|
Fiber-optic networks aren't hack-proof: A savvy attacker can crack them with ease.
You know that your copper-wired networks and wireless LANs can be sniffed and that your data can be compromised. But fiber-optic networks are a different story, right?
Not really. Despite their reputation for being more secure than standard wiring or airwaves, the truth is that fiber cabling is just as vulnerable to technical hacks using easily obtained commercial hardware and software.
There have been few public reports of fiber hacks: In 2000, three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport in Germany. In 2003, an illegal eavesdropping device was discovered hooked into Verizon's optical network; it was believed someone was trying to access the quarterly statement of a mutual fund company prior to its release—information that could have been worth millions. International incidents in-clude optical taps found on police networks in the Netherlands and Germany, and on the networks of pharmaceutical giants in the U.K. and France.
Those high-profile fiber intrusions offered few details. For the most part, these hacks often go unreported as well as undetected.
Tapping into fiber-optic cables originally fell into the realm of national intelligence. Take the 2005 christening of the USS Jimmy Carter, a $3.2 billion Seawolf-class submarine specifically retrofitted to conduct "signal intelligence"—military-speak for monitoring communications by tapping into undersea cables.
As recently as 2003, John Pescatore, Gartner VP distinguished analyst and a former NSA-trained U.S. Secret Service security engineer, said that while fiber-optic cable hacking had been taking place for nearly a decade, avoiding detection and processing the stolen data was much more difficult.
Things have changed. In a research paper published by the SANS Institute in 2005, Kimberlie Witcher notes that industry experts now believe that fiber is almost as easy to tap as copper. And, tapping into fiber no longer requires a submarine or a multimillion-dollar project funded by government agencies. The required equipment has become relatively inexpensive and commonplace, and an experienced hacker can easily pull off a successful attack.
"You can jump on the Internet right now and buy a tap for about $900," says Andy Solterbeck, VP and general manager of the data protection business unit at SafeNet, an encryption company that has been experimenting with hacking fiber-optic cables. "We've done this in our labs. We've demonstrated this at Interop. We've shown people that this kind of threat exists."
|
