Project Cyber Dawn Explored Libyan Vulnerabilities

Wednesday, June 15, 2011



The Washinton Post reports that private sector security advisors were advising the U.S. government on how best to exploit vulnerabilities in Libyan Supervisory Control and Data Acquisition (SCADA) systems used to control Moammar Gadhafi’s oil production.

Word of the advisory study, titled "Project Cyber Dawn", came to light after the hacker collective LulzSec recently released emails stolen in a network breach of security contractor Unveillance.

According to a report in the Washington Post, "Project Cyber Dawn was put together by the Cyber Security Forum Initiative, a group whose membership includes military officials, academics and business leaders. Unveillance Chief Executive Karim Hijazi was one of the report’s 21 co-authors, among them forum founder Paul de Souza and Jeffrey Bardin, a former NSA code breaker."

Project cyber Dawn outlined a strategy to disable a refinery at Ras Lanouf employing a Stuxnet-type designer virus aimed at disrupting the facility's SCADA control systems.

SCADA systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants.

The Washington Post article goes on to state that "the authors of Cyber Dawn argued that something similar to the Stuxnet attack on Iran could be done in Libya, noting that German engineering conglomerate Siemens AG — whose software system was exploited by Stuxnet — has played an important role in projects across the North African country."

Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA systems, and the Stuxnet virus is thought to have caused severe damage to Iranian uranium enrichment facilities which reportedly set back the nation's nuclear program several years.

Revelations of the Project Cyber Dawn study are reminiscent of other covert operations undertaken by private security consultants, such as those revealed in the aftermath of the HBGary Federal network hack.

In January, the company was breached in an operation conducted by the rogue movement Anonymous which subsequently released of tens-of-thousands of company emails to reveal multiple instances of ethically questionable operations involving the security company.

The leaked emails showed that HBGary Federal, Palantir Technologies and Berico Technologies were involved in developing WikiLeaks counter-operations strategies for Bank of America and proposed disinformation campaigns, cyber attacks against network systems, and strong-arming journalists.

Other information released in the breach showed that the companies were engaged in developing strategies to infiltrate other civil activist groups, and plans to use social media for distributing government propaganda. There was also evidence that HBGary Federal was involved in developing an undetectable, full command and control cyber offensive weapon called Magenta.

“For the private sector to be making recommendations... that’s a level of ambition that you would not have seen until very recently,” said VeriSign's Eli Jellenc.

Siemens recently announced the company has issued a fix for at least some of the SCADA vulnerabilities that threaten the security of critical infrastructure control networks.

The remediation of the vulnerabilities are the company's first documented mitigation actions since the debut of the Stuxnet virus last year, which targeted Siemens programmable logic controllers (PLCs).

Possibly Related Articles:
SCADA Government Vulnerabilities Stuxnet Headlines Cyber Offense Libya Unveillance Cyber Security Forum Initiative
Post Rating I Like this!
Chris Blask I worked on that report and I have to add a Twanian note that the rumors of its intent are highly exaggerated. If anyone commissioned it they certainly didn't pay me or as far as I know anyone else for it.

CSFI is just a bunch of folks who get together pseudo-randomly as a group of interest to study things. In the case of the Stuxnet project I was involved in there was no specific "side", though if it served the groups and nations the participants are part of then all the better.

The Cyber Dawn piece was a "sided" project (at least for me it was: Gaddafi is a tinhorn psycho dictator and I would support most anyone who opposes him), but to cast it as a Pentagon Black Operation is giving it more and wrong weight. It was primarily an inventory project to see what all cyber gear was in the country on the base premise that knowing that might foster a positive outcome (not in Gaddafi's terms, perhaps, but in the terms of just about every other sane human). The discussion was not only about what cyber vulnerabilities would harm Gaddafi's political position, but moreso about what could support the (hopefully) new government. We talked about some of the things a recent New York times article discussed: ways to support communications technologies of the Transitional Council and other anti-dictatorial movements (suitcase wifi setups, willing social media experts...).

As far as the control systems in Libya, my personal opinion is that there isn't a lot if anything to be gained by the non-Gaddafi-aligned in messing about with the infrastructure under his control. All of this stuff needs to be available when this is all over for the new government to manage, and they will have enough to deal with without the all-too-well-known security flaws rampant in control systems being exploited against them.

Yes, we all knew that Paul would look to make the report available to the kinds of folks in our government who might have use for it. If those aligned against this psychotic dictator find value in our project, then good. Free individuals have every right to cluster up and ponder publicly available information in an exercise like this. With any luck, folks will be free to do so in Libya before too terribly long, as well. If anything I can do makes a fingernail-clipping of contribution to that goal then I will be entirely pleased.

(I am not speaking on behalf of CSFI, most if not all of the information in this comment are my known public positions, and given that this report has been posted in public and folks are writing articles about it I hope my CSFI mates don't mind my commenting.)
J. Oquendo As someone who also worked on a CSFI Project (Stuxnet to be exact)I will also concur that the collaboration done with others was focused on research. There was no: "Let's do it to them" on the contrary, while on the Stuxnet project it was me who often asked about re-weaponization and offensive approach to see what else could be done. This was never (rinse and repeat NEVER) an objective.

I believe CSFI has some interesting research and while it may seem like some form of "black ops" program, I believe they would not be publicizing it on their home page if it were. Think about this logically, that would 1) give away their uber cabalistic goals, 2) place researchers in danger 3) give enemies a counter-counter offensive capability. Wouldn't make much sense.

In the interim, I can't comment on Project Cyber Dawn cause I wasn't involved but figured I'd give a little common sense tidbits for people to think about

Chris Blask @J - Of course, as part of the Evil Conspiracy, we have to say these things... ;~)
J. Oquendo Chris, did you not get your billion dollar CSFI check yet? :P
Chris Blask Not yet.

Every day I check the mailbox for the chalk mark, but still nothing.

Lousy bureaucrats.
Krypt3ia Moscow Rules old boy.. Moscow Rules...
J. Oquendo @Chris ... ;) I think too many people may not even understand that one. Its great though, sometimes while driving around, whenever I see a milk quart carton, the first thing that comes to mind is Hanssen @ Allenwood formerly @ FBI.

@Krypt3ia - have a friend whom I haven't seen in some time. "old head" who used to tell me some interesting stories. Man, Moscovites had it hard once upon a time. Imagine a 4 member family in a 300sq ft home. And he *was* someone at some point in time.

Nowadays I get confused with terms like that: "Moscow rules" ... Are they gonna arrest him for claiming too much money like that oil tycoon ;)
Chris Blask @Krypt3ia - As long as I get my dacha in Zavidovo when this is all over... :~)
Chris Blask @J - "The Sneaky Weasel rides the cat at midnight."


Now, are they talking like this because there really is no Great Dark Government Conspiracy or is it a smokescreen? How come we never see J. Oquendo and Oliver North in the same place at the same time? Didn't I hear someone say he (J/Oliver?) was spotted drinking beer at the Little A'Le'Inn outside Roswell?

You see? I told you people would stop calling me crazy when The Truth Came Out...

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.