Fiber optics no obstacle to cyber crime

With the ever increasing demand on communication networks, today’s business world would be inconceivable without fiber optics. Too bad this method of data transmission is inherently vulnerable. Bernard Everett, regional sales director Western and Southern Europe for InfoGuard, writes that growing sophistication in both optical tapping technologies as well as the know-how of the cyber-criminal, means that this security risk can no longer be underestimated. When large volumes of data have to be transmitted, more and more companies and public authorities turn to Gigabit Ethernet to get to grips with the increasing flood of information. Underpinning this transmission technology, fiber optics displays unrivaled advantages when compared to all previously used methods, offering greater bandwidth, speed, and reliability.

Optical fibers are an ideal transmission medium, and the length of cable installed around the globe is estimated at more than 300 million kilometers. This media offers high data transmission rates and is thus particularly suited for the transmission of data, images, and voice. In carrier networks, Gigabit Ethernet, Sonet (SDH), and Fiber Channel are the typical access technologies whilst fiber optics provides the transmission medium allowing these technologies/protocols to communicate with speeds of up to 10Gbps. State-of-the-art fiber optic networks are employed by many banks, insurance companies, enterprises, and public authorities as their communication backbone, supporting critical business activities. If no security precautions are taken to prevent the theft of data, the consequences can be devastating. In a premeditated tapping of an optical network it is extremely unlikely that the victim will even be aware the perpetrator exists; information will not go missing as our data thief will be simply eavesdropping and copying what transpires over the network.

One myth we should do away with is that fiber optic cable is particularly secure when compared with traditional copper wire since there are various so-called Optical Tapping Methods which can be used, to extract data from fiber optic networks. The risk of being detected is very slight. By means of splicing — splitting the fiber optic cable — access can be easily obtained to the flow of information without the signal having been noticeably changed when it reaches the recipient, or without disturbing network operations. It is sufficient to bend the, fiber keeping the cladding intact, in order to be able to track the exchange of information with little to no chance of being detected. The majority of telecommunication providers fail to draw attention to this growing danger, or are simply ignorant of the facts.

Everett writes that contrary to widespread thinking, large volumes of data provides no protection. In order to extract specific information from large amounts of data, corresponding IP numbers or key expressions are sufficient. Using the digits, packet sniffer programs are able to filter out the information required from the data streams and store it in real time. Very often, solutions of this nature are offered to ISPs as a means of implementing new calculation models for data traffic. It goes without saying that these tools can also be used for analyzing the data content. The same situation applies to small block sizes. Companies who think that they are safe when transmitting disk data, as this only forms part of a RAID system, or mirrored data as it utilizes a proprietary mirroring protocol, should think again. Using readily obtained shareware tools, disk data can be easily read and a standard 512 byte disk sector can reveal a lot of useful information. It should not be forgotten, the hacker has all the time in the world to collate data as no one knows he or she is listening in.

“When data is being transmitted over fiber optic networks, sensitive information is almost always involved,” Everett concludes. “If the integrity, confidentiality and authenticity of this information are not 100 percent guaranteed, the user of this technology may be exposed to a risk of immeasurable proportions.” Hacking into fiber-optic communications is not just a theory, but constitutes a real danger that needs to be taken seriously. “The only effective response to this threat is the encryption of the data at the point where it leaves the protected internal realm,” says Everett.