Friday, February 18, 2011

Is this man a specialist in cybernetic counterintelligence?

Eduardo Fontes Suárez
A 53 minute video of Eduardo Fontes Suárez giving a presentation on the US attempts at cyber war against Cuba was recently leaked and put online. I won't say more about that because you can read an excellent discussion of its content and likely authenticity here. You can also read a transcript in English or in Spanish.

I will focus on the part of the talk during which Fontes Suárez, who is a "specialist in cybernetic counterintelligence," describes a plot by the US to smuggle ten BGAN satellite terminals into Cuba on order to provide unfettered Internet access by NGOs, bloggers and others.

Fontes Suárez seems to have little knowledge of the technology he is describing, which leads him to grossly overstate its capability.

Fontes Suárez says there are "10 BGAN terminals in different parts of the country" and "These ten terminals are around wireless networks which already existed".  Wow -- ten pre-existing wireless networks with unfettered Internet access sounds like it might be a big deal, but let's look further.

How big are these ten wireless networks? The fastest BGAN terminal is capable of "up to" 492 kbps and subject to the usual high latency of a satellite link. So these "wireless networks" are actually just WiFi hot spots with users sharing a slow, high-latency connection. One user may be able to watch a Netflix video or carry on a VoIP conversation, but if there were, say three or four, they would be restricted to very slow Web surfing or text applications.

Fontes Suárez also refers to people sitting at home and seeing a message pop up that says "you're connected to the Internet." He envisions them as pleasantly surprised and happily "logging on" and starting to search, surf and download. Given this description, I get the feeling that he has never used WiFi.

He goes on to talk about connecting 25-30 machines using WiFi. For a start, 492 kbps/25 = 20 kbps. Web sites are unusable at that speed. He goes on to say the 25-30 machines can be spread out over a half mile to a mile. WiFi is designed for small, local area networks. A WiFi link connecting only one user who was half a mile away would take large antennas with line of sight visibility. Even if the 25 machines were in the same room as the access point, the contention for the limited number of WiFi channels and the access point protocols would slow them to a crawl.

He says the minimum number of users of a BGAN terminal is five. Is there a minimum? Does the equipment refuse to work if there are only four users? When BGAN speaks of five users, they are all assumed to be in the same room as or very close to the base station. If there were five users, remember that they would be sharing a high-latency link of "up to" 492 kbps.

Fontes Suárez also asserts that "in Havana there are thousands of wireless computers connected in any neighborhood, from Playa to San Miguel del Padron" and that kids are using them to play games and university students are using them to study collaboratively. Ten BGAN links in different parts of the country would not be of much use to these "thousands" of computers.

I do not know how widespread WiFi is in Havana or elsewhere in Cuba, but I am skeptical of this image of somewhat ubiquitous WiFi in homes and university dorms. I do know that computer ownership and Internet connection rates are low in Cuba. I also know that there would be little reason to have a WiFi access point that was connected to the Internet via a dial-up line.

It also seems that one must register a WiFi LAN. At the MIC Web site, under the heading "Wireless Networks," we see that registration is required:
Los equipos y dispositivos auxiliares que componen estos sistemas están sujetos a la obtención de un certificado de homologación otorgado por el Ministerio de la Informática y las Comunicaciones (MIC), y podrán ser sometidos a los procedimientos de medición y comprobación de sus parámetros por los laboratorios que designe ese ministerio.
The application form is here. (Note that it describes the radios as spread spectrum in frequency band 2456 to 2482 MHz. The frequency is not exactly WiFi -- this may be a typo or indicate some non-standard technology). Does anyone know whether this registration requirement is actually enforced?

Finally, Fontes Suárez claims that BGAN terminals use "linear transmission," which he claims is difficult to detect and it surely sounds nefarious, but what does that piece of snow/jargon mean?

Some have questioned the authenticity of this leak - it may be a plant. One never knows, but it is hard for me to believe that Fontes Suárez is a specialist in cybernetic counterintelligence.

18 comments:

  1. Excellent post, blog. Will surf this way frequently.

    ReplyDelete
  2. Actually, although I would like to see free uncensored internet in my country, I have to disagree with a few arguments in this article, since most of the points the author denies to be possible, I have seen them or used them myself.

    I used to live in Cuba until a few months ago, I used to have an illegal dial-up internet connection at home, 56kbps, and I shared with other 5 computers. Sure thing it was painfully slow, no youtube or whatsoever, but it does work, and it was far better than having nothing.

    Also, about a year ago, I helped a friend to install a node for a wireless network that goes from "La Lisa" up to "Miramar" (around 10km in Havana). It was mainly used to play video games, but it is there, and it does work. All we needed was a few square aluminium dishes that we used as antennas on top of some high buildings.

    As I said, I would like so much to see free uncensored internet in Cuba, but the arguments used in this article are just not valid.

    ReplyDelete
  3. > I used to have an illegal dial-up internet connection at home, 56kbps, and I shared with other 5 computers.


    Of course you can connect five computers to a WiFi access point, but sharing a 56kbps line averages out to 11 kbps each without taking overhead within the access point into account. I am old enough to have used 100 bps Teletypes, and was very happy to move up to 300, 1,200, 2,400 and 9,600 bps modem, but all I did was Telnet in to a time sharing system that was on the Internet to do email, transfer files, surf Gopher sites and other text-oriented application. It would be useless on a modern Web site.

    Also -- remember that Fontes Suárez is talking about 25-30 computers sharing a link, not five.


    > I helped a friend to install a node for a wireless network that goes from "La Lisa" up to "Miramar" (around 10km in Havana).


    I said the same thing -- long distance links are possible with WiFi radios, but you need larger antennas than the ones on the BGAN terminals and they must have a clear view of each other and be high enough off the ground to avoid obstructions in the fresnel zone around line of sight. As you say, your antennae were on top of high buildings, and they were outside and visible. (The WiFi distance record is over 200 miles now).

    Most important, you are talking about a single link between two computers. He gives the impression that people will be creating up networks of 25-30 computers over an area of 1/2 to 1 mile.

    He is greatly overstating the capability of the equipment and the possible impact of ten BGAN terminals with WiFi access points spread around the nation.

    Why do you suppose he would do that?

    Also -- is the regulation requiring that people register WiFi hot spots actually enforced?

    Larry

    ReplyDelete
  4. "you are talking about a single link between two computers."

    Actually, I was talking about a network with around 15 nodes... and I know about at least 2 more, one with around 10 nodes in "Old Havana" and another one with around 20 in "10 de Octubre". All these networks are strictly forbidden by the goverment, they have a team of specialists 100% dedicated to go around the city looking for them, charging fines and expropiating computers.

    But one thing are goverment rules and other thing is what cubans actually consider to be wrong. When cubans feels something that is "forbiden" is not really wrong, they do it anyways. That's why you will find underground tv cables burried under the streets in havana, illegal internet connections etc.

    Also, cubans are experts in using electronical or mecanical devices long far beyong their original specifications, that's why you will find thousands of 70-year old cars rulling on the streets. My advice: go to Cuba, you will be amaized.

    As I said, I hate the current situation of internet in my country, but many of the fears that this government official is talking about are actually well founded, at least those related to the improvised networks.

    ReplyDelete
  5. Hi Larry, very good analysis. The regulations from MIC are enforced and tight. I don´t think a common citizen coming from abroad can simply declare and import a common WiFi modem for domestic use. This is (as far as I know) only allowed to certain companies and only Kafka could understand the hoops and loops they have to go through.
    The Cuban government is terrified of people accessing free information via web or even non-State TV. It is common to see in Havana cracks down on satellite dishes using all kinds of signal detection technology, from a moving van circling around the city to hovering Army helicopters.

    ReplyDelete
  6. When I said you were talking about "a single link between two computers," I was referring to your example of a 10 kilometer link from "La Lisa" up to "Miramar." That distance requires external antennae pointed at each other and above obstructions in the Fresnel zone. Fontes Suárez paints a picture of 25-30 such links, which strikes me as unrealistic -- particularly if specialists are going around looking for them.

    I also agree that it is possible for ten PCs to share a WiFi access point -- however, if that access point has only a 56kbps backhaul connection, they will not be able to work at the same time and will be limited in the sorts of things they can do.

    Let me give you an example. The dorms at my university are small apartment buildings with 20-25 students living in each. I built a WiFi network to serve the dorms, and we required two access points per building. You can see more detail at
    http://som.csudh.edu/fac/lpress/471/hout/dorm/
    But, we had two gigabits per second backhaul and only a few were using the network at any one time.

    > My advice: go to Cuba, you will be amazed.

    I have been to Cuba, and seen the old cars and clever and resourceful use of computers and networks -- all I am trying to say is that the picture Fontes Suárez is overly optimistic.

    Why might he exaggerate the threat? Some have speculated that this video was a planted leak. But, another possibility is that he does it to enhance his career. If there is a great threat, there is a greater need for security forces and people like him. Based on my experience with bureaucracy in the US, I would guess the latter.

    I think we have discussed this enough, so let me change the subject. I would like to get more first hand description of the Internet in Cuba for this blog. It is interesting to know that you have built a 10 kilometer WiFi link in Havana. (Are you afraid it will be detected)? It is interesting to know that people are sharing WiFi access points. I hope we have more discussions like this.

    ReplyDelete
  7. Hi, thanks for sharing your thoughts with me.

    About your question, yes, of course we were afraid of our network being discovered, but this is not different from buying powder milk or beef on the black market, and we do those kind of things every day to survive, so we get used to this kind of fear... Actually the goverments uses this fear to control people behaviour, you can guess how. It's a very tricky system...

    A bit more info for you, in 2008 the connection speed in UCI university was 2 megabites per second, and it is one of the most priorized facilities in the country. Havana university had 1 megabit, CUJAE university 2 Megabits (this one I am not completelly sure, it could be less), and Matanzas university only had a few dial-up lines. Now I am using a 15gbps in the appartment where I am staying, for only 3 computers... it really breaks my heart...

    ReplyDelete
  8. funny that cubans also ask for it :-)

    Cuban asks Obama, Google chief for free Internet
    February 22, 2011
    http://news.yahoo.com/s/afp/20110222/tc_afp/entertainmentcubaitusgoogledissident

    ReplyDelete
  9. There is precedent for this.

    The US National Science Foundation subsidized the connection of 28 nations in the early 1990s, see:
    http://som.csudh.edu/fac/lpress/articles/govt.htm.

    I am working on a related post, which I hope to finish this weekend.

    Larry

    ReplyDelete
  10. I reviewed this thingy for Arena: It's great, but all the demo songs sound like Photek or someone & I have to confess that i struggled to make a tune that didn't either.

    Sunscreen

    ReplyDelete
  11. Hi Everybody,
    I know that this thread is a bit old but I just wanted to add a couple of things. First, regarding Larry's question about the WiFi registration. There is no such registration. Registration would imply simply to inform the Control Body about the tenancy of a WiFi network. What really exists is an authorisation process, only open to state entities and the few foreign companies operating there. The Agency in charge of the enforcement and the issue of licenses is called Agencia de Control y Supervision del Ministerio de Comunicaciones (ACS-MIC). The head of this Agency is the Col.(ret) Inerarity, a former officer of the Cuban Navy. The ACS is located in the intersection of Zanja and Espada streets in Centro Habana. This is the operational base of the Inspectors / Specialists, who work on the detection, fining and confiscation tasks.
    The second point is: Larry don't get surprised yourself about the level of knowledge of those "specialists" (including Eduardo Fuentes). It's actually relatively low. Please note that they, in general, have little hands on experience with that technology.
    The third point is the overstating of the BGAN capabilities by Eduardo Fontes. This is not an uncommon phnomenon in Cuba at all (at least in the counterintelligence circles). Cubans suffer of chronic paranoia, anything can be a possible sign of the enemy action. Now, if we talk about technology this paranoia is simply immeasurable. You can be sure that Eduardo's presentation is highly influenced by this "perspective".
    Basically they are scared of the new technologies. That's why they spent a huge amount of money in 2003-2005 to setup an interception center in Havana where they can eavesdrop on all the traffic flows passing through the NAP.

    ReplyDelete
    Replies
    1. Ian,

      Thanks for your comment. I found this WiFi registration form on the MIC Web site last year:

      http://som.csudh.edu/fac/lpress/cuba/wifiapp.docx

      Are you saying that it is no longer required?

      Also -- I was joking about the "expertise" of Fuentes -- he did not seem to be an expert to me.

      Is anyone using the Venezuela cable?

      Delete
  12. Hi Larry,

    >> Are you saying that it is no longer required?

    Yes, authorisation is required and the approval generally is a long process. There is another interesting point, in Cuba to setup a LAN, an authorisation is also required (similar to WiFi). The same occurs if an entity wants to interconnect domestic sites through a WAN (FR, SDH, etc. - services offered by ETECSA). I know that some companies have LANs without that auth but this is only because the lack of information and complexity of the paperwork.

    Internet access also require a series of auth before any organisation can contract the service from ETECSA. (These auth are granted by Ministry of Interior, Ministry of Justice and Ministry of Informatics and Communications).

    I've heard that the Venezuela cable is already working but only for specific government purposes. This is not strange to me since in Venezuela there are some UCI's students working on "specials projects".

    UCI - Universidad de Ciencias Informaticas

    ReplyDelete
    Replies
    1. > in Venezuela there are some UCI's students working on "specials projects".

      In an earlier post on the cable, I suggested that UCI students could be a valuable resource:

      http://laredcubana.blogspot.com/2011/03/cuba-needs-domestic-upgrade-to-utilize.html

      Perhaps those special projects are related to the cable -- perhaps students are being trained as network administrators. Please let us know if you learn more about what they are doing.

      Delete
    2. Actually they are working directly on contracts awarded by the Venezuela government to Cuba.

      Delete
  13. I just saw the video again.....

    >>Finally, Fontes Suárez claims that BGAN terminals use "linear transmission," which he claims is difficult to detect and it surely sounds nefarious, but what does that piece of snow/jargon mean?

    It looks like he is referring to the beam of the antenna. I think he meant directional.

    ReplyDelete
    Replies
    1. > I think he meant directional.

      That would make sense.

      Delete
  14. Hi Larry,

    I've read some news today coming from Venezuela where the minister for science and technology says the cable is up and running. This information matches with what I've heard before. Please check this link (in spanish)

    http://www.elmundo.com.ve/noticias/tecnologia/internet/arreaza-asegura-que-cable-submarino-venezuela-cuba.aspx

    ReplyDelete