Security Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."
Download it now to read this article plus other related content.
Fiber-optic networks aren't hack-proof: A savvy hacker can crack them with ease, making optical network security a priority.
You know that your copper-wired networks and wireless LANs can be sniffed and that your data can be compromised. But fiber-optic networks are a different story, right?
Not really. Despite their reputation for being more secure than standard wiring or airwaves, the truth is that fiber cabling is just as vulnerable to technical hacks using easily obtained commercial hardware and software.
There have been few public reports of fiber hacks: In 2000, three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport in Germany. In 2003, an illegal eavesdropping device was discovered hooked into Verizon's optical network; it was believed someone was trying to access the quarterly statement of a mutual fund company prior to its release—information that could have been worth millions. International incidents in-clude optical taps found on police networks in the Netherlands and Germany, and on the networks of pharmaceutical giants in the U.K. and France.
Those high-profile fiber intrusions offered few details. For the most part, these hacks often go unreported as well as undetected.
Tapping into fiber-optic cables originally fell into the realm of national intelligence. Take the 2005 christening of the USS Jimmy Carter, a $3.2 billion Seawolf-class submarine specifically retrofitted to conduct "signal
Requires Free Membership to View
intelligence"—military-speak for monitoring communications by tapping into undersea cables.
As recently as 2003, John Pescatore, Gartner VP distinguished analyst and a former NSA-trained U.S. Secret Service security engineer, said that while fiber-optic cable hacking had been taking place for nearly a decade, avoiding detection and processing the stolen data was much more difficult. Things have changed. In a research paper published by the SANS Institute in 2005, Kimberlie Witcher notes that industry experts now believe that fiber is almost as easy to tap as copper. And, tapping into fiber no longer requires a submarine or a multimillion-dollar project funded by government agencies. The required equipment has become relatively inexpensive and commonplace, and an experienced hacker can easily pull off a successful attack.
"You can jump on the Internet right now and buy a tap for about $900," says Andy Solterbeck, VP and general manager of the data protection business unit at SafeNet, an encryption company that has been experimenting with hacking fiber-optic cables. "We've done this in our labs. We've demonstrated this at Interop. We've shown people that this kind of threat exists."
This was first published in November 2006
Join the conversationComment
Share
Comments
Results
Contribute to the conversation