The world of espionage and cyber warfare is so complicated as to be impenetrable for the average person. If one follows the newspapers, there is a spat going on at the moment over whether or not the Russian data security group Kaspersky Lab has had its software breached by the Russia security services, in an effort to gain access to top secret US documents in computers that have Kaspersky anti-virus software installed. In essence, anti-virus software searches for known characteristics of viruses and malware to identify and then neutralise them. However, such systems can it seems be modified to search for anything, if the company is compliant, or if access to the software codes has been found by secret government agencies.
The US government is so wary of Kaspersky products that a month ago the Senate voted to ban Kaspersky Lab’s products from use by the federal government, saying that it poses a national security risk. In part this is due to the alarms raised about cyber espionage during the US presidential elections last year, since when there have been allegations of Russian interference to aid Donald Trump in his election campaign. Who knows what is true? Eugene Kaspersky, the man who founded the anti-virus business, says that there is no evidence to support the allegations, despite reports that Israeli intelligence observed Russian cyber spies using the software to search the computers of Kaspersky’s 400 million users, looking for classified material. It was clear from this that the Israelis had themselves hacked the Kaspersky network, in order to have observed others doing the same. Kaspersky could be the villain, or could be the victim. Whatever the case, the firm is likely to suffer as a result of the revelations. Several big US retailers have already stopped selling the software.
Kaspersky has been a Ferrari sponsor for the last five years, using the fan engagement for the Italian F1 team to promote his brand, while at the same time working to protect data at Ferrari. Kaspersky says that Ferrari is the most secure and protected factory in the entire automotive industry, but it will not say how or why. It is believed that some of the software searches for anomalous behaviour within the Ferrari networks. This does make one wonder whether there is cyber spying in Formula 1. Novels have been written about the hacking of F1 computers in order to steal the design of cars, but is that really possible?
Espionage has, of course, been a part of motor racing since the very beginning of the sport, with the flow of information helping the industry to develop technologies. As the sport has become more complex and more expensive, so attempts have been made to curb such activities. Fourteen years ago two Ferrari employees were accused of stealing design files from Maranello and supplying them to Toyota F1. They both lost their jobs and, four years later, both were given suspended sentences by an Italian court. The FIA stayed away from that case, saying it was not for them to be involved. However, for reasons which have never been properly explained, the federation then chose to become involved in 2007 when Ferrari manager Nigel Stepney gave 780 pages of design documentation to his former Team Lotus colleague Mike Coughlan, who was then employed at McLaren. Although McLaren proclaimed its innocence, the FIA handed McLaren a $100 million fine. The team might have fought it, but at the time was dependent on F1 revenues and decided that it might be pushed out of business if it did not accept the decision. This was one of the primary reasons why the company has since diversified significantly, to avoid being put in such a position again. There has always been a strong suspicion that the McLaren fine was a personal thing because the FIA chose not to investigate Stepney’s claim that he also gave McLaren data to Ferrari, and because when McLaren drew the FIA’s attention to a similar story involving an engineer called Phil Mackereth, who left McLaren and moved to Renault, allegedly taking 762 pages of data, in 33 files on 11 disks. Renault admitted that this was the case and the FIA ruled that the team was guilty of a breach of Article of 151c of the International Sporting Code. The same decision that was given to McLaren a few weeks earlier. The FIA thus left itself open to the accusation that it was only out to get McLaren. The argument that the $100 million fine was because McLaren denied receiving some of the data Coughlan had is not a credible explanation – and never has been. After this mess, teams began to look more closely at their security and today, it seems, the big operations have fairly advanced security, including multiple firewalls and multi-stage authentication techniques. There are, it seems, at least three hurdles in the way of hackers wanting to get into the computers at Mercedes. The team’s laptops are each given their own machine signatures, so if the machine attempts to log on to the system it is instantly blocked. If someone steals a Mercedes laptop there is still a manual password required in addition to the machine code and then there is a log-in process after that with a randomly-generated code, delivered to a separate device, such as a mobile phone, to allow access the person access. Perhaps a stolen laptop could run “brute force” password-cracking software (basically, high-speed trial and error) which could reveal six or seven digit passwords in minutes, but 10-12 digit codes would take days to crack and brute-forcing is, in any case, negated if the system restricts log-in attempts to one per minute.
I have heard of cases in which staff in F1 have downloaded seemingly-harmless software, which has inserted malware into computer, gaining access to data by recording key loggers to discover passwords. The dangers of this was more than just espionage as there is also ransomware, which encrypts data and then demands money to restore access to the data. I am told that at least one team has faced this kind of attack. Today, no-one is allowed to download anything and access to the Internet is not allowed in some factories. Other teams say that they have fended off cyber attacks, but they do not want to discuss the details. One case has come to light but it has since disappeared quietly. In December 2015 a Mercedes engine development expert named Ben Hoyle allegedly took documents and data, while he was serving out his notice, before joining Ferrari. The word is that he allegedly managed to acquire a colleague’s log-in details and took the data, while logged into the system as his colleague. It is said that he then sent the data from the computer to a mobile phone, using bluetooth technology. The fact that Mercedes spotted what was going on suggests that there are probably security algorithms in the computers that are matching machines and passwords with unusual movements of data and flagging anything untoward. When the news became public, Ferrari denied having anything to do with it and said it was not hiring Hoyle. He has since left F1.
joeblogsf1 
Machine signature and multi-factor authentication are fairly standard across the IT world now, and help prevent access by unauthorised people.
The harder problem, and one which is present in all the well-known cases, is preventing authorised users leaking data. There’s no magic bullet to this, but there are some interesting methods of detecting suspicious behaviour.
For example, if your systems show that a junior engineer has printed the design of a particular part of the car that they’re working on, that would be normal. If they’d printed out designs of various other parts, that might warrant investigation.
Humans. They’re Hard 🙂
Ah yes, life in IT would be so much easier if it wasn’t for the damn humans getting in the way! 🙂
But hey ho, in the meantime we’ll still have to deal with people trying to poke around where they shouldn’t in the systems, bringing camera phones into the office – and don’t start me on printers and scanners!
I agree, JoeW, that IT systems designers can minimise or monitor unauthorised access. Designers can create document management systems which restrict access to approved users. But the backup system (and associated accounts and certificates) has access to everything. Resilient systems have mirrored disk storage offsite. There are access holes everywhere.
You have to treat IT and engineering staff like judges. Like highly respected people. You have to pay them enough that they are hard to bribe. You have to create a culture which rejects cheating and spying — so there is a long way to go for F1.
During the week when Richard Thaler won a Nobel prize for his studies of behavioural economics, it might be pertinent to consider his ideas.
Can the internet bring about its own demise unaided? I sincerely hope not before conclusion of this year’s championship.
Joe – I assume you’ve seen this, but last year the boss of Acronis, who sponsor Toro Rosso, said that F1 teams aren’t doing enough to protect their systems.
[No links are allowed]
Louis – you obviously are not aware of the best cyber security in the business: Joe 10.1 (no link cyberware)
The third party virus scanner market will almost certainly disappear anyway. Many experts recommend not using them at all because they are becoming more of a security liability that a benefit.
Name one.
Tavis Ormandy for one, a security researcher a Google’s Project Zero
Steve Gibson, for another.
Part of this is likely just Kaspersky being caught in the US/Russian crossfire, but I suspect they’ve also brought in on themselves.
They were very vocal in blaming the US security agencies for Stuxnet (the virus which attacked the Iranian nuclear program). To me the current dramas feel like payback, and it seems likely they’ll manage to seriously damage the Kaspersky brand/business if not kill it entirely.
A very interesting article Joe. IT security is my line of work, albeit not in F1.
I’d agree with pretty much your whole article, the F1 teams have been paranoid about data for a while now and will have all sorts of monitoring software on computers and a fair amount of staff training for those who travel to races or spend time in the proximity of their competitors. Devices will all be encrypted with multi-factor authentication and will wipe themselves if unable to phone home for more than a few minutes.
From what brief glimpses I’ve seen of engineer computers and pit wall screens, most applications are web based so completely useless without access to the internal web server – the disks for which probably travel with the team principal and head of IT, or are possibly even set up from scratch at each race via a VPN connection to avoid data disks travelling at all. After the race all the data will get sent back to the factory and the laptops wiped before travelling.
All this is standard stuff for large companies sending staff and data abroad on a regular basis, and is actually surprisingly easy to manage if designed properly in the first place.
Back at the factory, security will most likely (for the big teams) run in the same way as a government department would run a “Classified” network, with two computers on each desk and no physical way of communicating between the two networks, with strict access protocols to key systems and locations.
The Kaspersky issue is potentially significant for the red team, they quickly need to decide if they can trust their vendor and act accordingly – but bearing in mind that the biggest risk to their data might be the time during which they are in the process of transitioning from one piece of security software to another.
Beware BlueBorne
@Steve L – Sorry to disappoint you, not every government dept with confidential information isn’t run on a separate ‘classified’ network. I can’t tell you any more than that.
I think that’s already more than I’d want to know!
It is a fair point though, that in the real world these things can be a little more flexible than they are in theory – usually driven by higher-ups who don’t want the security policy to apply to them, or do really stupid things like walk down a well known street full of long lenses carrying a confidential printed document!
The advantage an F1 team has over a government department, is that all those at the very top are driving the security policies, this makes it much easier for everyone else to fall into line underneath them.
It’s not beyond the realms of possibility that Kaspersky software can spy on its users. Why wouldn’t the FSB (Russian intelligence, the KGB’s successor) require “backdoor” access into the software, very much like the CIA/NSA would like a backdoor into iPhones. The NSF likely has more influence on Kaspersky than the CIA on Apple.
It’s not beyond the realms of possibility that Kaspersky software can spy on its users. Why wouldn’t the FSB (Russian intelligence, the KGB’s successor) require “backdoor” access into the software, very much like the CIA/NSA would like a backdoor into iPhones. The FSB likely has more influence on Kaspersky than the CIA on Apple. (Correction from previous post – FSB not NSF)
There is a US law that says anything stored on a US server, for instance Dropbox is also provided, unencrypted, to the NSA
I’d prefer my info read by the US rather than the Russians, but, anything accessible on the internet is at risk from someone/everyone.
Also, Steve L (above) didn’t address the gigabits of data transferred real time from the track back to the factory – that data stream is an access point for unfriendly actors, irrespective of encryption carried by IT staff to the circuit.
Yes, I’d be very interested in how the data flow from car to garage to factory works in more detail. I’d guess the car data is encrypted using something similar to your standard wifi but on a lower frequency for less interference and more range; and then how they get that back to the factory in what team managers have alluded to is almost real time. Do they take a somewhat variable broadband connection from the circuit for example, or do they use an expensive satellite link like the TV companies for guaranteed bandwidth, if only when the cars are actually on track? I’m guess both, probably with a mobile backup as well!
I’ve heard stories of a terabyte of data created by a team over a race weekend, would be a great story for an F1 journalist to get an insight into how it all moves around.
Great post, thank you. I seem to remember Williams doing a deal with Thales not long ago, it made me wonder to what extent F1 teams cyber-protect themselves not just from stealing data but also from software corruption in the style of Iranian uranium enrichment centrifuges. That could explain some of the recent poor wind-tunnel correlations from a number of top teams. Probably a little tinhat but fun to speculate.
Hi Joe, your permission please to use the title, “Grand Prix Saboteurs” for my new novel.
A dirty dozen with concealed cameras are putting out free live broadcasts of the races. Things take a nasty turn at this year’s Austin gp.
A series of gory murders, all involving ‘harmless’ Claire Williams.
Claire W goes on the run with all the Kaspersky data.
Joe Saward investigates, and pulls a gun on the innocent J Todt
Claire found in a dugout under turn 1, bringing out the SC.
I don’t want to give away the best bits just yet…
No.
Brute force techniques are not such an issue these days as they are easily prevented by limiting repeated attempts to enter a password – say three attempts per hour.
Did I not just write that?
Ah sorry. I missed the last sentence in that paragraph.
Yes you did. But we knew that already Joe, step away from the keyboard, don’t get in the way of the petard hoist.
See what I did there ;-}
No idea. You think I have time to study each comment in exquisite detail… bad news
‘No idea. You think I have time to study each comment in exquisite detail… bad news’
:-O 😦 ;-} nope, just chatting.
Thanks for your blog Joe, always a good read, it has a wider view of F1 and runs at a pleasantly different pace to the rest of the F1 circus. I’m just sorry I can’t make it to your Audience with
The whole McLaren episode of 2007 is full of mystery and intrigue. I read Max Mosley’s (head of the FIA at the time) side of it in his autobiography. I hope Ron Dennis (then McLaren TP) writes his autobiography soon so that we can hear his side of the story. Nigel Stepney wrote an account of the episode, but no publisher would touch it. Next thing you know, Stepney is run over by a truck so his account is buried along with him. And, talk about karma, but in 2008, Mosley is exposed by the News of the World in an adventure with some naughty ladies. I wonder who blew the whistle on that one! There certainly seems to have been a personal grudge between Mosley and Dennis. There was also the issue between the EU monopolies agency and the FIA, not to mention the tobacco sponsorship row. Joe, you need to connect the dots for us. Yes, I know, you can’t until the players involved are in their graves!
Max Mosley’s side of the story was exactly that. Nigel was Nigel. He never got to tell his side of the story, although he told some of it to some of us. The problem was that he was a little deluded. I have no idea why he died, but I know that the driver who hit him believed that he had walked out under the truck deliberately. Who can say? He was a mate of mine (and a good source) and i never understood it. Mosley got what he deserved in 2008, but it was his own doing. No-one did it to him. He did it to himself. Arrogance is a weakness. Tobacco and monopolies are irrelevant.
I think once you move from the back page to the front page by giving the world’s largest sporting fine, people who didn’t really notice you or your position of importance start to notice you. Say a lady of the night, who previously just saw you as a typical ex public schoolboy who likes the sore botty treatment. She’s sees them everyday, it’s no big deal. But when one appears on the front page of papers, suddenly tongues start to wag and certain shady people see an opportunity to make some money. Not long after a secret camera finds its way into the room of your pleasure and your fate is sealed.
Having read MM book and not quite believing what he says and the whole McLaren episode around spying and NS and his troubles. Mix in BE and his “saintly” handling of issues around F1.
There has to a few books out their waiting to be published. I hope
I think Ron’s downfall was his lie to the FIA.
If you believe that he lied.
It’s what has been said at the time.
Going back to that 2007 affair…it was truly ridiculous. I suppose the Ferrari-to-McLaren data transfer was somewhat more substantial than the McLaren-to-Renault issue, but I doubt that it was 100 million times worse!
It was not. There was less proven with the Ferrari-McLaren than there was with the McLaren-Renault. The problem was that someone wanted to get Ron Dennis.
That “someone” being Max, no?
Was that someone fond of dressing up in dubious enemy ww2 military clothing and being ahem entertained by some nice ladies?
Can you prove it was enemy? WW2? You can say military-style clothing but loose wording sinks ships in a court of law.
Exactly. One million of the fine was for cheating. The other 99 was for Ron being a…..
They is a libellous remark
I’m an American and Kaspersky scares the hell out of me. I believe the Russian government has used it to infiltrate US government computers.
Think America scares the rest off of the world at the moment
Hope this comment is a joke Phil
I used their software because of their Ferrari sponsorship. After the 2016 US elections, I uninstalled it. Using Russian software, I don’t know what I was thinking…
As America has never done that to another country to manipulate results, bring down democracy, presidents, undermine the government and change the rule of law or spy on other countries. PLEASE.
I guess all the super powers do that-
Take heart Phil, the US capability in this field is considerable, and demonstrated. In espionage it’s not the stories you hear about that should scare you, it’s the ones you don’t know about 😀
Also, this is F1. I’d rather talk about FIA bias, pre-ignition, oil burning, tyre pressure, braking technique, athlete mind management, reliability, funding bias…..
Is, I believe, the response the US government was looking for. Good citizen, have a cookie. Of course, there isn’t any actually proof that they did, but that isn’t really important, is it now? Although, I imagine The Donald is still rocking Kaspersky on his personal computers, you know, as a sign of solidarity to his paymasters.
Thank you Joe. Great article!
Ben Hoyle almost got away with it. He was allegedly caught by accident, when a colleague spotted him accessing information that he wasn’t allowed to access. There’s a lengthy explanation written by Adam Cooper in December 2015. Mercedes must have strengthened their internal network security since then. As you say, the case doesn’t appear to have come to court. Hoyle is probably filling shelves now.
It’s amazing the number of companies with massive amounts of valuable information on their computers who allow Interweb access to everyone on site.
Hoyle is working in Detroit, which would suggest he’s still in the automobile business. As to being spotted, I believe it was an algorithm in the software that flagged the movement. I doubt the accident story.
Unortunately the full truth is unlikely to be told in any matter concering Ferrari; since apparently Italian law allows relatives of a deceased person to take legal action against any apparent defamation. So even when certain people have died it will not be safe to tell the truth.
America has its own source of spyware of all sorts in an agency that threatened to stop spying ony last week.
Very interesting read; but with the various woes going on at Ferrari, I have wondered several times how secure the in-car IT is, and whether someone could hack it and mess around with the cars characteristics sufficiently to cause the problems we have seen. For sure, Ferrari wouldn’t want to admit to the issue, and so point us in the direction of the parts that they say failed…
Given the high-level of computing power involved in F1 cars today, it is probably not beyond the realms of possibility… and perhaps easier than hacking into the company’s main IT systems…
Anyhow, I am far from being an expert, and am probably too hung up on conspiracy theories…
Renault made a clean breast of things and conducted a thorough investigation. McLaren were evasive and wasted everybody’s time in the first hearing. It later emerged that Dennis had known about some information that came from Stepney and that people high up the McLaren food chain knew that Coughlan had documents from Ferrari.
Mosley wrote in his book that if McLaren had come clean at the first hearing, they’d have got off a lot more lightly.
Also it wasn’t just the drawings. A member of Renault’s staff had drawings that he shouldn’t have had, sure, but there was a lot of tactical information coming from Ferrari into McLaren via Stepney and Coughlan.
It’s not apples and apples.
Well, I disagree. I think it is exactly the same.
McLaren even knew in which lap Ferrari were to pit ahead of each pit stop. Stepney gave the information. I don’t think it was suicide. Stepney was not that kind of man. However the truck driver would say that, wouldn’t he?
Ill-informed tosh.
Please elaborate if you have further information. Or are you just trying to stirr things up?
Ill-informed? I don’t think so. We know, for example, that two drivers on the McLaren staff knew that information was coming from Stepney and were prepared to mine that source.
We know that Neale was shown Ferrari drawings by Coughlan, his response being along the lines of “put that back in your case and I’ll pretend that I don’t know about it”.
We know that Dennis knew at least about the early exchanges of data (not necessarily about the 780 infamous pages) because in a hearing he tried to characterise them as legitimate whistle blowing, and because he told Coughlan to break off contact (but didn’t bother to tell FIA that there was a whistle blower within Ferrari).
We know that Coughlan and Stepney spent a lot of time on the phone, with frequency of calls and messages peaking just before races.
We know that McLaren received and tried to act on information about Ferrari strategy.
So that’s some of the data. You might come to a very different conclusion, but nobody saying these things, all taken from testimony given under oath before an FIA hearing, is ill-informed.
I seem to remember reading long ago that the McLaren 100 million fine was reduced to 50 million but the bigger figure is the one that keeps getting mentioned. Does anyone know what McLaren actually paid in the end? I’d love to know.
It was not reduced. The money came from prize money and so McLaren actually had to pay less in cash, although it cost them the same. And they have not forgotten how and why it happened.
The total loss to them was indeed 100 million dollars. Some of it was FOM money they would have been paid for their position in the constructor’s championship, they then had to to pay the balance in cash.
It would have destroyed many a team, and it’s hard to see how it didn’t hurt McLaren in the long run.
As you say this is a complicated affair. The US Government has made a lot of noise about Kaspersky ‘being dodgy’, but it should be noted that the Americans are still bearing a grudge against Kaspersky because of the company’s central role in exposing the Stuxnet virus back in 2008, one industry experts believe was created by the US Security services to cyber attack Iran.