Monday, July 25, 2022

Hacking the French Internet—With a Saw

 

In the early hours of Wednesday, April 27, some highly informed and determined individuals uncovered conduit boxes at three locations to the east, north, and south of Paris.  Inside these boxes were the inch-thick fiber cable bundles that make up the highest-density long-haul backbone of the Internet.  Probably using battery-powered saws, they cut each cable in two different places and ran off with the chunk in between, making the break much more difficult to repair.  Splicing fiber-optic cables is a delicate laboratory-style operation that has to be carried out with very specialized equipment, and the physical repairs to the cables occupied technicians for reportedly "several dozen hours."

 

In the meantime, ten different Internet services suffered various degrees of disruption before workarounds were figured out to bypass the cuts.   Individual users saw some problems:  loss of connections or slowed service.  But once the bypass routes were in operation, service returned to normal. 

 

This incident is of concern not so much for the actual damage it caused—hardly any for users and just some extra repair work for the Internet operators—as for what it says about the people who carried it out.  For one thing, they knew exactly where to go.  While some companies unwisely publish maps of their networks, most do not, and the public maps are scarcely at the level of detail needed to locate particular junction boxes in a street.  In mystery-story parlance, this vandalism was an inside job, perpetrated by people who knew exactly what they were doing and how to access the most critical part of the Internet infrastructure. 

 

For another thing, the attacks were coordinated at three points simultaneously.  This says at least three, and probably more, people were involved.  One wacko or disgruntled employee with a battery-powered Saws-All is one thing, but three cool knowledgeable operators is something else again.

 

Pardon my amateur sleuthing, but this doesn't sound like a one-and-done attack to me.  It looks more like a dress rehearsal for something bigger.  And the something bigger could be very big indeed.

 

One of the operational strengths of the Internet is its robustness in the face of failures in individual connecting cables.  Any network that conveys traffic like the Internet does will show this kind of robustness as long as there are few or no "isolated" nodes:  important terminals carrying a lot of traffic that have only one way of connecting to the network.  The original design of the ARPANET, the Internet's military predecessor, built in the ability to withstand considerable damage to individual connections and nodes with a war in mind.  This was in the late 1960s when the Cold War and the prospect of nuclear bombs taking out large chunks of infrastructure was a very real possibility.  So if you imagine a real net, like a fishing net, and judge its ability to hold fish, this ability will not be severely compromised if you take a pair of scissors and randomly snip a few strings here and there.

 

But if someone who knows what they're doing plans a careful attack intended to isolate a particular critical part of the network from the rest of it, the fishnet—or the Internet, for that matter—is not so invulnerable.  Depending on the age and history of certain important nodes, this sort of attack might or might not be that easy. 

 

In a place like New York City, where cable conduits have been in place since the late 1800s and myriads of permissions and keys and God knows what else has to be got through to gain access to cables, such a plan might be well-nigh impossible.  But what about some of these fairly new giant server farms in rural parts of Idaho, or wherever Google chooses to put them?  I'm sure they have physical security as well as the usual IT security measures in place.  But simply by the necessity of the case, most of the huge gobs of data that goes in and out of those places travels by fiber cable.  And somebody, somewhere, knows where all those cables are buried.  And not even Google can afford to have armed patrols of all their cable routes 24/7. 

 

Such an exploit would have to be coordinated in a way similar to the 9/11 attacks, with recruiting of traitorous insiders, rehearsals, and need-to-know coordination among the members of the conspiracy.  I will let any novelists among my readers take it from there, because the story could be a good one. 

 

The main question that remains unanswered by the investigation of the French incident, and which would have to be answered before we have to worry about anything like that in the U. S. or elsewhere, is:  why would anybody want to do such a thing?  Speculation in France has focused on "radical ecologists" who are simply protesting the existence of the Internet and want to cause symbolic trouble.  Thinking more along the lines of money, one could hardly hold a whole server farm for ransom without first carrying out one's threat, because announcing it in advance would instantly alert the intended victim to mount security measures to prevent the attack. 

 

Politically, there wouldn't be much percentage in knocking out, say, the internet service of a government-intensive place like Washington, unless you intended to mount a conventional-war attack at the same time.  And now we're getting into conspiracy-theory territory, a swamp I do not wish to penetrate. 

 

All I'm saying is that while such attacks on the physical structure of the Internet are possible, in the nature of things they do little practical harm.  And to cause a truly major disruption of service either to a specific geographical area or to a specific server farm (all of which have "mirror" or duplicate sites that could probably take up the slack without too much of a problem), the attackers would have to pursue a truly military-style and utterly secret plan that might be foiled by law enforcement anyway. 

 

So while it's bothersome that parts of the Internet can be foiled by something as simple as a circular saw, it doesn't look like you need to put this near the top of your worry list any time soon.

 

Sources:  Wired carried the story "The Unsolved Mystery Attack on Internet Cables in Paris," on July 22, 2022 at https://www.wired.com/story/france-paris-internet-cable-cuts-attack/. 

No comments:

Post a Comment