So it wasn't "undersea cables off Hawaii" that were targeted, but rather servers on Hawaii that service those undersea cables. I expected submarine antics, which would have a much smaller list of suspects. It sounds like this might not even be state-funded.
I mean, the chances of it being *not* state-funded are.... really slim, right? The risk is just... off the charts. I do understand that you said it was just a possibility it wasn't state funded though.
It looks like this happened back in April and Homeland Security blamed "an international hacking ring" which always sounds like a nation-state organization to me.
I have a hard time imagining what an individual or private group of individuals would get from tapping or otherwise compromising underseas cables. Destroying infrastructure could make sense, as some kind of mayhem-creating terrorist plan. But there are much easier ways that require far less expertise, resources, and risk-tolerance for individuals to make a buck than tapping an underseas cable.
Even if an attacker seemed like they were a private individual, I'd lean toward assuming they were acting at the behest of some nation-state and just managed to cover their tracks well.
I think organized crime doing this sort of thing is at least plausible, but I agree that state-funded seems likely.
For criminal motive: I've read claims that some cartels have infiltrated telecom companies before, to track down informants or keep tabs on investigations. But from this angle, attacking cellular networks makes more sense than undersea cables.
Eh, most narco-submarines aren't really submarines; almost all are semi-submersible boats that run low in the water with snorkels.
However, organized crime using unmanned true submersibles might [soon, or presently] be feasible. The expertise needed to actually attack a cable in a constructive manner would be a significant barrier to clear, but not inconceivable for crime organizations that can kidnap and coerce tech professionals. The ability to splice fiber underwater with a drone submersible seems extremely advanced though. I think only a few nations might presently have such a capability.
Wow, this website and channel are cool! Thank you!
I also learned from the YT comments that there is a theory that the Phoenecians might have crossed the Atlantic to South America, and that they might have brought back cocaine that was used by upper-class Egyptians. I expected this to be some kind of fringe conspiracy theory, but the Wikipedia page (https://en.m.wikipedia.org/wiki/Theory_of_Phoenician_discove...) suggests that anthropologists think it's totally possible, but lacking in actual archaeological evidence to support it. Cool!
It's all about machines and oil, there's been reports of China's fishing boats making it to Galapagos and back, loaded! Don't think they needed a lot of tech to do it.
I used to be involved in repairs for undersea fiber...
Undersea fiber breaks all the time. When it breaks, you can send signals from the ends to find out where the break is. You then dispatch a ship to repair it.
However, if the cable breaks in two places at once, you cannot then detect a third break between the two you know about. That means someone who wants to tap your cable needs to break it in three places so that you aren't aware where they put the tap.
Surprisingly, it was substantially more frequent than random chance that a cable broke in two places in quick succession. To me that's good evidence that these cables were being tapped.
We also encrypted the data on the glass with dedicated per-link encryption units. I don't know if the adversary was hoping to break the encryption or had some way to extract the keys, or was just tapping the cable in case the data was unencrypted. I guess I'll never know.
> HSI is not disclosing the name of the private company in Hawaii targeted, the country where the suspect was arrested or the name of the suspect.
and then directly after that implies that Russia is behind the attack:
> While it is likely we will never know who attempted the breach, it is clear that the security of our cables are of key interest of the great power adversaries. and this wouldn't be the first time Russia has been linked to a cable attack.
The operation was apparently rolled up by an informant. Personally, I would expect better from Russia. They can send their hitmen all over the world to kill dissidents without getting ratted out, but a little cable tapping is too much for someone to hold in?
> They can send their hitmen all over the world to kill dissidents without getting ratted out, but a little cable tapping is too much for someone to hold in?
Well, you have to account for the individual. Suppose this informant is an ethnic Russian working for the targeted company and was approached by Russian intelligence who presumed his ethnic ties would make him a sympathetic collaborator. They might have simply misjudged his character. And obviously an informant can only inform on things he's aware of. A tech worker might be approached as a collaborator for a tech espionage plot, while obviously never being told anything about polonium assassinations.
Will Manidis: "These attacks are a stark reminder that our internet infrastructure is at incredible risk. A constant reminder that our continued freedom rests on an increasingly vulnerable set of infrastructure that is only waiting to be attacked. And our adversaries know it."
Also Will Manidis: tells the story of Operation Ivy Bells, where the US tapped another country's transmission lines
Fascists use rifles, and so do those who fight those fascists. Is that hypocrisy? Not really (or if it is, it doesn't matter.) What you're fighting for is what really matters, not having some nebulous moral high-ground in the tools and tactics you employ. The US doesn't have a moral high-ground when it comes to cable tapping, but that doesn't matter.
It's 2022 and theres still a goldmine of unencrypted data flowing on the public internet and under the ocean.
WHY?!?!?
It's time some backbone providers just started publishing a sample of plaintext info they see flowing over their networks. A simple tap of 0.0001% of traffic directed through a filter to look for words like "password" and stick it up on a webpage ought to do the trick.
Journalists would have a field day for a while trying to write an article about every insecure company, but before long everyone would properly encrypt their traffic to avoid the embarrassment at a minimum!
There’s ways around tls, especially if everything isn’t using tls.
For instance, bgp hijacking has been used to obtain valid certificates by hijacking domain names. Yes there are mitigations for this, but not everyone enforces them.
>While it is likely we will never know who attempted the breach, it is clear that the security of our cables are of key interest of the great power adversaries.
>and this wouldn't be the first time Russia has been linked to a cable attack.
Was it Russia? The long stream of tweets fails to mention that in a clear way.