This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."
Download it now to read this article plus other related content.
Bending is the easiest and least detectable method for hacking into a fiber-optic cable. Once the hacker gains access to the cable, he places (1) a micro-bend clamping device on it, leaking a small amount of light signal, which is picked up by (2) an optical photo detector and passed through to (3) an optical-electrical converter. The converter transfers the converted signal via Ethernet connection to, typically, (4) a laptop, where it is analyzed using sniffer software.
Optical Network Exploits
Setting up a fiber tap is no more difficult than setting up equipment for any other type of hack, wired or wireless: It's based on hardware, software and knowledge.
Optical network exploits are accomplished by extracting light from the ultra-thin glass fibers. The first, and often easiest step is to gain access to the targeted fiber-optic cable. Hundreds of millions of miles of fiber cable stretch across the globe; there are more than 90 million miles in the United States alone. Although most of this cabling is difficult to access—it's underground, undersea, encased in concrete, and run through walls and elevator shafts—plenty of cables are readily accessible for those willing to look. Some cities, for example, have detailed maps of their fiber-optic infrastructure posted online in an effort to lure local organizations to hook into the network.
After homing in on the target and gaining access to the cable itself, the next step is to extract light and, ultimately, data from the cable.
Bending is the easiest method. (See "Fiber Hack," at right.) It is also the most undetectable, since there is no interruption to the light signal. Commercially available clip-on couplers cost less than a thousand dollars; these devices place a micro-bend in the cable, leaking a small amount of light through the polymer cladding.
Once the light signal has been accessed, the data is captured using a photo detector—a transducer capable of translating an optical signal into an electrical signal. They're listed on eBay for around $500.
Also on eBay for the same price is the next piece of equipment needed to sniff data off of glass—an optical/electrical converter. This device facilitates the connection to an Ethernet network interface card. Once a successful tap is in place, freely available sniffer software can begin capturing packets and filtering data for information such as IP and MAC addresses, DNS information and keywords in data passed in the clear.
Splicing, another method, isn't practical; it often results in detection due to the momentary interruption of the light signal. According to Wayne Siddall, an optical engineer with Corning Fiber, the operator would notice this type of interruption in service, even for a millisecond, because cables capable of carrying 100 million concurrent connections require instantaneous signal rerouting to maintain network integrity. And, commercially available splicers are expensive—about $7,000 to $9,000.
This was first published in November 2006