←back to thread

Two undersea cables in Baltic Sea disrupted

(www.cnn.com)
577 points mooreds | 5 comments | 18 Nov 24 14:31 UTC | HN request time: 0.649s | source
Show context
ct520 ◴[19 Nov 24 05:12 UTC] No.42180260[source]
Dumb question but my assumption is fiber optic cables could be “tapped”? But the disruption would be noticeable when monitoring the cable. Could you just tap it when you cut it and when it hooked back up that’s the new baseline with the tap in place? That would seem more of a logical reason then a country just randomly cutting lines to me?
replies(3): >>42180345 #>>42180526 #>>42187302 #
jillesvangurp ◴[19 Nov 24 05:34 UTC] No.42180345[source]
Most/all of the traffic would be encrypted.
replies(1): >>42180914 #
1. donalhunt ◴[19 Nov 24 07:48 UTC] No.42180914[source]
That wasn't the case in the past. Events over the past 15 years have resulted in most companies encrypting all traffic between datacenters (due to the perceived risk). TLS between consumers and companies is probably at an all time high though due to a push for end-to-end encryption.
replies(2): >>42181002 #>>42181120 #
2. metachris ◴[19 Nov 24 08:06 UTC] No.42181002[source]
TLS doesn't help here, because state actors (including China, Russia) own trusted root certificates, which allow them to TLS-terminate for _any_ website they choose and silently decrypt/MITM the traffic.
replies(2): >>42181733 #>>42185747 #
3. picohik ◴[19 Nov 24 08:25 UTC] No.42181120[source]
These things get encrypted at a lower layer, macsec. At the transport layer it's all transparent. No need for TLS between your servers, that's just wasted overhead.

You typically encrypt anyway because you just lease the line and buy the b/w. It's operated by a different company and you share the wire with other customers.

4. lolc ◴[19 Nov 24 09:59 UTC] No.42181733[source]
TLS offers quite good protection actually: Anytime they create fraudulent certificates they risk burning their CA. Attacks need to be very targeted to keep risk of detection low. Due to Certificate Transparency, hiding attacks got even harder. And for sites that use cert pinning, the attack doesn't even work in the first place.

And eavesdrop is one thing but I'm not clear how you could MITM an undersea cable without the operators noticing.

5. gruez ◴[19 Nov 24 17:11 UTC] No.42185747[source]
>and silently decrypt/MITM the traffic.

Except it's not silent because you need to expose your misissued certificate every time. Sure, the average joe won't spot it, but all it takes is one security researcher to expose the whole thing. AFAIK there are also projects by google and the EFF to monitor certificates, so the chances of you getting caught are really high. Combined with the fact that no such attacks has been discovered, makes me think that it probably doesn't occur in practice, or at least is only used against high value targets rather than for dragnet surveillance.