Fiber-Optics Wiretaps: ISP Logistics, Technology and Security Analysis of the NSA’s Operation
us based folks may be more interested in the privacy implications of the recent at&t/nsa “gate”. i am too, but what interests me even more is the detailed technology disclosed on how at&t implemented sniffing on fiber optics, how isp’s handle the logistics of answering the legal call of wiretap needs, as well as analyzing possible security fail points in the nsa’s operation (if indeed it was theirs).
why the nsa did good
it’s been known for years that listening to optical lines is possible. it has been known for years the nsa listens to the internet. it has been known for years that much of the internet’s backbone sits in the us and at&t is a big part of that. it’s been known that us citizens also use the internet.
no one really wrote about how listening to optical lines is possible until now, or how, but my most serious reply to that is carbon-copied from a friend: duh.
how else did the american citizens expect the nsa to do this? there are naturally other ways which we will not discuss today, but the backbone sits on american soil, are you telling me the nsa should not use it? that is just plain silly.
the nsa’s mandate as far as i understand it, especially after the 70′s fiasco’s, is sigint on everything except us citizens/companies/etc. i bet it is very difficult to filter out such possible domestic communication, but that is why they have such brilliant minds working for them. which brings us to the fbi and carnivore -
why the fbi f*cked up working with isp’s
i should probably point out that if i was a major isp often asked to answer the call of law enforcement with legal wiretaps, this could be very annoying as well as technologically a killer to my network architecture.
just sticking some hub somewhere in my network may not cut it, and will certainly not cover all of the communication. what about different lines and locations?
as a large provider, at&t probably had to find better solutions to the call of the law, or reply on the law’s technology to not kill their business.
this indeed happened before. according to one nanoger at the fbi’s carnivore presentation a few years ago, “sticking” just such a hub is what caused his network to break-down.
creating a centralized wiretapping point under strict security may be just the thing to both comply and save costs, not to mention staying on the air.
unlike with copper lines where you can use the em emissions to “listen in” to the lines, or even cut them in half and connect them to a sniffer, with fiber optics you simply can’t. as you must be aware of, optical lines work by “transmitting” light. in order to listen in on that communication one must somehow see some of that light.
without going too much into how this actually works, the protocols using this layer-1 and layer-2 optical hardware beams a lot of redundant light, which bounces off the “walls” in different directions in the tube until at least one of the beams in the data stream reaches the next repeater/switching point/routing point. a single sustained beam of light is often used in bigger pipes, but these also have a lot of redundancy.
being able to use one photon for each bit of data is what everyone wants to do, but isn’t happening quite yet outside the lab. this would get even more interesting in the future with quantum cryptography.
in this paper released by wired detailing the spying operation from the perspective of an at&t employee, there are also a couple of other papers attached which detail the network architecture at&t used to enable sniffing of the information, as well as some interesting information from a related “legal wiretapping” technology conference, iss world.
ignoring the privacy and us legal issues for a moment, the nsa does not seem that stupid to me, as to trust the operation and technology to be developed by a third-party localized organization.
my guess is that at&t was asked to prepare the infrastructure where the nsa could use their own gear from. perhaps even under certain guidelines, conditions and rules (such as even security clearance for employees and key-pad combination locks, as the paper mentions).
writing a paper about it so that it can be recreated seems like a good idea.
a security issue which comes to mind here is how the information was handled. this reminds me of an incident in israel where ibm was contracted to do a certain job with the arrow anti-missile project, and some of the code in the system was legacy code which was originally developed in the egypt ibm office. this was a serious security concern in the israeli military industry, and was the result of lack of supervision over third-party contractors.
i don’t see “top secret” on the at&t document, which would at least mean this was meant to stay quiet. if it was, than at&t obviously wasn’t very much following the nsa’s wishes on security. we do see on some of the pages “at&t proprietary” and “use pursuant to company instructions”.
on the physical security level the “secret” room used for the spying seems to be somewhat in paranoid security mode with quite a bit of physical security measurements, probably by nsa decree… therefore i don’t know where the security breach occurred, but was this document supposed to be released? if not, who is at fault? at&t, the nsa or a traitor?
maybe non of the above. this doesn’t seem like a security breach to me.
i tend to believe this information was not a secret, but just a technical solution to a business problem with complying to a potentially hazardous technical requirement by the law.
it is possible although unlikely that the nsa decided the existence of the physical wiretap was not a secret (hey, congressional hearing?), nor was the fact that fiber optics can be sniffed. if that is the case i see no security implications here either.
however, if everything but the existence of the room was to be a secret, from what happens there (physical wiretapping for sigint purposes) to how (breaking the optical line), security was indeed breached.
was this breach critical? not in the slightest.
i doubt the nsa as a serious western intelligence organization, as well as a secretive one would want even that known. still, we don’t know what their technology to gather the data was, how the information was processed, how and where it was saved and where it was relayed to. then we don’t know which of it was actually seen by a human. we don’t know what their interest was, except a vague indication of “terrorism”.
seems like this was run smoothly after all, and we, due to lack of information, run to make the wrong conclusions.
privacy implications.. what exactly was done with the wiretap, etc. we don’t know. it is far from me to even guess. it is well within the realm of possibility it was all used legally, but the infrastructure needed to exist for that. i am sure the different investigation bodies who will look into it will come to some sort of conclusions and find some scape-goats if indeed something evil was done.
they will probably even look into better monitoring of what the nsa does (i.e. more people in the know).
i don’t know much about the particulars of this case, nor what president bush instructed. that is for the high-paranoia privacy guys in the us to find out.
i doubt the nsa, fbi and others on their own have any reason to spy on or allow spying of us citizens and/or businesses. than again, i am not a us citizen, what do i know?
i know about logistics with network service providers, the business need to stay on the air and the problems of complying to such requests. i also know such wiretapping is possible and i know that the backbone sits on us soil.
what else do i need to know except that every other country in the world tries the same thing? well, that the internet is not a secure medium and people need to secure themselves. surprise people show sometimes shocks me.