Cuba’s adversary foreign intelligence
By Manuel Cereijo
 When the Cold war ended, it was widely believed that a new era of international cooperation had begun. However, simply put, the end of the cold war has not led to a more peaceful world.
The United States is the target of those who challenge the status quo, and one of those is Cuba. Furthermore, the PRC has joined efforts with Cuba in a new axis. The deterioration in China’s relations with the United States is also being accompanied by a warmer relationship with Russia. There are three nations that use intensively their intelligence services to harm the interests of the United States. These nations are: China, Cuba, Iran, and North Korea. These nations continue to expend significant resources to conduct intelligence operations against the United States.
These efforts are centered on producing intelligence concerning the United States military capabilities, other national security activities, and military research and development activities. They have now expanded their collection efforts to place additional emphasis on collecting scientific, technical, economic, and proprietary information. These collection efforts are designed to provide technologies required for the acquisition and maintenance of advanced military systems, as well as to promote the national welfare of these nations. Each one of these countries has the ability to collect intelligence on targeted U.S. activities using HUMINT, SIGINT, and the analysis of open source material. Also, Cuba, China, and Russia have access to imagery products that can be used to produce IMINT. The United States is now the target of those who want to challenge the existing state of affairs. Security threats, in this new era of asymmetric warfare, will inevitable emerge more and more frequently.
The “fall of communism” has not reduced the level or amount of espionage and other potential serious activities conducted against the United States. Recent espionage cases involving Russia, China, and Cuba are just the tip of the iceberg. Software is one weapon of information-based attacks. Such software includes computer viruses, Trojan Horses, worms, logic bombs, and eavesdropping snuffers. Advanced electronic hardware can also be useful in information attacks. In terms of maturity of the threat, the numbers tell the story. In July of  2004 there have been over 300 reported hacked web sites. High Performance Computers (Hips) are important for many military applications, including processing information acquired through espionage. HPCs provided to Cuba by the PRC could facilitate many of Cuba’s asymmetric military modernization objectives.
The PRC has obtained the HPCs from the United States. The contribution of HPCs to military modernization is also dependent on related technologies such as Telecommunications, Microelectronics, and Computer Networking, areas in which the PRC has been assisting Cuba intensively since 1998. The principal intelligence collection arms of the Cuban government are the Directorate General of Intelligence (DGI) of Ministry of Interior, and the Military Counterintelligence Department of the Ministry of the Armed Forces. The DGI is responsible for foreign intelligence collection.
The DGI has six divisions divided into two categories of roughly equal size: The Operational Divisions and the Support Divisions.
The operational divisions include the Political/Economic Intelligence Divisions, the External Counterintelligence Division, and the Military Intelligence Division.
The support divisions include the Technical Support Division, the Information Division, and the Preparation Division. The Technical Support Division is responsible for production of false documents, communication systems supporting clandestine operations, and development of clandestine message capabilities. The Information and Preparation Divisions are responsible for intelligence analysis functions.
The Political Economic Intelligence Division consists of four sections: Eastern Europe, North America, Western Europe, and Africa-Asia-Latin-America. The External Counterintelligence Division is responsible for penetrating foreign intelligence services and the surveillance of exiles. The Military Intelligence Department was focused on collecting information on the U.S. Armed Forces and coordinated SIGINT operations with the Russians at Lourdes. Presently, it controls the Bejucal base.
The Military Counterintelligence Department is responsible for conducting counterintelligence, SIGINT, and electronic warfare activities against the United States.
The full range of Cuba’s espionage activities are a very serious matter of concern. Despite the economic failure of the Castro regime, Cuban intelligence, in particular the DGI, remains a viable threat to the United States. The Cuban mission to the United States is the third largest UN delegation. The Cuban diplomats conduct and support harmful activities in the United States. The United States’ intelligence agencies should devote their resources to the most serious security threats, principally international terrorism, and adverse political trends.
The recent(1998-2001) captured of more than 12 Cuban spies, including Ana Belen Montes, have shown the way that they communicate with the DGI in Cuba. The basic method is called Cryptography, and Cuba’s uses the method developed in the 1970s, referred to as symmetric encryption, secret-key, or single key encryption. There are three important encryption algorithms: DES, triple DES, and AES.
The encryption used by Cuba’s intelligence has five ingredients:
They use two basic important requirements:
The security of this encryption depends on the secrecy of the key, not the secrecy of the algorithm. That is, they need to keep only the key secret. With the use of this encryption, the principal security problem is maintaining the secrecy of the key.
All their encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged. They use multiple stages of substitutions and transpositions.
Both sender and receiver use the same key. The system is symmetric. A block cipher processes the input one block of elements at a time, producing an output block for each input block. A stream cipher processes the input elements continuously, producing output one element at a time, as it goes along.
The process of attempting to discover the plaintext or key is known as cryptanalysis. A summary follows. The Table summarizes the various types of cryptanalytic attacks or means to decipher Cuba’s communication with its spies. The most difficult problem is presented when all that is available is the ciphertext only.
Central to the techniques are the strange laws of quantum mechanics that govern the universe on the smallest scale, and the ability to exploit physics on this scale, which has generated huge interest in Cuba, with the development of a new nanotechnology research and development facilities. The beginning stages of the project were coordinated by Castro Diaz Balart. The quantum properties of photons could make encrypted messages absolutely secure.
It is known that Cuba has experimented already sending encrypted messages through the air over 100 Kms., during days and nights. Cuba expects to be able to send through its Bejucal base these ultra-secret messages by the end of this year or early 2003. Of course, encryption of transmitted data is just one part of keeping information secret. It is easier for a would-be interceptor to compromise other aspects of the overall process that are much more vulnerable than encryption, like hacking the sender’s hard drive before the data is encrypted for transmission.
The genius of quantum cryptography is that it solves the problem of key distribution. This ability comes directly from the way quantum particles such as photons behave in nature and the fact that the information these particles carry can take on this behavior. Essentially two technologies make quantum key distribution possible: the equipment for creating photons and that for detecting them. The ideal source is a so-called photon gun that fires a single photon on demand. This is an area where Cuba research and development is highly concentrated and advanced.
The facilities, and the talent, are Cubans. But the financing is from where?
There is work currently going on testing a portable system that can fit in the back of a small trailer and works, on a clear night, over 65 Kms. The cost? Some $90,000. There is work being done on a system that could, on a clear night, beam single photons to orbiting satellites, thereby securing their transmissions. However, where progress has been greatest and where most experimental work has been focused, is on optical-fiber-based communications. ETECSA, the Cuban/Italian telephone company, has just finished the installation of a secret fiber optic ring strictly for military use, around Bejucal, Wajay, Guines, and La Habana. So far the limitation is in the need to use repeaters. The maximum length obtained has been 60 Kms. If distances could be increased, this will be quite a milestone. Cuba’s Bejucal base, which started full operation on January 1998, poses a real threat to the national security of the United States.
Type of attack
Known to Cryptanalyst
Ciphertext only
Encryption algorithm
Ciphertext to be decoded
Known plaintext
Encryption algorithm
Ciphertext to be decoded
One or more plaintext-ciphertext pairs formed with the secret key
Chosen plaintext
Encryption algorithm
Ciphertext to be decoded
Plaintext message chosen by cryptanalist, together with its corresponding ciphertext generated with the secret key
Chosen ciphertext
Encryption algorithm; Ciphertext to be decoded; Purporpoted ciphertext chosen by cryptanalist, together with its corresponding decrypted plaintext generated with the secret key
Chosen Text
Encryption algorithm; Ciphertext to be decoded; Plaintext message chosen by cryptanalist, together with its corresponding ciphertext generated with the secret key; Purported ciphertext chosen by cryptanalist, together with its corresponding decrypted plaintext generated with the secret key
As our reliance on computers has grown, so has our vulnerability to cyberattack. Virtually every critical infrastructure system in this country, whether it be transportation, power, communications, or finance, operates in cyberspace. It is a huge problem, and there are few people trained in the science, or art, of computer security.
We need to have intelligence, we need to monitor our systems all the time, to detect very early warnings. Take digital steganography, a technique for hiding data in seemingly innocuous messages. While it has many legitimate uses, it is also increasingly being used by terrorist groups and countries. However, the effort of a group of engineers has just develop a software package designed to detect digital steganography.
A cyberattack that shut down power to an hospital or prevent fuel delivery in the dead of winter can cost lives. In 1997 a US military exercise tested the country’s preparedness against a cyberattack. The NSA had hired 35 hackers to invade the Defense Department’s 40,000 computer networks. By the end of the exercise, the hackers had gained root level access to at least 36 of the networks-enough to shut down the power of several major cities and take control of a navy cruiser.
We must be ready, ready if our enemies try to use computers to disable power grids, banking, communications and transportation networks, police, fire and health services, or military assets.
What To Do?
In the last decade, the number of computers in use has exploded. For quite some time now, computers have been a crucial element in how we entertain and educate ourselves, and most importantly, how we do business. It seems obvious in retrospect that a natural result of the explosive growth in computer use would be an even more explosive (although delayed) growth in the desire and need for computers to talk with each other. The growth of this industry has been driven by two separate forces which until recently have had different goals and end products.
The first factor has been research interests and laboratories; these groups have always needed to share files, email and other information across wide areas. The research labs developed several protocols and methods for this data transfer, most notably TCP/IP. Business interests are the second factor in network growth. For quite some time, businesses were primarily interested in sharing data within an office or campus environment, this led to the development of various protocols suited specifically to this task.
Within the last five years, businesses have begun to need to share data across wide areas. This has prompted efforts to convert principally LAN-based protocols into WAN-friendly protocols. The result has spawned an entire industry of consultants who know how to manipulate routers, gateways and networks to force principally broadcast protocols across point-to-point links (two very different methods of transmitting packets across networks). Recently (within the last 2 or 3 years) more and more companies have realized that they need to settle on a common networking protocol. Frequently the protocol of choice has been TCP/IP, which is also the primary protocol run on the Internet. The emerging ubiquitous ness of TCP/IP allows companies to interconnect with each other via private networks as well as through public networks.
This is a very rosy picture: businesses, governments and individuals communicating with each other across the world. While reality is rapidly approaching this utopian picture, several relatively minor issues have changed status from low priority to extreme importance. Security is probably the most well known of these problems. When businesses send private information across the net, they place a high value on it getting to its destination intact and without being intercepted by someone other than the intended recipient. Individuals sending private communications obviously desire secure communications. Finally, connecting a system to a network can open the system itself up to attacks. If a system is compromised, the risk of data loss is high.
It can be useful to break network security into two general classes:
While both significantly affect the traffic going to and from a site, their objectives are quite different.

Transit Security

Currently, there are no systems in wide use that will keep data secure as it transits a public network. Several methods are available to encrypt traffic between a few coordinated sites. Unfortunately, none of the current solutions scale particularly well. Two general approaches dominate this area:
Virtual Private Networks: This is the concept of creating a private network by using TCP/IP to provide the lower levels of a second TCP/IP stack. This can be a confusing concept, and is best understood by comparing it to the way TCP/IP is normally implemented. In a nutshell, IP traffic is sent across various forms of physical networks. Each system that connects to the physical network implements a standard for sending IP messages across that link.
Standards for IP transmission across various types of links exist, the most common are for Ethernet and Point to Point links (PPP and SLIP). Once an IP packet is received, it is passed up to higher layers of the TCP/IP stack as appropriate (UDP, TCP and eventually the application). When a virtual private network is implemented, the lowest levels of the TCP/IP protocol are implemented using an existing TCP/IP connection. There are a number of ways to accomplish this which tradeoff between abstraction and efficiency. The advantage this gives you in terms of secure data transfer is only a single step further away. Because a VPN gives you complete control over the physical layer, it is entirely within the network designers power to encrypt the connection at the physical (virtual) layer. By doing this, all traffic of any sort over the VPN will be encrypted, whether it be at the application layer (such as Mail or News) or at the lowest layers of the stack (IP, ICMP). The primary advantages of VPNs are: they allow private address space (you can have more machines on a network), and they allow the packet encryption/translation overhead to be done on dedicated systems, decreasing the load placed on production machines.
Packet Level Encryption: Another approach is to encrypt traffic at a higher layer in the TCP/IP stack. Several methods exist for the secure authentication and encryption of telnet and rlogin sessions (Kerberos, S/Key and DESlogin) which are examples of encryption at the highest level of the stack (the application layer). The advantages to encrypting traffic at the higher layer are that the processor overhead of dealing with a VPN is eliminated, inter-operability with current applications is not affected, and it is much easier to compile a client program that supports application layer encryption than to build a VPN. It is possible to encrypt traffic at essentially any of the layers in the IP stack. Particularly promising is encryption that is done at the TCP level which provides fairly transparent encryption to most network applications.
It is important to note that both of these methods can have performance impacts on the hosts that implement the protocols, and on the networks which connect those hosts. The relatively simple act of encapsulating or converting a packet into a new form requires CPU-time and uses additional network capacity. Encryption can be a very CPU-intensive process and encrypted packets may need to be padded to uniform length to guarantee the robustness of some algorithms. Further, both methods have impacts on other areas (security related and otherwise- such as address allocation, fault tolerance and load balancing) that need to be considered before any choice is made as to which is best for a particular case.

Traffic Regulation

The most common form of network security on the Internet today is to closely regulate which types of packets can move between networks. If a packet which may do something malicious to a remote host never gets there, the remote host will be unaffected. Traffic regulation provides this screen between hosts and remote sites. This typically happens at three basic areas of the network: routers, firewalls and hosts. Each provides similar service at different points in the network. In fact the line between them is somewhat ill-defined and arbitrary. In this article, I will use the following definitions:
Router traffic regulation: Any traffic regulation that occurs on a router or terminal server (hosts whose primary purpose is to forward the packets of other hosts) and is based on packet characteristics. This does not include application gateways but does include address translation.
Firewall traffic regulation: Traffic regulation or filtering that is performed via application gateways or proxies.
Host traffic regulation: Traffic regulation that is performed at the destination of a packet. Hosts are playing a smaller and smaller role in traffic regulation with the advent of filtering routers and firewalls.

Filters and access lists

Regulating which packets can go between two sites is a fairly simple concept on the surface- it shouldn't be and isn't difficult for any router or firewall to decide simply not to forward all packets from a particular site. Unfortunately, the reason most people connect to the Internet is so that they may exchange packets with remote sites. Developing a plan that allows the right packets through at the right time and denies the malicious packets is a thorny task which is far beyond this article's scope. A few basic techniques are worth discussing, however.
Filters and access lists are typically placed on all three types of systems, although they are most common on routers.
Address Translation: Another advancement has been to have a router modify outgoing packets to contain their own IP number. This prevents an external site from knowing any information about the internal network, it also allows for certain tricks to be played which provide for a tremendous number of additional internal hosts with a small allocated address space. The router maintains a table which maps an external IP number and socket with an internal number and socket. Whenever an internal packet is destined for the outside, it is simply forwarded with the routers IP number in the source field of the IP header. When an external packet arrives, it is analyzed for its destination port and re-mapped before it is sent on to the internal host. The procedure does have its pitfalls; checksums have to be recalculated because they are based in part on IP numbers, and some upper layer protocols encode/depend on the IP number. These protocols will not work through simple address translation routers.
Application gateways and proxies: The primary difference between firewalls and routers is that firewalls actually run applications. These applications frequently include mail daemons, ftp servers and web servers. Firewalls also usually run what are known as application gateways or proxies. These are best described as programs that understand a protocol's syntax, but do not implement any of the functionality of the protocol. Rather, after verifying that a message from an external site is appropriate, they send the message on to the real daemon which processes the data. This provides security for those applications that are particularly susceptible to interactive attacks. One advantage of using a firewall for these services is that it makes it very easy to monitor all activity, and very easy to quickly control what gets in and out of a network.
There are two basic types of network security, transit security and traffic regulation, which when combined can help guarantee that the right information is securely delivered to the right place. It should be apparent that there is also a need for ensuring that the hosts that receive the information will properly process it, this raises the entire specter of host security: a wide area which varies tremendously for each type of system. With the growth in business use of the Internet, network security is rapidly becoming crucial to the development of the Internet. Soon, security will be an integral part of our day-to-day use of the Internet and other networks.
Submarines prowl the ocean floor, while ships above carefully skirts the limits of international waters. On dry land, guards patrol high fences surrounding acres of huge golf ball-shaped radar domes. In the skies, airplanes knife through the stratosphere, while higher up orbiting electronic ears listen to whispers from the planet below.
They are trolling a vast sea of electromagnetic signals in hopes of catching a terrorist plot in the making, a shady arms deal, economic intelligence, or a rogue nation building a weapon of mass destruction. This so called signals intelligence, or Sigint, has been vital to the United States and its allies for decades. This is also vital for Cuba, and China, through the Bejucal base.
The question now is: how useful is the system against terrorists who know not to trust their satellite phones? How effective can it be in an age when almost untappable fiber-optic lines carry information at stupefying rates and cheap, off-the shelf encryption systems can stump the most powerful supercomputers on earth?
Modern  Sigints
Rather than the creation of ever more sensitive receivers or code-breaking computers, the hot areas of cloak-and-dagger information gathering include tapping fiber optic cables, even at the bottom of the sea; using tiny bugging devices and old fashioned bribery, blackmail, and burglary to get at data before it can be encrypted; exploiting software flaws and poorly configured communications systems to bypass data security measures; and automatically winnoving the vast amounts of intercepted communications.
The old workhouse surveillance system, run by the United States-with the United Kingdom, Canada, Australia, and New Zealand as junior partners, was created in 1947 under the secret UKUSA agreement. It is often referred to as Echelon in the popular press.
Whether or not the modern Sigint system is of value boils down to a technical question: in the face of a telecommunications explosion that has brought e-mails, cellphones, beepers, instant messages, fiber optic cables, faxes, video-conferencing, and the Internet to every corner of the World, can the UKUSA intelligence agencies attain enough access to know what’s going on?
Of course, some communications are easier than others. Wireless communications in particular offer two key advantages-you can intercept them without physically tapping into the target’s communications systems, and there is no way to detect that they have been intercepted. Microwave, radio, telephone, walkie-talkie-communications that are all in the air are all interceptible by some sort of antenna in the right place.
The advantage of the Bejucal base is that it spies, listen to, the United States. However, the disadvantage of the United States is that it has to cover a wide range of territories, disperse terrorist groups, countries. The United States has to go after sporadic miniwars and terrorism.
Fiber optic systems
Before the widespread use of fiber-optic cables, geosynchronous satellite constellations, such as Intelsat, Intersputnik carried much of the international communications traffic. Such links can be comprehensively monitored by placing a receiving station in each satellite’s transmission footprint. In contrast, cables have to be tapped directly. While this is easy enough to do if the cable makes a landfall in a territory controlled by a UKUSA country, someone has to visit the cable clandestinely if it doesn’t, typically in a submarine.
Fiber optic cables are the toughest to crack: fibers don’t radiate electromagnetic fields that can be detected. Eavesdroppers first solved this problem by targeting the signal boosting repeater stations strung along the cables. But the development of erbium-doped fiber amplifiers, in which the signal is boosted without ever being converted into electricity, called for a new approach.It is not impossible to tap, but the fiber being one of a dozen hair-thin strands of glass, which are embedded inside a laser welded, hermetically sealed, 3 mm diameter stainless steel tube, makes it harder.  This tube is in turn covered by a few centimeters of reinforcing steel wire and cables carrying 10 Kvolts of DC power, all at a depth of of a couple of thousand meters.
It is not impossible, but very difficult. The easiest interception technique is to open up one of the repeaters to get at the fibers. , but it is very difficult, because you have to do it perfectly. Parts must either be sourced from the manufacturer or duplicated exactly.
A big remaining challenge is fiber optic cables that stay on land. One of the things that special troops (including Cuba’s elite troops) spend a fair amount of time is going ashore and walking to the nearest line.
By bugging a computer or communication system, information can be captured before it is sent through a fiber optic cable. A tiny microphone dropped into a key-board can pick up the sound made by the keys as they are struck and transmit the sounds to a nearby receiver. ( The Cuban Red Avispa ring was trying to do this). Different keys sound different, each has a specific signature.Those signatures can be used to reconstruct what was typed.
The rise of ubiquitous computer communications has allowed the emergence of widely available strong cipher systems, such as public key cryptography, which rely on mathematical functions that would take the greatest supercomputers on earth to break. For example, the HPCs, that China acquired from the USA in the 1990s, and that supposedly Cuba got two of them from China.
Speech recognition
Speech recognition is already widely used in commercial applications, but it is much harder to convert speech into text when subjects have no intention of getting their meaning across to a computer. Talk printing may give an idea of where the state of the art is going. Variations in pitch, rhythm, and speech volume-information that speech recognition programs typically throw out-to refine word and sentence recognition, to identify speakers, and even to tell casual chats from serious discussions or the dissemination of orders and instructions.
It is assumed that speech recognition is available at the Bejucal base because from 1995 to 1997 Russia had already this technology. It is also assumed that now, with the assistance of PRC, they are trying to develop this latest technology.
Bejucal Base: conclusions
This is where the importance of the Bejucal base lies. New technologies, association with the PRC, proximity to the United States, Cuba’s elite troops, trained at the Baragua school, in El Cacho, Los Palacios, Pinar del Rio, and the talent of approximately 1,200 Cuban engineers and Computer Scientists working at the Base.
The Base coordinates its activities with: the Wajay facility, the Santiago de Cuba antenna farm, and the base at Paseo, between 11 and 15 Streets.
Is Cuba a conventional military threat to the United States? Of course not, in the conventional military parameters. it has never been a threat. Presently, there is no country that can be said that it represents a conventional military threat to the United States. Is Cuba an asymmetric military threat to the security of the United States? Yes, of course. Through biological and cyber attacks.  Due to its proximity to the United States, Cuba’s facilities in bio and cyber developments, and the relative free flow of persons between Cuba and the United States, that has made possible that Cuba be the country with more convicted spies inside the United States in the last 10 years, Cuba possibly represents a higher threat than other rogue nations