Tapping fiber optics gets easier

Intruders can tap fiber-optic lines with more ease than ever

The long view of security strategies for your network.

Security experts have known for decades that fiber-optic cabling can be tapped for interception of communications. But until recently, such taps have been viewed as largely impractical.

The equipment was expensive and the number of fibers in the cables made it difficult to narrow down captured transmissions to a particular connection. In addition, physical interruption of the fibers could be detected using time-domain reflectometry, making such taps hard to conceal. It was also known that teasing apart the fibers and bending them in a tight curvature would allow escape of a small portion of the signal without revealing the data interception. Nonetheless, fiber-optic cabling was viewed as largely secure against wiretaps.

I recently received an interesting paper on recent developments in optical fiber taps from Seth Page, CEO of Oyster Optics, a provider of optical security, monitoring and intrusion-detection products. He has very kindly permitted me to quote from his paper.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Security experts have known for decades that fiber-optic cabling can be tapped for interception of communications. But until recently, such taps have been viewed as largely impractical.

The equipment was expensive and the number of fibers in the cables made it difficult to narrow down captured transmissions to a particular connection. In addition, physical interruption of the fibers could be detected using time-domain reflectometry, making such taps hard to conceal. It was also known that teasing apart the fibers and bending them in a tight curvature would allow escape of a small portion of the signal without revealing the data interception. Nonetheless, fiber-optic cabling was viewed as largely secure against wiretaps.

I recently received an interesting paper on recent developments in optical fiber taps from Seth Page, CEO of Oyster Optics, a provider of optical security, monitoring and intrusion-detection products. He has very kindly permitted me to quote from his paper.

Page writes that the situation has changed:

"For both public and private networks, optical taps and analytic devices are required and inexpensive maintenance equipment in common use worldwide today. Various types of optical taps, however, both off-the-shelf and customized, are also used for corporate espionage, government espionage, network disruption and other potential terrorist-type activities. Used nefariously, optical taps allow access to all voice and data communications transiting a fiber link. Modern commercial network equipment and network configurations cannot detect most types of optical taps…

"Optical taps that are used illicitly to garner information are most often placed in the access or local loop for a number of reasons. Firstly, 100% of all information entering and exiting a building, campus or local area can be obtained by tapping between the customer premise and the first network switching node or central office, from where it might then otherwise get switched along divergent routes. Secondly, network configurations, bandwidth and speeds are more manageable towards the edge of the network, implying less expensive equipment and a simpler penetration. Thirdly, opportunities for direct access to fiber are easier to locate, simpler to identify and more plentiful in the public and private spaces that provide such fiber-routes. Such spaces include: telco closets; cages; risers; basements; conduits; car garages; drop-down tile-ceilings; and pathways in subways, tunnels and across bridges, to name few.

"A successful tap can be achieved with merely an optical tap, packet-sniffer software, an optical/electrical-converter and a laptop. Packet-sniffer software filters through the packet headers, only extracting those packets which match a specific telephone number, IP address or other characteristic. Gathered information is then stored locally or forwarded to the intruder through various mechanisms, including wireless, another optical or copper line, another wavelength or channel, or other means."

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.