A new cutting-edge cyber-security centre inaugurated in Italy will boost Europe’s cyber defence by scouring the dark internet using one of the most powerful supercomputers in the world.
The Cyber Security Centre of Excellence run by Selex ES, a subsidiary of the Finmeccanica group, is located in the Italian coastal town of Chieti and serves civilian and defence customers alike.
"This cyber-security centre is probably one of the most advanced in Europe,” said Alessandro Menna, head of systems engineering at Selex ES. "From this facility, we can provide a number of services, proactive services and reactive services as well, in order to provide thousands of organisations with a cyber monitoring and management capability in order to deal with cyber security events."
In the heart of the centre is a large supercomputer with the computational power of 300 teraflops – ranked 30th in the global list of 500 most powerful supercomputers and second in the Green 500 league, which evaluates supercomputing infrastructure in terms of energy efficiency.
"The supercomputer allows us to use crawlers and specific algorithms that we have developed, such as semantic engines, predictive analysis and neural algorithms, to analyse in real time new vulnerabilities that have not yet been uncovered,” Menna said.
"We are mostly interested in the dark web, which is hidden from normal users, but which serves as a platform where various groups or even individual hackers exchange information."
The centre not only focuses on detecting existing threats but also those emerging from the earliest planning stages.
"You can’t afford just to react to occurring attacks. You need to have certain intelligence capability in order to keep pace with the attackers, otherwise you wouldn’t be able to effectively deal with the incidents," Menna said.
Selex ES says it detects about 400 potentially serious attacks daily on its several thousands of customers around the world in the civilian and military sector. Most of the attacks are focused on industrial know-how and research and development information.
"Every day, we receive a lot of attacks from outside because we do development, we do research so there is always someone trying to steal our R&D or just some activists that are trying to demonstrate something," said Andrea Biraghi, Selex ES’s vice president for cyber-security.
"There are countries that develop their entire capabilities on this, the level is very, very high. We need to think for the future about something that can stop a country and we need to be ready to defend our countries from that kind of attack," he said.
He predicts that with the emergence of the Internet of Things the situation is bound to become worse.
"The Internet of Things will pose many vulnerabilities as the attackers would be able to access a wide range of objects of everyday life. Imagine you have a smart internet-connected fridge," he describes. "Someone could be able to tamper with the temperature remotely."
As part of its services the centre’s analysts help companies determine the weaknesses in their structure by mimicking what a real hacker would do to access the system.
"We start by selecting a target, a company, and then, by performing a simple Google search, we find who is the system administrator in that company," Menna said, explaining that cyber espionage today doesn’t require only technical and coding skills but also a good deal of psychology and social engineering.
"Once we find who is the system administrator, we search for more information about him or her. We can find his or her Facebook profile, learn something about his interests and who his or her friends are."
The ploy is simple – the attackers create a fake email account for one of the target’s friends and send a PDF attachment related to a subject which they know is of interest to the person under attack.
"To that PDF, we attach a small piece of code exploiting a zero-day vulnerability. Once the target opens the email, the malware is injected into his computer. The attacker can easily obtain important passwords and as the target is in the position of the system administrator, it is easy to spread the virus from this computer throughout the organisation," said Menna.
Such attacks can frequently go unnoticed for years as the attackers don’t perform any harmful action and only channel important and classified data outside the organisation’s network.