'Speargun' program is fantasy, says cable operator The washup from yesterday's Dotcom-Snowden-Greenwald saga rolls on, with Southern Cross Cable Network angrily denying that New Zealand's spooks, the NSA, or anybody else for that matter has worked a tap into its cables. The company's response came in response to Glenn Greenwald's accusation that New Zealand's Government …
This post has been deleted by its author
Why bother tapping it if you can install of your equipment at the ISPs and/or the landing station.
It is quite funny, when Putin came to power he put a similar program as a legal requirement for all Russian ISPs. They were obliged to put a FSB "black box" on their network. I remember the howls in the western media about the police state. So, where are the howls now?
Yes keep your feet dry, drive straight to the data centre and plug in your optical splicing box of choice across the incoming fibre feeds. It would also capture any peered local traffic - in this case the land of the long white cloud (no not that cloud!). I mean look at that GCHQ site in the middle east that is on shore, keeping the spooks nice and dry but within camel spitting distance of the cable landing station...
Especially since allegation was that the taps are in Auckland and at a location north of Auckland, whereas the S Cross cables enter the water at two different locations. Who wants to tap the whole fibre anyway? A few DAGs in the equipment racks are what you need.
However, the PM's defence that NZ doesn't have the capability of analysing a tap rings true. Most likely the relevant taps are at the other ends of the cables. That they exist somewhere is pretty much obvious.
Quote:when Putin came to power he put a similar program as a legal requirement for all Russian ISPs. They were obliged to put a FSB "black box" on their network. I remember the howls in the western media about the police state.
correcting slightly
The Russian SORM 1(Система Оперативно-Розыскных Мероприятий, literally "System for Operative Investigative Activities") system was installed around 1995. It was updated to SORM2 in 1998.
Putin was installed around 31st December 1999
These SORM system were installed at the same time as the 'lawful interception' systems that were installed worldwide following the international user agreements between NSA/FBI/GCHQ under the auspices of the telecom-Standards modifying ILETS non-group. These same 'lawful interception' APIs now seem to have been abused everywhere for mass-interception. That's why there are currently no 'howls' anywhere, irrespective of impassioned politico denials, they are all at it!
You're right that SORM 2 was recently upgraded in the Russian Federation - under Putin's watch. This is now a very invasive system, which monitors the Russian people under minute detail. It parallels NSA/GCHQ systems that do the same worldwide, including NZ obviously.
The upgraded SORM 2 is however not merely a DPI system for mass monitoring & control of the population, it is principally aimed at detecting the subtle gentle stirrings of a nascent externally funded Color revolution The 'civil society' register that was introduced, the website register, the eviction of Neil Kinnock's son[x] etc were all aimed at detecting the CIA doing their usual tricks.
The howls in western media about this aspect of the Russian police-state were mostly because billions were wasted in Color revolution preparation! " leading to, I guess?...."Oh well, where's the nearest vulnerable country we can go for...."
[x]http://www.theguardian.com/uk/2008/jan/17/world.politics
Quote: nascent externally funded Color revolution
Ahem. I have observed that myself in several Eastern European countries.
To be more precise, I had a suitcase with unmarked green notes offered to me during the time I did most of the organization of one of the national Student strikes in one of these. I was young, stupid and idealistic in those days so I had the local "union rep" who was brandishing the suitcase ejected from the university building (politely, without counting all the steps with his bottom). That particular union was very heavily funded from the west (allowed by local laws in those days).
You can label Putin a lot of things. You cannot label him stupid or non-observant. He has observed carefully how the revolt against Videnov in Bulgaria in 1997, the "revolution" in Georgia, the attempted "revolution" in Belarus, etc have been executed and has taken measures. The measuyres are mostly open, clearly defined in law and not particularly different from the ones taken by the West (see the howls about russian backhanders to Tories this summer or try donating from abroad to a UK party for example). This has been done on all fronts - financing, logistics as well as isolation of specific "persecuted"/"minority" groups which CIA has used in the past in other Eastern European countries.
The Russian SORM 1(Система Оперативно-Розыскных Мероприятий, literally "System for Operative Investigative Activities") system was installed around 1995. It was updated to SORM2 in 1998.
Putin was installed around 31st December 1999
That means Putin is well out of warranty by now..
(joking aside, thank you for those details)
Wikipedia: Southern Cross Cable
"In 2013 the New Zealand Herald reported that the owners of the Southern Cross cable had asked the NSA to pay them for mass surveillance of New Zealand internet activity through the cable. In May 2014, John Minto, vice-president of the New Zealand Mana Party, alleged that the the NSA was carrying out mass surveillance on all meta-data and content that went out of New Zealand through the cable."
Perhaps they've noticed more than they've let on.
"After successful trials of 40G technology the first 400G of a planned 800G upgrade has been completed in February 2012, with the remaining 400G completed in December 2012."
Was the cable active during upgrades? That could be a great time to tap in. Of course, they may just be lying about not knowing.
The slides on Greenwald's story don't mention that the tap occurred underwater, only that "cable access program achieves Phase 1". What information has Greenwald redacted?
'CEO Anthony Briscoe notes that to install any such device would mean cutting the cable...“It is a physical impossibility to do it without us knowing”, Briscoe says in the statement. “There isn't a technology in the world, as far as I am aware, that can splice into an undersea fibre optic cable without causing a serious outage and sending alarms back to our network operations centre that something's wrong”.'
As far as *I* am aware, most CEOs I have worked with don't know the technology what is, or is not, available. I am trying to find a mention of the undersea cable proported to have been tapped into was actually submerged at the tapping in point, but I can't. It is possible to hook into a fibreoptic cable without splicing it, certainly on dry land, and has been as far as I am aware for the last 15 year. (Story from a sysadmin who worked in telecoms back in 2000).
What *IS* interesting is this comment:
"Crucially, its fully backed-up figure-of-eight design, looping in Hawaii, means it has no single point of failure. If a ship's anchor or tsunami snapped the cable in one spot, the bits and bytes could keep flowing." - made in July here: http://www.stuff.co.nz/technology/digital-living/60126448/the-southern-cross-cable-guy
So, even if it was spliced, with certain alarms 'dealt with' it would be possible to not interrupt the flow. Not only that, but even if we postulate it was spliced and resulting in outage, anyone putting this in place would be certain to either cloak the splicing in something else, (power outage at landing station with backup batteries and generators failing to kick in due to coincidental faults), or have certain people in the loop, leaving the public faces of organisations with plausible deniability.
So ultimately do we all think it is possible? I do, and I suspect that I am not alone.
Do we have reason to suspect these documents are false? I think there is current reasonable proof that so far they have been more than a little accurate.
So, is the probability that Key is either lying or in a strategic position of unknowing? Pretty good.
Do we think Briscoe is FUDing the claims? Either he doesn't know his own infrastructure or it is in his best interests to spread a little doubt.
So far, looks reasonable to consider this is true.
Some food for thought. Wikipedia: "The Southern Cross Cable, operated by Bermuda company Southern Cross Cables Limited, is a trans-Pacific network of telecommunications cables commissioned in 2000. The company is owned by Spark New Zealand (50.01%), SingTel (39.99%) and Verizon Business (10.00%)."
It's a joint venture by telecoms to shift bits internationally. There have already been allegations that they know mass surveillance is occurring and want to get paid for it. We know that global network traffic will triple over a 5-year period. So there will always be demand for bits to flow through the cables, and for the cables to be upgraded.
There's no incentive for Southern Cross to tell the truth. They may be legally obligated not to disclose the truth. They (and the stakeholders) will lose no business if allegations by Greenwald/Snowden/Assange/Dotcom (G-SAD) are confirmed to be true. Southern Cross's response is a curiosity to marvel at, but not something to be taken seriously. Read the words, desalinate the entire Pacific ocean.
It is possible, there's obvious ways to do it and it was known that the US Navy (directly, on behalf of the NSA) had been working on such a thing since long before anybody had ever heard of Snowden. They probably don't need to do it in New Zealand, local spooks could easily approach a networking dude to do it in a rack anyway, but if they wanted to it'd certainly be at the minimum feasible to do it without any data loss, and easy to do it with minimal downtime. Ever seen your network drop out for 2 seconds and never thought anything else of it?
The only way to be sure would be to have a third party (not your employees) inspect every inch of your network including marine cables.
Frankly even on the Reg there's reports of cable outages of the very type that could easily be somebody screwing with the cable system, like "Southern Cross have admitted this morning they performed an unauthorised and un-notified software change to their wavelength switching platform at Alexandria"
"It is a physical impossibility to do it without us knowing . . ."
Fair enough - no argument there, but that hardly proves it didn't happen, only that you weren't ignorant of it if it did.
That said, I do agree that there are easier ways to do this - I'm just pointing out the flaw in the logic.
Step 1: Pay for some bandwidth across the link of interest
Step 2: Have crew near shore on standby alert
Step 3: Miles out at sea sever the cable with an anchor or dredge net
Step 4: Open a ticket and wait for the notification (as you are a customer) that they are sending a ship to repair
Step 5: Make like the blazes with your near-shore crew to cut and splice the cable before the ship gets there
Step 6: Let them fix the fault, none the wiser that someone has tampered with the cable in the meantime
[Steps 1 and 4 are to avoid fault-finding blowing your cover]
I hardly think that's "physically impossible without them knowing". Just, as has been pointed out, very unlikely given the myriad of other ways you can tap comms without the operator knowing.
Step 6: Let them fix the fault, none the wiser that someone has tampered with the cable in the meantime
An OTDR would discover the second cut. An OTDR would be connected when the break was first discovered - if still connected, and if watched (or logging), there would be data to indicate the tampering.
But it's far more likely that the spooks just leant on someone to say it didn't happen...
Vic.
"It is a physical impossibility to do it without us knowing . . ."
Fair enough - no argument there, but that hardly proves it didn't happen, only that you weren't ignorant of it if it did.
No, no ... if it's a physical impossibility to do it without their knowing then either it wasn't done, or it was done and they know about it but aren't telling ... but they could be wrong about the physical impossibility bit.
So, actually, all this tells us precisely nothing.
"if it's a physical impossibility to do it without their knowing then either it wasn't done, or it was done and they know about it but aren't telling ... but they could be wrong about the physical impossibility bit."
Surely the cheapest way is to install one of your stooges into the providers control centre such that a member of your staff receives the alarm notification when you splice the cable, and simply cancels it.
As far as the provider is concerned, nothing happened because they have no record of it. Your stooge simply moves onto the next target after a few months.
The best time to tap such a cable is obviously as it is being laid and before it is taken into operation...
Other than that there have probably been several planned outages (for upgrades etc.) that could have been a great time to splice into it.
Finally, if no such planned outages are available they could simply cause some ddos attack that appears to be comming from f.ex Russia and while sysadmins are busy fighting that they will make their splice. Or they could use one of their backdoors into one of the (probably) Cisco routers in one end of the cable to brick the router, then while sysadmins are busy replacing it they splice into the cable...
Etc. etc.
I'm sure there are many more ways....
Afaik the US has a specially converted submarine they have been using since the 80's to tap into such cables... they used it extensively in the cold war.
This post has been deleted by its author
Fibre optic cable can be tapped by bending it in a serpentine manner. You clamp a pick up device around the individual cores and the photons that 'escape' are used to recover the message. THIS IS BLOODY DIFFICULT, it would be easier to 'encourage' the backhaul provider to make space for a special box in their data centre.
Tapping fibre:
http://www.thefoa.org/tech/ref/appln/tap-fiber.html
http://defensetech.org/2005/02/21/jimmy-carter-super-spy/
It's my understanding that undersea (or indeed any long-range) fibre cables have amplifiers / repeaters at regular intervals. Surely it would be easier to tag on to those than to splice the actual fibre. Should be simple enough to do without interrupting the flow of data - just clip on to the emitters and connect to your own fibre.
Probably grossly over-simplified, but with the full government resources behind them it would surely be possible. They'd only do it on those cables where they can't persuade the owner to install kit on land though.
http://en.wikipedia.org/wiki/Operation_Ivy_Bells
it was possible in 1970,
tap at the repeater, where things have to go back to electrical, not optical.
To tap a fiber is also easy, just bend it and put another fiber along side it,
you only need a few photons, but more difficult underwater !
A modified repeater would also be nice. use the dark fibers in the bundle to take a copy of another ,
its all too easy , and the gains too high for it not to happen.
Given undersea cables have been tapped since the cold war there's a fair amount of experience out there. Anyone doubting that its possible should read this:
http://www.amazon.co.uk/Blind-Mans-Bluff-Submarine-Espionage/dp/0099409984
Then think how much tech has progressed.
This post has been deleted by its author
what GCHQ or the NSA were up to? That's why Edward Snowden's revelations have so shocked the world.
Southern Cross might be exercising poetic licence to it's limits.
There are cable systems in the USA where, at the landing station, certain staff are 'indoctrinated' and perform duties for the NSA. Remember that picture of a small room in a AT&T facility that the leaker exposed?
Only a couple of staff were permitted to enter that room, yet more company staff indoctrinated and acting on behalf of the NSA
You'd think from a purely "Engineering" standpoint it would be much easier just to snoop at Internet Exchanges / Landing stations?
I've always been suspect at the suggestion of physical taps on long distance submarine optics, also not forgetting if you get the tap in without anyone suspecting it how do you transmit the data out ?
a Buoy on the surface with some bonded 4G ? :P
However, I do believe the communication is being monitored, just that saying a cable is tapped has more impact in the mind of the masses.
All undersea cables have an amplifier attached to them at some point. This is where a tap would be put. A modified amplifier could be used in an 'official' upgrade to the fiber or a 'service failure', no need to even involve the cable operator. Use a company willing to take NSA money to do the actual replacement. A seperate fiber being laid would not be all that difficult.
This would all be expensive, but why else would the NSA need a 500 billion budget?
"All undersea cables have an amplifier attached to them at some point."
Just to clarify this: Not all, not even most these days. Just the really long ones. Anything shorter than 450km doesn't need repeaters and some systems can go 1500km without repeaters (there's a speed/distance tradeoff involved)
Optical amplifiers are simple affairs owing more to old-fashioned travelling wave tube amplifiers than anything else (TWTs are still the most common form of repeater used on geostationary satellites). They don't regenerate the signal and in general regenerators aren't needed on underwater links.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
