[liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

coderman coderman at gmail.com
Tue Mar 18 16:28:22 PDT 2014 

regarding the latest discussion of full take voice and cache for weeks[0]:

updated image of the landing station now at:
  https://peertech.org/files/wci.jpg

the lower left images are the landing station,
  the upper remainder the cable operator facilities.


these landing station infrastructure upgrades were performed as part
of "some intelligence programs".


voice compresses exceptionally well, particularly some non-free codecs
or tightly tuned opus :)


[ see also: the Google Voice Search hack against Android devices
performed by DITU at DEF CON 19 with DRT boxes amped to max - this
also made great use of highly compressed Speex aspect; so many phones
in "Open MIC Night" without undue congestion or noticeable impact on
data channel even if in use. ]


last but not least, regarding cover stories for such infrastructure:
at Sprint in the late 90's there was a pioneering effort at full-take
DPI on backbone OC-12 and OC-48 links.  the cover story was
"collecting only header information, and only to optimize internet
routing across the internet."

the reality was: a slight adjustment, heavily compartmentalized, to
full take and DPI for intelligence work.  (see also the origins of the
DPI vendors :)  in all likelihood, many technicians have seen
something funny, but the plausible story was plausible, and so...

[ note however that this system could not store full take for any
period, like the pioneering GCHQ efforts for full spectrum capture and
cache across data in addition to voice.  thus the focus was on custom
ASIC and hardware chasis mounted to storage where matching "streams"
could be "selected" and then processed UPSTREAM. ]


perhaps more later!


---

link salad:

long phat cables:
  http://cryptome.org/eyeball/cablew/cablew-eyeball.htm
  http://cryptome.org/eyeball/cable/cable-eyeball.htm
  http://cryptome.org/nsa-seatap.htm


and telegeography's submarine cable map:
  http://www.submarinecablemap.com/


also relevant:
  http://cryptome.org/telecomm-weak.htm
  http://cryptome.org/nsa-fibertap.htm
  http://cryptome.org/nsa-lynn.htm



0. "NSA surveillance program reaches 'into the past' to retrieve,
replay phone calls"
   http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html
"The voice interception program, called MYSTIC, began in 2009. Its
RETRO tool, short for "retrospective retrieval," and related projects
reached full capacity against the first target nation in 2011."


--- end top post of great negligence ---


On Tue, Jun 25, 2013 at 10:09 AM, coderman <coderman at gmail.com> wrote:
> On Tue, Jun 25, 2013 at 6:26 AM, Eugen Leitl <eugen at leitl.org> wrote:
>> ...
>> Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers.  That makes a much smaller number of people who might ever notice the splitters and taps, and makes it totally transparent to the ISP.  But the big question is, does this happen?  I'm sure some people on this list have been to cable landing stations and looked around.  I'm not sure if any of them will comment.
>
> yes it happens.  c.f.:
>   http://207.198.103.187:8081/wci.jpg
>
> the lower images are the facilities at the landing site, the upper
> images the termination / peering point a few score miles down fiber.
> pre-911 the landing site was more shack and less fortress (i may have
> a before picture somewhere.)
>
> cryptome has some great info on cable routes and facilities:
>   http://cryptome.org/eyeball/cable/cable-eyeball.htm
>   http://cryptome.org/nsa-seatap.htm
>   http://cryptome.org/telecomm-weak.htm
>   http://cryptome.org/nsa-fibertap.htm
>   http://cryptome.org/nsa-lynn.htm
>
> note that this line of inquiry is frowned upon.  after Sean Gorman's
> dissertation on critical infrastructure vulnerabilities the prevailing
> approach has been security through obscurity.  we all know how well
> that works...  ;)

More information about the liberationtech mailing list