The insider threat is a significant problem impacting most all organizations. Background checks, if performed, do not always catch those with malice aforethought and specific intent. In this instance, Treadstone 71 has found the infiltration of the United Nations at the information technology level specific to a certain system. Shadee Mhanna is one such insider threat. An active participant in the SEA as discovered through the membership database, Shadee, born 2/13/1980 in Latakia, Syrian (standing nearly 5’11” and about 190 pounds) now living in the Mazzeh area of Damascus is one such insider.
Shadee graduated high school in 1999 from Jableh-Latakia, Syria before attending classes to gain certifications in Oracle SQL, PL/SQL v10G as well as the Oracle DBA 10G course training (2007 and 2008).
Shadee is working as an Oracle DBA on teh ASYCUDA World Database, United Nations. The keys to the kingdom are in his hands. He has listed Khaled Osman (IT Manager), Muhammad Kattan (ASYCUDA Administrator), and Ameen Alawai (ASYCUDA DBA) as his references stating that he has only traveled outside of Syria to Lebanon for a period of two months back in 2009.
Apparently, Mr Mhanna has a degree in Information Engineering and can be reached at Shadee.am@hotmail.com. His cell number (not currently verified) is 00963-988-175333.
What is ASYCUDA?
ASYCUDA is a computerised customs management system which covers most foreign trade procedures. The system handles manifests and customs declarations, accounting procedures, transit and suspense procedures.
ASYCUDA generates trade data that can be used for statistical economic analysis.
The ASYCUDA software is developed in Geneva by UNCTAD. It operates on micro in a client server environment under UNIX and DOS operating systems and RDBMS Software.
ASYCUDA takes into account the international codes and standards developed by ISO (International Organisation for Standardisation), WCO (World Customs Organization) and the United Nations.
ASYCUDA can be configured to suit the national characteristics of individual Customs regimes, National Tariff, legislation,…
ASYCUDA provides for Electronic Data Interchange (EDI) between traders and Customs using EDIFACT (Electronic Data Interchange for Administration, Commerce and Transport) rules.
Shadee’s role as an Oracle DBA includes the following:
- Monitoring and maintaining the primary Oracle RAC Database in Damascus Data Center and the standby database (Oracle Data Guard) in Lattakia Data Center.
- Executing the Backup strategy for both primary and standby databases.
- Monitoring and maintaining SAN storage and SAN switches.
- Monitoring and administrating Operating systems for databases and backup software.
- Monitoring and maintaining the backup software for databases and operating systems.
- Monitoring and maintaining the Tape Library.
- Data exchange between customs directorate and external sites.
UN Contract (one of three that go from 2012 through 2014)
- Performing database failover from primary (Damascus DC) to standby (Lattakia DC) site after SAN Storage crash.
- Running ASYCUDA on Lattakia DC.
- Maintaining SAN Storage on Damascus DC.
- Rebuilding Oracle Data Guard on the new standby site (Damascus DC).
- Performing database switchover from new Primary site (Lattakia DC) to new standby site (Damascus DC) and so restoring the old scenario of work with no data lose.
Of note is Shadee’s use of the Blom Bank S.A.L located at Chtaura, Main Street, Bekaa, Lebanon. Treadstone 71 has decided not to publish his account number at this time. An address while in Lebanon:
Shadee Mhanna Port Saiid, Manaski Build 2nd Floor P.O.BOX 2533 Mina Tripoli LBNThe data accessible to this SEA member could be leveraged to modify and obscure trade activities to and from Syria. A trusted position occupied by a verified SEA member. Mr. Mhanna has access to the mother lode of Syrian customers information.
Shadee has all the goods to assist the SEA with hacking and other attacks. His knowledge of databases is extensive.
Shadee may in fact be a decent family man but his ties to the SEA make the suspect.
Another interesting area yet unexplained is the exchange between Shadee and Sinan Mahfoud of Venezia Stone. It is yet unexplained as to why they would exchange serial and activation number along with an authorization code information when dealing with a stone and marble company. A company located in St. Petersburg, Russia.
http://www.asycuda.org/aboutas.asp
Click to access ASYCUDAWorld%20technical%20training.pdf
Click to access ASYCUDApresentationatIMTSworkshop.pdf
This is another example of a Syrian Electronic Army Foot Soldier left exposed by the SEA. Mr. Mhanna demonstrates the level of expertise available to the SEA and the potential for greater harm based upon job placement and family ties. Several questions remain about Mr. Mhanna including the UN’s process for background checks of staff. Mr. Mhanna belongs to Oracle organizations in the Middle East and has taken his tests through Oracle approved training outlets. He also has a direct account relative to this within Oracle.
Treadstone 71 has other information about Shadee Mhanna that will remain in reserve at this time.
Treadstone 71
I have shared Post 4 – The Syrian Electronic
Army Foot Soldier – Organizational Penetration | The Cyber Shafarat on all my
social media profiles. Awesome creating.
Fabulous, what a blog it is! This web site gives
valuable information to us, keep it up.