarters in West Dade. He had, as his fundamental assignment, the penetration of the headquarters
of said command. Maps of several cities, including San Antonio, were found in his apartment.
It is a fact that both, Lourdes and the EBW bases, are a threat to the U.S. security, capable of
intercepting not only U.S. military secrets but also commercial and trade intelligence.

Cuba: The new China presence

In February, 1999, a top level Chinese military delegation, led by Chi Haotian, Defense Minister,
visited Cuba. They met several times with Raul Castro, Cuba's Defense Minister. It was the first time a
Chinese minister of defense visited Cuba.
China's President Jiang Zemin visited Cuba in 1993. Castro went to China in 1995. Other important
visits have occurred recently. Raul Castro, accompanied by several generals, visited China. Also,
general Dong Liang Ju, head of China's Military Commission, visited Cuba.
An important role here is played again by General Guillermo Rodriguez del Pozo, whose son is
married to Raul Castro's daughter. All these facts lead to an important conclusion: a very close military
relation between Cuba and China.
It is obvious that China sees a presence in Cuba of an important strategic value, and is making Cuba a
military and intelligence gathering Center. What Cuba really wants from China? Most probably, (15 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

economic assistance. But the real important question is what China wants from Cuba?
China has become very active in Cuba's military telecommunications, cyberwarfare and biowarfare
activities. China is investing to modernize the satellite- tracking center at Jaruco. China is heavily
involved also in the telecommunications-monitoring base at Paseo, between 11thst and 13thst, Vedado.
The government of China has created the 863 and Super-863 Programs, with the sole mission of
importing technologies for military use. The 863 program was given a budget split between military
and civilian projects, focusing on science and technology.
The following are key areas of military concern: biological warfare; communications and intelligence
systems. The People's Liberation Army, PLA, has placed priority on the development of battlefield
communications; reconnaissance; intelligence signals operations.
In order to achieve these priorities, the government of China has focused on the use of intelligence
services to acquire U.S. military and industrial technology. That is the main reason why China is using
and improving Cuban capabilities in this area and moving to develop its own on the island.
After years of hostile relations between China and the Soviet Union, Russia has again become China's
main source of advanced weapons, including electronic warfare and electronic eavesdropping, (sigint),
China has acquired high performance computers, HPC, from the United States. HPCs are important for
many military applications and essential for some. It is known that China is modernizing Cuba's
computer systems with HPCs.
These computers are in the speed range of 1500-40,000 millions of theoretical operations per second
(MTOPS). HPCs are useful in the design, development, manufacturing, performance, and testing of
biological weapons, command, control, and communications, information warfare, collection,
processing, analysis, and dissemination of intelligence an in the encryption of communications.
Another potential application of HPCs in Cuba is cryptology-the design and breaking of encoded
communications. This application, such as in the Bejucal base, demands fast processing, and the ability
to handle large amounts of data. As a point of reference, the U.S. National Security Agency uses some
of the highest performance computers available.
However, it is true also that significant cryptology capabilities can be achieved through the use of
widely available computer equipment, such as networked workstations or parallel processors.
Under the revised HPC policy, Cuba falls in Tier 4 with Iraq, Iran, Libya, North Korea, Sudan , and
Syria. Tier 4 means a virtual embargo on all computer exports. This is another factor of the importance
of the new China/Cuba relations. In light of China's aggressive espionage campaign against U.S.
technology, Cuba fits perfectly with Chinese electronic warfare priorities and electronic collection


The United States' dependence on computers makes it more vulnerable than most countries to (16 of 18) [4/4/2002 2:38:01 AM]
Cyber Warfare and Telecommunications Espionage

cyberattack. The president's Commission on Critical Infrastructure Protection has identified eight
critical areas in need of protection: information and communications, electrical power systems, gas and
oil industries, banking and finance, transportation, water supply systems, emergency services and
government services.
Many traditional and non-traditional adversaries of the United States-according to Louis J. Freeh,
Director, FBI, today are technological sophisticated and have modified their intelligence
methodologies to use advanced technologies to commit espionage. In telecommunications, even some
smaller (Cuba?) intelligence adversaries now use equipment the FBI is unable to monitor.
The international terrorist threat can be divided- according again to Louis J. Freeh- in three general
categories. Each poses a serious and distinct threat, and each has a presence in the United States. The
first and most important category, and the concern of this study, is state-sponsored terrorism. It violates
every convention of international law. State sponsors of terrorism include Iran, Iraq, Syria, Sudan,
Cuba, and North Korea. Put simply, these nations view terrorism as a tool of foreign policy.
Public and private sector organizations that rely on information technologies are diverse. The result is a
revolutionary and systematic improvement in industrial, services, and commercial processes. However,
as commercial information technologies create advantages, their increasingly indispensable nature
transforms them into high-value targets.
With very few exceptions, attacks against the nation's cyber assets can be aggregated into one of four
categories: crime, terrorism, foreign intelligence, or war. Regardless of the category, any country can
acquire the capability to conduct limited attacks against information systems.
Software is one weapon of information-based attacks. Such software includes computer viruses, Trojan
horses, worms, logic bombs and eavesdropping sniffers. Advanced electronic hardware can also be
useful in information attacks. Examples of such hardware are high-energy radio
frequency(RF)weapons, electromagnetic pulse weapons, RF jamming equipment, or RF interception
Such weapons can be used to destroy property and data; intercept communications or modify traffic;
reduce productivity; degrade the integrity of data, communications, or navigation systems; and deny
crucial services to users of information and telecommunications systems.
The Cuban government is well aware of this vulnerability. Hence, major terrorists and intelligence
services are quickly becoming aware of exploiting the power of information tools and weapons. The
Cuban government is well aware of this vulnerability.
The increasing value of trade secrets in the global and domestic marketplaces, and the corresponding
spread of technology, have combined to significantly increase both the opportunities and methods for
conducting electronic espionage.
The security of trade secrets is essential to maintaining the health and competitiveness of critical
segments of the U.S. economy. The U.S. counterintelligence community has specifically identified the
suspicious collection and acquisition activities of foreign entities from at least 23 countries, including
Cuba has acquired the capacity to conduct cyberterrorism also through simple technology transfer. (17 of 18) [4/4/2002 2:38:01 AM]
 Cyber Warfare and Telecommunications Espionage

 There are multiple international conferences on the subject. Anyone can attend these conferences.
 There is a BEAMS conference that has gone on for 20 years, a EUROEM conference that has gone on
 for over 20 years also. RF weapons can be made today for a cost of $800 dollars. Therefore, there is no
 need for a lot of power, or a lot of money to affect the infrastructure. This technology application is
 quite under the capabilities of Cuba's electronic development.
 Electronic monitoring of communications signals will continue to be the largest and most important
 form of secret intelligence. Cuba's two main facilities-Lourdes and EWB- are quite capable of
 monitoring telecommunications in the U.S., the Caribbean, and Latin America.
 Computers automatically analyze every call or data signal, and can also identify calls to a target
 telephone number in U.S. no matter from which country they originate. Both, Lourdes and EWB, are
 highly computerized. They rely on near total interception of international commercial and satellite
 communications in order to locate the telephone or other messages of target individuals.
 Cuba's intelligence activities against the United States have grown in diversity and complexity in the
 past few years. Press reports of recent espionage cases involving Russia, South Korea, China, and Cuba
 are just the tip of a large and dangerous intelligence iceberg.
 The director of the CIA stated before the Senate Select Committee on Intelligence, 1998, that there are
 six countries presently conducting electronic espionage that poses a threat to the United States, they
 are: France, Israel, China, Russia, Iran, and Cuba.
 Cuba represents a serious threat to the security of the United States in the cyberwarfare phase of


 Ing. Manuel Cereijo
 Miami, Florida.
 September 1999

GUARACABUYA autoriza la reproducción total o en parte su contenido, siempre que se utilice lo
siguiente : "Publicado en Guaracabuya, publicación de la Sociedad Económica Amigos del País. (18 of 18) [4/4/2002 2:38:01 AM]

To top