EYP: preparations for digital war

The National Intelligence Service is preparing for the possibility of a large-scale cyber war. Due to the tension in the region, it is starting to shield critical government infrastructure from possible cyber attacks.

According to information from "K", the next one space και για τους επόμενους μήνες η EYP will perform vulnerability checks on a number of government targets, such as the Maximos Palace, the Presidential Palace and the Ministry of Finance.

The results of the tests (penetration tests) will be confidential and the leadership of the government will be informed about them initially. Depending on the findings, there will be initiatives to strengthen the digital security of sensitive Organizations.

International developments, after all, reveal the growing use of electronic weapons in international conflicts and disputes between states. The recent conflict between Israel and Iran, although it went "small" due to the pandemic, is a revealing example.

At the end of April, there were serious malfunctions in the operation of Israel's water supply and sewerage systems. The competent national service of the country - the corresponding EYDAP - initially attributed the problem to technical malfunctions, but then admitted that its systems had become the target of an electronic attack.

There were reports in the country's press that said the attack was launched by Iran using servers in the US and Europe. On May 9, Iran's largest commercial port, Shahid Rajaee near the Straits of Hormuz was shut down as a result of a large-scale cyber attack. Publication of Washington Post απέδωσε την επίθεση στο Ισραήλ, ενώ τις αποκαλύψεις επιβεβαίωσε εμμέσως ο αρχηγός του Γενικού Επιτελείου Αμυνας του Ισραήλ Αβίβ Κοτσάβι, δηλώνοντας ότι «το Ισραήλ θα συνεχίσει να δρα κατά των εχθρών του με πολλά και διαφορετικά εργαλεία».

The first thoughts in the government and the EYP on shielding the critical government infrastructure for the possibility of an electronic war came in January when the Turks managed to shut down government websites, such as the Ministry of Foreign Affairs, the Ministry of Finance, the Parliament and even the Parliament itself. of the EYP.

The Turkish group "Anka Neferler" claimed responsibility for those attacks. In a Facebook post, she wrote: "Greece is threatening Turkey in the Aegean and the Eastern Mediterranean. "And now it threatens the Libyan conference." The attack did not cause damage to the computer systems of sensitive government agencies, but did alarm the government and the National Intelligence Service.

In the period that followed, there were discussions between EYP executives and the competent authority of the Ministry of Digital Policy in order to take immediate measures to strengthen cybersecurity. However, the spread of the coronavirus and the global health crisis "temporarily" "frozen" the developments.

Record problems

According to information from "K", in the immediate future, the EYP, after consultation with the National Cybersecurity Authority, will begin vulnerability checks on ten "critical" government targets. Executives of the service with the help of specialized personnel will carry out virtual cyber attacks and attempts to infiltrate the computer systems of ministries and other government agencies.

Στόχος της διαδικασίας είναι να εντοπίσουν και να καταγράψουν προβλήματα που υπάρχουν σε δύο τομείς. Ο πρώτος αφορά την πολιτική ασφάλειας των Οργανισμών: Ποιοι υπάλληλοι έχουν πρόσβαση σε συγκεκριμένους υπολογιστές; Ποιοι υπολογιστές ή servers έχουν κωδικούς ασφαλείας; Κάθε πότε οι κωδικοί αυτοί αλλάζουν; Τα προβλήματα θα επισημανθούν στις διοικήσεις των Οργανισμών ώστε να αντιμετωπιστούν άμεσα καθότι η «treatment» τους δεν απαιτεί χρήματα.

The second goal of the tests is to check if the servers, computers and programs they use can meet modern security requirements or need to be replaced. There is concern that due to the ten-year economic crisis in the country most of the systems are technologically obsolete and therefore vulnerable to cyber attacks.

As, after all, "K" had revealed in April 2019, the Maximos Palace, the Ministry of Foreign Affairs, the EYP and the Hellenic Police were cyber targetsespionages. According to cross-referenced information, the perpetrators had managed to gain access to the internal networks of government agencies and intercept their electronic mail. The attack was noticed due to a malfunction in the use of emails, while the control showed that the problem was due to a cyber attack against the registry of Internet names ending in .gr and .el, whose technical support is provided by the Research Technology Foundation in Heraklion Crete.

Vulnerability checks by the EYP will take about 10 months and will be limited to government services and structures. For the digital security of the Public Benefit Organizations, for example, such as PPC or EYDAP, the Directorate of Cyber ​​Defense of the General Staff of National Defense (GEETHA) is responsible.

Exchange of "fire" from hackers

Following the cyber attacks last January, Turkish hackers "threw" on June 7 the website of the Municipality of Chalkidona, Thessaloniki. They changed the look of the front page and posted a photo of Kemal Ataturk with the slogan "Know your limits".

A group of Turkish hackers claiming to be "the Turkish cyber army" claimed responsibility for the attack. The idiosyncratic cyber war continued as the Anonymous Greece group attacked - in retaliation - the website of the Turkish Ministry of National Defense, shutting it down. "After an attack by Greece and specifically a municipality (something insignificant for us) from Turkey, we also attacked.

"The Turkish Ministry of National Defense is out," the members of the Greek team said in a post.

kathimerini.gr