Eight Myths About Hacking Fiber Networks (And Two Key Solutions)

But what about physically hacking the fiber optics network itself? There are millions of miles of such cables snaking across the globe. Are these vulnerable to tampering? The answer might surprise you.

After all, aren't fiber optics hidden deep underground, far out of reach? Even if hackers could access the physical fiber cables, wouldn't they need special equipment? And surely these networks are closely monitored and a breach would be quickly spotted?

This article looks at these and other myths that lead us to believe the fiber network is more secure than it really is.

Some people simply don't accept that hacking fiber networks happens outside of Hollywood. Citing many of the reasons below, they claim that it is an urban myth with no basis in fact. That might help them to sleep easier at night, but it is important to be aware of threats before we can tackle them. The ability to hack fiber optic cables is not only possible – it has been clearly demonstrated in easily accessed videos online. There are also plenty of case studies available for anyone to carry out their own research.

Hackers are often portrayed as highly intelligent individuals with advanced technical knowhow. Many cybercriminals do fit this description, but the skills needed to hack a fiber network do not require such sophistication. In fact, a cybercriminal would probably work more efficiently by training an accomplice to perform the manual fiber hacking while they focus on managing the software that makes sense of the stolen data.

The equipment required to hack an optical fiber network is just as basic as the knowledge. Adequate results can usually be obtained using just a clip-on coupler, some CAT 5 or 6 network cable and network analyzer software. In some, more advanced attacks, the cable may actually be severed and the ends connected via a hub, but this is probably the most advanced piece of kit a hacker will ever need.

Following on from the previous myth, if you thought that the tools and software needed for a hack would have to be obtained via some clandestine area of the dark web, think again! Network analyzer software, such as Wireshark, is legitimately used by IT professionals, while couplers and cable are part of every cable installer's toolkit.

Could your company be at risk of insider cybercrime? Fiber optic junctions are widespread in large offices and consist of numerous cassettes housing fiber optic couplers. Placing a wiretap on the network isn't as complicated as some might suggest as explained by well-known hacker Kevin Mitnick in this video.

It would clearly be very difficult to dig up large sections of highway or sidewalk without attracting the attention of the authorities, but cable networks often pass through unpopulated, rural areas. In fact, in some areas of the country, signposts have been erected to ensure people don't accidentally damage cables. Not even undersea cables are completely safe. Some submarines are designed with special apparatus for accessing and manipulating these for purposes of international espionage.

In the early days of fiber optic transmission this may have been the case, but networks are now so tolerant to light loss that an astonishing 8dB of information can leak out before the end user notices there is a problem. It is similar to a household plumbing system which can cope with quite a significant leak before the householder notices anything is amiss. Even a basic fiber optic hack won't come close to matching the general data loss that happens over the distance from source to destination. The most intricate equipment may only cause around 0.5dB data loss. Although intrusion detection software is available, it may not be sensitive enough to pick up on a breach.

The history of hacking optical fiber makes for an interesting read. Since the 1990s there have been numerous examples of the practice:

Although it is virtually impossible to protect cable networks from hacking, it is fairly simple, in most cases, to make hacking your data stream pointless. IT and cloud consulting services can help businesses to put robust encryption in place so that data is protected ‘in-flight’ rather than just when stored on servers and devices. Whereas a standard email message using POP3 can be easily read via a network analyzer, an encrypted message will deliver useless gibberish to the hacker.

If you operate in certain locations, you may also be able to invest in ownership of your fiber optic supply, giving you the option to physically secure and closely monitor your data stream.

Due to the surplus of fiber, particularly in major cities, many businesses are now customizing their own physically secure, managed networks via so-called dark fiber procurement. Specialist companies can act as brokers to help businesses take complete control over the design of their network.

As emphasized in the STOP. THINK. CONNECT.™ campaign, personal information is like money and should be treated as such. Since businesses deal with other people's data, they should be doing all they can to protect it while ensuring their eyes are continually open to all types of security threat.

Ben Ferguson is the senior network architect and vice president of Shamrock Consulting Group, the leader in technical procurement for telecommunications, data communications, data center, dark fiber procurement and cloud services.

Since his departure from biochemical research in 2004, he has built core competencies around enterprise wide area network architecture, high density data center deployments, public and private cloud deployments and voice over IP telephony.

Ben has designed hundreds of wide area networks for some of the largest companies in the world. When he takes the occasional break from designing networks, he enjoys surfing, golf, working out, trying new restaurants and spending time with his wife, Linsey, and his dog, Hamilton.