EYP: preparations for digital war

The National Intelligence Service is preparing for the possibility of a large-scale cyber war. Due to the tension in the region, it is starting to shield critical government infrastructure from possible cyber attacks.

According information of "K", in the immediate period and for the coming months the EYP will carry out vulnerability checks on a series of government targets, such as the Maximos Palace, the Presidential Palace and the Ministry of Finance.

The results of the tests (penetration tests) will be confidential and the leadership of the government will be informed about them initially. Depending on the findings, there will be initiatives to strengthen the digital security of sensitive Organizations.

International developments, after all, reveal the growing use of electronic weapons in international conflicts and disputes between states. The recent conflict between Israel and Iran, although it went "small" due to the pandemic, is a revealing example.

At the end of April, there were serious malfunctions in the operation of Israel's water supply and sewerage systems. The competent national service of the country - the corresponding EYDAP - initially attributed the problem to technical malfunctions, but then admitted that its systems had become the target of an electronic attack.

There have been reports in the country's press that the attack was launched by Iran using servers in the US and Europe. On May 9, Iran's largest commercial port, Shahid Rajaee near the Straits of Hormuz, was shut down as a result of a large-scale cyber attack. A Washington Post article attributed the attack to Israel, while the revelations were indirectly confirmed by the Chief of the General Staff of the Israeli Defense Forces, Aviv Kochavi, stating that "Israel will continue to act against its enemies with many different tools."

In the government and the EYP, the first thoughts about shielding the critical government infrastructures for the possibility of an electronic war were made in January when Turks managed to disable government websites, such as for example the Ministry of Foreign Affairs, the Ministry of Finance, the Parliamenteven of the EYP itself.

The Turkish group "Anka Neferler" claimed responsibility for those attacks. In a Facebook post, she wrote: "Greece is threatening Turkey in the Aegean and the Eastern Mediterranean. "And now it threatens the Libyan conference." The attack did not cause damage to the computer systems of sensitive government agencies, but did alarm the government and the National Intelligence Service.

In the period that followed, there were discussions between officials of the Ministry of Defense and the competent authority of the Ministry of Digital Policy in order to take immediate measures to strengthen the cyber securitys. However, the spread of the coronavirus and the global health crisis only temporarily "froze" the developments.

Record problems

According to information from "K", in the immediate future, the EYP, after consultation with the National Cybersecurity Authority, will begin vulnerability checks on ten "critical" government targets. Executives of the service with the help of specialized personnel will carry out virtual cyber attacks and attempts to infiltrate the computer systems of ministries and other government agencies.

The aim of the process is to identify and record problems that exist in two areas. The first concerns the security policy of the Organizations: Which employees have access to specific computers? Which computers or servers have security codes? How often do these codes change? The problems will be pointed out to the administrations of the Organizations so that they can be dealt with immediately as their "treatment" does not require money.

The second objective of the tests is to check whether the servers, computers and proletterthe ones they use can meet modern safety requirements or must be replaced. There is concern that due to the decade-long economic crisis in the country, most of the systems are technologically outdated and thus vulnerable to cyber-attacks.

As "K" had revealed in April 2019, the Maximos Palace, the Ministry of Foreign Affairs, the EYP and the Greek Police were targets of cyber espionage. According to cross-referenced information, the perpetrators had managed to gain access to the internal networks of the state services and to steal their e-mails. The attack was perceived due to a malfunction in the use of emails, while the audit revealed that the problem was due to a cyber attack against the Internet registry ending in .gr and .el, which is technically supported by the Research Technology Institute in Heraklion. Of Crete.

Vulnerability checks by the EYP will take about 10 months and will be limited to government services and structures. For the digital security of the Public Benefit Organizations, for example, such as PPC or EYDAP, the Directorate of Cyber ​​Defense of the General Staff of National Defense (GEETHA) is responsible.

Exchange of "fire" from hackers

Following the cyber attacks last January, Turkish hackers "threw" on June 7 the website of the Municipality of Chalkidona, Thessaloniki. They changed the look of the front page and posted a photo of Kemal Ataturk with the slogan "Know your limits".

Responsibility for the attack was claimed by a group of Turkish hackers calling themselves "the cyber army of Turkey". The idiosyncratic electronic war συνεχίστηκε, καθώς η ομάδα Anonymous Greece επιτέθηκε –ως αντίποινα– στην ιστοσελίδα του τουρκικού υπουργείου Εθνικής Αμυνας, θέτοντάς τη εκτός λειτουργίας. «Επειτα από επίθεση που δέχτηκε η Ελλάδα και συγκεκριμένα ένας δήμος (κάτι ασήμαντο για εμάς) από την Τουρκία, προχωρήσαμε και εμείς σε επίθεση.

"The Turkish Ministry of National Defense is out," the members of the Greek team said in a post.

kathimerini.gr