How spies could tap fibre cables

Spying

Weaknesses in fibre security mean it's easy for agencies to tap the network

GCHQ has been accused of installing probes on hundreds of fibre cables running through the UK, scouring communications data to try and foil terrorist plots.

As most of those cables run under the sea, it's difficult but not impossible to tap them, experts have revealed.

Fibre cables carry most of the world’s internet traffic, beaming emails, Facebook messages and tweets around the world at high speeds. According to telecoms consultancy TeleGeography, the UK is the biggest European hub for transatlantic cables relaying data to and from the US, with the country's beaches acting as coastal landing points.

Without interrupting transfer flow, you can read everything going on on an optical network

Bude, Cornwall, is a landing point for seven cables alone, including Apollo, which runs across the Atlantic to New York. That means London receives data a fraction faster than other cities, giving it an advantage in trading, where swiftly relaying information is crucial.

It’s easy tapping fibre

Networking engineers have warned for years that such fibre cables aren’t secure against tapping.

Other infrastructure is also at risk. "They don’t have to tap into them undersea – the best place into cables is at any repeater station," said director at security consultants EM Services, Bernard Everett. "Those are junction boxes where cables would be spliced and these splicing elements are the best place to tap into an optical cable."

The scale of GCHQ’s alleged fibre snooping – more than 200 cables, according to The Guardian – would be "quite an undertaking", but achievable with the right tools, some of which a savvy user can buy cheaply online, said Everett.

One method is to bend the cable and extract enough light to sniff out the data. "You can get these little cylindrical devices off eBay for about $1,000. You run the cable around the cylinder, causing a slight bend in cable. It will emit a certain amount of light, one or two decibels. That goes into the receiver and all that data is stolen in one or two decibels of light. Without interrupting transfer flow, you can read everything going on on an optical network," said Everett.

The loss is so small, said Everett, that anyone who notices it might attribute it to a loose connection somewhere along the line. "They wouldn't even register someone’s tapping into their network," he added.

Reading that data isn't completely straightforward, since communications aren’t transmitted in a single wavelength.

Many cable operators have wavelength division multiplexers in place to boost capacity, meaning data transmits not just in white light, but different colours in the spectrum. Tapping the cable means using a spectrum analyser to make sense of the data – but Everett says that’s only a small barrier. "It’s not trivial, but it’s possible," he said.

Getting operators on board

A more reliable, permanent method to tap communications would be to persuade the cable owner to give access - which happened with AT&T in the US - and then install splicing elements, including an extra wire that goes into monitoring equipment.

"Tapping into the internet is easiest if you have access to the Tier 1 providers' equipment. It is a relatively simple matter to install a hardware packet capture 'box' and feed its output to some network-attached storage somewhere," said Razvan Stoica, a spokesman at Bitdefender.

There's been no suggestion as to which method GCHQ may have used, but The Guardian claimed the agency may have forced providers to co-operate. Publicly, the agency and ministers, have insisted GCHQ’s methods are legal though it won’t admit to cable tapping.

Legal questions

Privacy advocates have called on the government to clarify what methods GCHQ may be using to spy on domestic and international communications, how long it stores that data for, and what its legal basis is.

Legal experts suggest that GCHQ may have manipulated the law, specifically the Regulation of Investigatory Powers Act (RIPA), to allow it to harvest huge amounts of data far beyond what was originally conceived.

James Howarth, a senior associate at Manches LLP, told PC Pro that current legislation around obtaining data through communications is "anachronistic".

"The difficulty arises from the original purpose of the statute, which was intended to provide for interception by wire-tapping, rather than by data-harvesting of electronic documents," he said. "Interception of data on such a large scale as the instant case was a possibility which was simply not envisaged under the provisions of the Act."

It’s thought the government is relying on a particular clause within RIPA that allows the foreign secretary to sign off for the interception of broad types of communications material, as long as one of the parties is abroad. But Howarth said this was "inappropriate" when it came to this level of harvesting.

"This is an area which would benefit from further legislation," he said. "A possible way forward would be to amend RIPA to limit it to certain low tech purposes, for example wire tapping, and draft a new statute which provides objective criteria for the capture and analysis of electronic information."

Read more

News