NSA tapping undersea fibers?

Peter Fairbrother peter.fairbrother at ntlworld.com
Fri Jun 1 10:48:33 EDT 2001 

> John Denker at jsd at research.att.com wrote:

> I was talking with some colleagues who had read the WSJ article
> 
>> http://interactive.wsj.com/articles/SB990563785151302644.htm
>> 
>> http://www.zdnet.com/zdnn/stories/news/0,4586,2764372,00.html for
> 
> .... and who were wondering as follows:  Given that They know how to tap a
> fiber in the lab, how hard it would be for a submarine such as the USS
> Jimmy Carter to apply a tap while working 3000 meters down in the ocean.
> 
> Well, it ain't gonna happen by sending any such sub down to 3000 meters.
> 
> It is highly unusual for a full-sized sub to go below 500 meters.  US subs,
> which are believed to be not as tough as the Russian ones, are limited to
> something more like 300 meters.
> http://www.fas.org/nuke/guide/russia/slbm/941.htm
> http://www.fas.org/nuke/guide/usa/slbm/ssbn-726.htm
> 
> One might have guessed that subs could zoom down 1000 meters about as
> easily as airplanes can zoom up 1000 meters -- but that's not the case.
> 

Jane's suggests a working depth of at least 2000 ft (600m) for Seawolf class
submarnes such as the "Jimmy Carter", but it might be more, as their
pressure hulls are made of HY-100 high-pressure steel, material of choice
for working depths of 10,000ft (3000m) or more in small commercial subs.  I
agree that they aren't going to do it at much more than about 3000ft
(1000m), but they could probably zoom down that far without needing major
inspection/overhaul afterwards.

> According to the WSJ article, near shore (at depths of less than 1000
> feet), the cable is buried in a trench, which would add an extra layer of
> nuisance to someone trying to tap it.  Out in the deep ocean, it just lies
> on the seafloor -- but the pressure becomes a big issue.
> 
> Here's are some hypothetical scenarios to consider:
> 
> First, it should be obvious that They don't need a submarine to tap cables
> that already make landfall in the US, which is the vast majority:

We are talking about the NSA, right? Of course they have reasons to want to
tap cables that make landfall in the US. Apart from the legal aspects, eg
operations conducted outside the US, "inadvertant" monitoring of  US
citizens, and the frankly illegal things they might want to do, NSA aren't
going to trust cable operators to keep wholesale monitoring secret.

> Anyway, here's scenario #1:  To tap a deep-sea cable, They keep the
> submarine at a modest depth, perhaps 150 meters or so.  They send down a
> small Remotely Operated Vehicle to grab the cable and lift it up to the
> sub.  They do the work there, and then return the cable to the seafloor.
> 
> The cable is certainly strong enough and flexible enough to permit
> this.  (Otherwise, how could it ever have been laid?)

Cable companies do this (from the surface) when they repair cables, but they
usually cut the cable before separately raising the cut ends and splicing in
a new section. I doubt that cable would be strong or extensible enough to
lift uncut, unless there was a lot of slack from eg a previous repair.

> But could the tappers do this without leaving telltale signs?  I don't
> know.  It depends on how closely the tappees are watching.

If they don't have to lift it, almost certainly yes, unexplained performance
spikes and even outages are not unknown, if the cable still works the
company isn't going to get too het up. I doubt anyone will even notice. A
<1% change in signal strength, in one link, isn't much of a worry.

[..]
> Another scenario:  Overall it might be easier to tap the cable while it is
> still on the continental shelf, at 100-meter depth or so.  That would
> require Them to dig it out of its trench and re-bury it, but thereafter it
> would be hard for others to notice Their handiwork.

This also solves the problem of backhaul, just lay a short cable to shore.
However cable companies do inspect/overfly their cables close to shore, to
prevent and detect damage from trawlers etc., so operating a bit further
out, at depths of between 300 and 600m, might be better. Filtering equipment
can be hidden more effectively here, unless they want all the "take".


> ===========
> 
> Related issue:
> 
> Suppose They install a tap.  What then?  What are They going to use for
> backhaul?!!
> 
> 1) One option would be to use some other channel on the same cable to do
> the backhaul.
> 1.1) This would be "relatively" straightforward if They could lease a
> suitable backhaul channel from the cable operator.  I don't know how this
> could be done without the cable operator knowing exactly what They were up
> to.  And if the cable operator is giving Them that level of consent, there
> are ways of getting the data without bothering with a submarine.

I speculate that the NSA could (and probably do) lease fibres from cable
companies. I also expect that if they wanted to install their own monitoring
equipment and security at the cable termination site, no-one would raise an
eyebrow. 

> 1.2) Without a leased backhaul channel, I suppose it is possible that
> They could just insert packets into the stream of traffic, on the fly, but
> this would be exceedingly tricky, because of the high speeds and delicate
> timing.

With a leased channel, as opposed to a fibre, it would be tricky but not, I
suspect, impossible. However this would require the covert insertion of a
sending laser, which would be hard to do without interrupting traffic. It
would introduce delays, which might be noticable.

Straight covert insertion of packets would probably be easily detected by eg
monitoring or billing software.


> 2) Another option would be to lay a backhaul fiber from the
> tapping-point all the way back to Maryland.  If They did this, somebody
> with an ROV could detect it, whereupon it would be rather embarrassing for
> Them.

It's nearly impossible to detect a cable buried under the seabed, with no
metal or voltage in it (not needed for a short cable), and even if you did,
you would have a very hard time identifying/tracing it.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list