Search This Blog

Friday, October 13, 2017

The world of espionage and cyber warfare in F1 !


October 13, 2017 by Joe Saward


The world of espionage and cyber warfare is so complicated as to be impenetrable for the average person. If one follows the newspapers, there is a spat going on at the moment over whether or not the Russian data security group Kaspersky Lab has had its software breached by the Russia security services, in an effort to gain access to top secret US documents in computers that have Kaspersky anti-virus software installed. In essence, anti-virus software searches for known characteristics of viruses and malware to identify and then neutralise them. However, such systems can it seems be modified to search for anything, if the company is compliant, or if access to the software codes has been found by secret government agencies.

The US government is so wary of Kaspersky products that a month ago the Senate voted to ban Kaspersky Lab’s products from use by the federal government, saying that it poses a national security risk. In part this is due to the alarms raised about cyber espionage during the US presidential elections last year, since when there have been allegations of Russian interference to aid Donald Trump in his election campaign. Who knows what is true? Eugene Kaspersky, the man who founded the anti-virus business, says that there is no evidence to support the allegations, despite reports that Israeli intelligence observed Russian cyber spies using the software to search the computers of Kaspersky’s 400 million users, looking for classified material. It was clear from this that the Israelis had themselves hacked the Kaspersky network, in order to have observed others doing the same. Kaspersky could be the villain, or could be the victim. Whatever the case, the firm is likely to suffer as a result of the revelations. Several big US retailers have already stopped selling the software.

Kaspersky has been a Ferrari sponsor for the last five years, using the fan engagement for the Italian F1 team to promote his brand, while at the same time working to protect data at Ferrari. Kaspersky says that Ferrari is the most secure and protected factory in the entire automotive industry, but it will not say how or why. It is believed that some of the software searches for anomalous behaviour within the Ferrari networks. This does make one wonder whether there is cyber spying in Formula 1. Novels have been written about the hacking of F1 computers in order to steal the design of cars, but is that really possible?

Espionage has, of course, been a part of motor racing since the very beginning of the sport, with the flow of information helping the industry to develop technologies. As the sport has become more complex and more expensive, so attempts have been made to curb such activities. Fourteen years ago two Ferrari employees were accused of stealing design files from Maranello and supplying them to Toyota F1. They both lost their jobs and, four years later, both were given suspended sentences by an Italian court. 

The FIA stayed away from that case, saying it was not for them to be involved. However, for reasons which have never been properly explained, the federation then chose to become involved in 2007 when Ferrari manager Nigel Stepney gave 780 pages of design documentation to his former Team Lotus colleague Mike Coughlan, who was then employed at McLaren. Although McLaren proclaimed its innocence, the FIA handed McLaren a $100 million fine. The team might have fought it, but at the time was dependent on F1 revenues and decided that it might be pushed out of business if it did not accept the decision. This was one of the primary reasons why the company has since diversified significantly, to avoid being put in such a position again. 

There has always been a strong suspicion that the McLaren fine was a personal thing because the FIA chose not to investigate Stepney’s claim that he also gave McLaren data to Ferrari, and because when McLaren drew the FIA’s attention to a similar story involving an engineer called Phil Mackereth, who left McLaren and moved to Renault, allegedly taking 762 pages of data, in 33 files on 11 disks. Renault admitted that this was the case and the FIA ruled that the team was guilty of a breach of Article of 151c of the International Sporting Code. The same decision that was given to McLaren a few weeks earlier. The FIA thus left itself open to the accusation that it was only out to get McLaren. The argument that the $100 million fine was because McLaren denied receiving some of the data Coughlan had is not a credible explanation – and never has been. After this mess, teams began to look more closely at their security and today, it seems, the big operations have fairly advanced security, including multiple firewalls and multi-stage authentication techniques. 

There are, it seems, at least three hurdles in the way of hackers wanting to get into the computers at Mercedes. The team’s laptops are each given their own machine signatures, so if the machine attempts to log on to the system it is instantly blocked. If someone steals a Mercedes laptop there is still a manual password required in addition to the machine code and then there is a log-in process after that with a randomly-generated code, delivered to a separate device, such as a mobile phone, to allow access the person access. Perhaps a stolen laptop could run “brute force” password-cracking software (basically, high-speed trial and error) which could reveal six or seven digit passwords in minutes, but 10-12 digit codes would take days to crack and brute-forcing is, in any case, negated if the system restricts log-in attempts to one per minute.

I have heard of cases in which staff in F1 have downloaded seemingly-harmless software, which has inserted malware into computer, gaining access to data by recording key loggers to discover passwords. The dangers of this was more than just espionage as there is also ransomware, which encrypts data and then demands money to restore access to the data. I am told that at least one team has faced this kind of attack. Today, no-one is allowed to download anything and access to the Internet is not allowed in some factories. Other teams say that they have fended off cyber attacks, but they do not want to discuss the details. 

One case has come to light but it has since disappeared quietly. In December 2015 a Mercedes engine development expert named Ben Hoyle allegedly took documents and data, while he was serving out his notice, before joining Ferrari. The word is that he allegedly managed to acquire a colleague’s log-in details and took the data, while logged into the system as his colleague. It is said that he then sent the data from the computer to a mobile phone, using bluetooth technology. 

The fact that Mercedes spotted what was going on suggests that there are probably security algorithms in the computers that are matching machines and passwords with unusual movements of data and flagging anything untoward. When the news became public, Ferrari denied having anything to do with it and said it was not hiring Hoyle. He has since left F1.

No comments:

Post a Comment