Workshops‎ > ‎cs-ga-2011‎ > ‎

Gabriele Biondo



I am a native Italian IT Security expert who, six years ago, opted for the international career. The real reason was that I wanted to face new, exciting challenges not only limited to the professional life, but also affecting my daily routine.

Starting as a Macintosh programmer, in the late nineties, I quickly discovered that Operating Systems were way more important to me than writing algorithms and designing GUIs. When I first discovered BeOS, I realized that there was still something new to the OS’s. I approached the Open Source path quite soon, exploring Linux and what was soon to become my real passion, namely OpenBSD. From then onwards, also pushed by the Internet’s exponential growth, I started my IT Security path. And, to date, it’s not only my job, but my passion. I have had the chance to approach the enterprise market quite soon, which exposed me to the management of complex infrastructure not only in technical terms, but also from the perspective of processes, procedures and standards.

Throughout my whole career, my technical background has always been the real competitive advantage allowing me to add a real value – after all, nobody can really manage the security of an organization better than a penetration tester.

Professional life:

I have always been a freelance contractor.

Among all the achievements I have reached, I am very proud of the following:

• Guest lecturer in penetration testing techniques ℅ the MSc “Master en Seguridad de la Tecnologias de la Informaccion”, held by Universidad la Salle, Barcelona.

• Lecturer ℅ several conferences for IT Professionals (main subjects: ITSecurity, IT Forensics, BCP and DR procedures).

• Member of the scientific committee editing the ITIL book “Capacity Planning – A practitioner guide”, Van Haaren Publishing, Amsterdam nel 2009.

• Member of the steering committee of DHL/Deutsche Post for deciding policies of acceptable use of the LDAP infrastructure (Bonn, 2009). Penetration testing: over 100 penetration tests performed in the last 7 years. Only in two cases my activities have detected by my customer’s engineers.


CSFI’s Project Cyber Dawn – Libya

Project Cyber Dawn is the result of a collaborative research effort of twenty-one individuals from the USA, Australia, Canada, Egypt, Italy, Tunisia and the UK. The Cyber Security Forum Initiative (CSFI) is a non-profit, worldwide organization with a mission to provide Cyber Warfare awareness, guidance and security solutions through collaboration, education, volunteer work and training to assist NATO partners in their common government, military and commercial interests. Today, CSFI is a community of nearly seven thousand cyber security and cyber warfare professionals from governments, ilitaries, private sector and academia.

Project Cyber Dawn: Libya collates, analyzes and reports on raw data and its interconnections that have been harvested from the public domain. Recent events are correlated with known historical data to provide an in depth view into Libyan Cyber Warfare capabilities and defenses.

In light of recent NATO actions to protect Libyan civilians, the primary media focus has been placed on the elimination of Libyan military equipment that has been, or could be used to suppress and oppress, through the use of lethal force, the civilian population. In this information age, this report provides a detailed look at the information technology status of Libya.

Through this analysis, CSFI can help the international community to understand not only Libya‘s potential to influence the balance of cyberspace, but also the physical repercussions of cyber-attacks originating from, and directed towards Libya. In light of the recent STUXNET virus attack on Siemens produced Supervisory Control And Data Acquisition (SCADA) systems, particular focus is given in later chapters to Libya‘s vulnerabilities to this genre of attack and the risks associated with this.

Project Cyber Dawn: Libya provides a picture of Libya‘s current Internet status with a historical view of it implementation, current cyber terrain and infrastructure and communications networks and dependencies. Recent civil unrest has been surrounded by outages to Libya‘s Internet connectivity, the timing of which coincides with heightened civilian casualty reports.

A breakdown of known Libyan Government websites and their providers are provided. The collective analysis of these information points provides an indication to Libya‘s potential for information gathering and dissemination operations worldwide and shows recent government efforts to attempt to conceal military efforts against civilians by deliberately shutting down Internet connectivity to the country.

To ensure a continual government controlled web presence, Libya uses international service providers in it’s hosting many of which are located in the US.

Libya‘s cyber offensive and defensive capabilities clearly show a relative lack of security surrounding most of Libya‘s network and communications infrastructure, however given the rapid acceleration in IT growth, this is expected to become a key focus area in the near future. Although behind in offensive cyber security capabilities, the threat of cyber attacks from, or on behalf of Libya should not be ignored.

Government efforts to recruit cyber-mercenary groups have been successful with over 10 identified loyal hacking groups. Many of these have no geographical affiliation and as such are notoriously difficult to monitor and defend against. If left unchecked by the international community, Libyan cyberspace could provide a fertile ground for malicious software development, cyber-attacks against allies, and further cyber-activist recruitment.

A study of malware signatures and activity rates Libya as high (150+ DLI Score), indicating a relatively low security level and a significant risk of breaches and attacks. The type of risk is classified as severe indicating a high probability of data loss, malicious advanced persistent threat (APT) activity and propagation as well as multiple compliance failures. Ongoing monitoring during government controlled Internet shutdowns shows almost a 90% reduction in malware with activity focused within the Tripoli area.

This indicates that some connectivity is maintained during these outages and that these systems may be vulnerable both new attacks and exploitation of current infections.

The presentation will also highlight IT investments in Libya and foreign partnerships and indicate overall sector expansion and growth prior to the recent unrest.

Libya is adopting new communications infrastructures such as satellite broadband, submarine fiber optics and 4G mobile communications as they increase their investment in information technology education. Although Libya is poised toward rapid growth and progression, evidence suggests there is a risk of disruption as a direct consequence of recent events. In this current climate, there is a significant risk of cyber-attacks against Libya that may have far-reaching effects. It is likely that Libya will continue to progress at an increasing rate in their infrastructure and IT self-sufficiency in the coming decade.

The risk of targeted and focused attacks on a countries infrastructure and corporate knowledge is becoming more severe as an appreciation for information control and acquisition develops.

Recent media has covered stories of such attacks and some experts have theorized that certain of these may have been state sponsored. Although Libya has limited internal cyber warfare knowledge, she has drawn heavily from forces outside her borders in the past and will likely continue to do so until the current generation of students develops the necessary expertise.

Libya is at a critical period and it is recommended that the international community come together to encourage the development of acceptable behavior, protocol and standards for this rising generation of specialists.

The impact of a successful cyber-attack on Libya may have far reaching consequences. A single individual or small group has the potential, in a worst-case scenario, to gain a measure of control over the economies of allied nations whose economies have a level of dependence on Libyan oil production.

Libya‘s lack of cyber security coupled with industrial automation presents a ripe target for attacks that are designed to gain control of, or sabotage critical infrastructure. Potential outcomes and are discussed with their local and global impact. The impact of infrastructure-targeted cyber-attack is not limited to the systems affected, or even trading partners who rely on the production of oil, or gas products. A successful attack against a refinery or electrical grid system has the potential to lead to a widespread fear of repeat attacks in other regions and cause an inflation surge in the global economy due in part to a loss of consumer confidence. Even if other systems were protected from these vulnerabilities, there remain questions of whether the general public will be trusting of these protections, and how effective nations will be in collaboratively responding to these threats.

CERTs (Computer Emergency Readiness Teams) are designed to provide cyber emergency channels for nations to respond to and defend against cyber-attacks. Although no internal CERT is in place, Libya is a full member of OIC-CERT (CERT of the Organization of Islamic Countries). There is no evidence to date that Libya has benefitted from this arrangement or possesses any cyber capabilities other than the

external groups already mentioned. Previous behavioral patterns suggest that it is more likely in the event of an attack that Libya would solicit the assistance of Serbian professionals rather than OIC-CERT.

Serbian, Tunisia and Malaysia all have functional CERTs that may assist Libya under such circumstances.

The short and long-term impact analysis of cyber warfare shows Italy as being the largest consumer of Libyan oil. Ireland, Italy and Austria all receive over 20% of their total oil from Libyan sources.

It is hoped that the analysis and research presented in this report will increase awareness of cyber warfare as both a threat to be aware of, and an effective tool that if used appropriately, may expedite the resolution, or reformation to a post-conflict and stable Libya by a reduced loss of civilian life and minimal negative impact to global economic stability.

Project Cyber Dawn was created for the purpose of educating both our local communities and world governments on the current cyber security position of Libya.

Libya‘s current state of unrest, the use of the Internet and cyberspace from actors on both sides of the conflict and Libya‘s quest to significantly increase its IT capabilities in order to attract foreign investment has created an environment in Libya primed for cyber-attacks.

CSFI can help our international community to understand not only how Libya could possibly influence the balance in cyberspace but also the physical consequences of cyber-attacks originating from and directed toward Libya. Special focus has been given to exploring SCADA, an extremely relevant topic and highly related to potential gaps within Libya‘s infrastructure.