Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
Well, I know that NSA has its own undersea network, but I can only take a fairly crude guess as to what it might look like. SInce it was several years ago, I guess I won't be getting into too much trouble mentioning some NSA work I participated in. It was not classified (though they probably wanted it to be, but we were one of the ultimate fiber optic consulting groups that just happened to be civilian, and NSA had an emergency). On one occasion, they had us testing reflective modulators used undersea (which take a signal in, modulate it, and reflect it back out the same port). So they were probably doing some optical FDM on top of exisiting commericial signals. On another occasion we were debugging some OC-3 electronics that were flaking out undersea, due to the non-MilSpec components their vendor was using. So the obvious guess here is ATM. So I suspect that NSA runs a parasitic OC-3 ATM network optically "on top of" existing commericial OC-192. They can probably select up to 155 Meg of eavesdropped traffic to send into undersea AAL3 VCs and dredge back up over to be Echeloned. (Of course, that OC-3 ATM network could merely have a been a control network for something far more complicated, which come to think of it might be more likely. I doubt they'd let us see so many components if it was possible to "guess" what their network was by seeing them.) -TD From: Thomas Shaddack <[EMAIL PROTECTED]> To: Dave Emery <[EMAIL PROTECTED]> CC: <[EMAIL PROTECTED]> Subject: Re: Using time-domain reflectometry to detect tamper attempts on telecom cables Date: Sat, 8 Mar 2003 07:39:36 +0100 (CET) >But getting the bits from under the ocean somewhere back to > Fort Meade without being detected must be more interesting. Can't they hire their own fiber in the cable, splice it, and feed the preprocessed data in there? > It probably is true that the right wavelength laser will > penatrate water for some limited distance so a link could be set up from > a bouy near but below the surface to a sensitive telescope in earth > orbit. I heard copper vapor lasers would do, that they are used for eg. intersubmarine communication. But can't confirm nor deny this. > ...as there was no overlap of traffic on multiple wires. What techniques are used to pick the data from the mix of the signals from the cables with more wires? >Doing this for a sonet ring carrying 10 gbs or so as some > undersea cables now do seems rather challenging - at the very least > how one would follow changes in channel allocations and traffic loading > would seem very problematic. And intercepts that are weeks or months > old would be very much less interesting in most cases than near real > time intercepts - particularly of targets like terrorists. It's being said that NSA is losing its grip on communications, to their great joy. It must make them mad. Hee! :) ...maybe the era is coming when even the US will be forced to play fair? _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
> But getting the bits from under the ocean somewhere back to > Fort Meade without being detected must be more interesting. Can't they hire their own fiber in the cable, splice it, and feed the preprocessed data in there? > It probably is true that the right wavelength laser will > penatrate water for some limited distance so a link could be set up from > a bouy near but below the surface to a sensitive telescope in earth > orbit. I heard copper vapor lasers would do, that they are used for eg. intersubmarine communication. But can't confirm nor deny this. > ...as there was no overlap of traffic on multiple wires. What techniques are used to pick the data from the mix of the signals from the cables with more wires? > Doing this for a sonet ring carrying 10 gbs or so as some > undersea cables now do seems rather challenging - at the very least > how one would follow changes in channel allocations and traffic loading > would seem very problematic. And intercepts that are weeks or months > old would be very much less interesting in most cases than near real > time intercepts - particularly of targets like terrorists. It's being said that NSA is losing its grip on communications, to their great joy. It must make them mad. Hee! :) ...maybe the era is coming when even the US will be forced to play fair?
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
At 12:49 PM 3/7/03 -0600, Harmon Seaver wrote: > I'm sure I read about a way to do fiber, or that someone had developed a >device, that only involved removing a bit of the covering, not cutting into the >fiber at all. Evanescent waves. A *lot* easier to 0wn the landing points, and technicians with access thereof. And the telecom manufacturers.
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
On Fri, Mar 07, 2003 at 02:38:56PM -0500, Tyler Durden wrote: > > Undersea, I've heard that NSA uses splices, and that NSA has its own sub > for that purpose. (And the company I used to work for did some work on > undersea NSA optical projects, so I tend to believe the rumors I heard > there.) Tapping the cable isn't all that impossibly hard (though the things carry considerable HV to power the repeaters/optical amplifiers so it isn't entirely trivial either). But getting the bits from under the ocean somewhere back to Fort Meade without being detected must be more interesting. One wonders if there is any other practical technology than just stringing another cable covertly all the way back to the nearest friendly location where intercept gear and links back to the US can be set up. Are there bouys out there in the middle of the ocean with satellite dishes or laser optical transmitters on them ? How do we hide them ? It probably is true that the right wavelength laser will penatrate water for some limited distance so a link could be set up from a bouy near but below the surface to a sensitive telescope in earth orbit. But this sounds awfully risky and complex. And I guess a simpler approach might be to fly aircraft or drones over the tap and relay that way, though having aircraft circling somewhere over a cable would be a dead giveway I should think... The original IVY BELLS tap was of a limited capacity FDM analog coax link and was done by inductively sensing minute skin currents flowing on the surface of the cable (eg leakage of the signal). AFAIK there was only one coax in each direction so separating out traffic was done by demultiplexing the FDM-SSB signals (same way it was done on shore) as there was no overlap of traffic on multiple wires. Apparently the IVY BELLS taps involved recording certain voice channels on vast capacity tape recorders powered by Plutonium decay theroelectric generators. The tapes were only rescued months later when the sub came back to the tap site. Doing this for a sonet ring carrying 10 gbs or so as some undersea cables now do seems rather challenging - at the very least how one would follow changes in channel allocations and traffic loading would seem very problematic. And intercepts that are weeks or months old would be very much less interesting in most cases than near real time intercepts - particularly of targets like terrorists. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
I'm sure I read about a way to do fiber, or that someone had developed a device, that only involved removing a bit of the covering, not cutting into the fiber at all. Yes, there is such a device, and I've used one. The only problem with them is that the amount of attenuation that results from the tap is not very repeatable, but I'd bet there are military grade ones used terrestially that will consistently be undetectable. Remember, a few dB in an optical network can mean the difference between 'acceptable' operation (10e(-10) BER) and nearly complete dropout of the optical signal, initiating a protection switching event. (They also squeeze the fiber in a distinctly anisotropic way, which creates PMD which can kill an OC-192 signal in worst cases.) Undersea, I've heard that NSA uses splices, and that NSA has its own sub for that purpose. (And the company I used to work for did some work on undersea NSA optical projects, so I tend to believe the rumors I heard there.) -TD _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
On Fri, Mar 07, 2003 at 11:33:32AM -0500, Sunder wrote: > > Not sure what the NSA would do to tap fibers, certainly tempest wouldn't > work - except if there are repeaters nearby - or if they actually cut into > the fibre to splice it. I'm sure I read about a way to do fiber, or that someone had developed a device, that only involved removing a bit of the covering, not cutting into the fiber at all. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com
Using time-domain reflectometry to detect tamper attempts on telecom cables
Time to time, usually when it appears on Cryptome, I skim through the revisions of Wassenaar agreement lists of controlled technologies. It's a neat way to keep myself up to date with what technologies are available on the market and the approximate degree of security they offer. One of the controlled articles on the recent revisions mentions this: a.8. Communications cable systems designed or modified using mechanical, electrical or electronic means to detect surreptitious intrusion. Which, together with what I stumbled over some time ago, leads me to an idea. Time-domain reflectometers are used to check the integrity of cables and fibers. Commercial devices tend to be awfully expensive, but in some cases they reportedly can be improvised. http://www.hut.fi/Misc/Electronics/circuits/tdr.html is an example of an el-cheapo (and probably low-grade) version. (I am unable to assess its performance, my highfrequency-fu sadly isn't too good.) Maybe it could be possible to build a dedicated TDR system intended to be connected to installed cablings, periodically test the cables by sending pulses along them and watch what returns, compare the result with long-term average, and report differences. Could possibly also help with early discoveries of various "natural" damages, not only intrusions. Opinions, comments, construction hints, ideas about better and/or simpler approaches?
Re: Using time-domain reflectometry to detect tamper attempts on telecom cables
Well, I can only speak about OTDRs. Maybe it could be possible to build a dedicated TDR system intended to be connected to installed cablings, periodically test the cables by sending pulses along them and watch what returns, compare the result with long-term average, and report differences. This is already done in some networks. Actually, the OTDRs are set up on quasi-permanently to observe how a certain subset of a network changes over time. This is done particularly in extreme environmental conditions. (For instance, in the late 90s some of the service providers started to see occasional blackouts associated with very low temperatures. OTDRs deployed revealed it to be "Temperature Induced Cable Loss"...the sheath on a fiber bundle was shrinking in the cold, constraining some of the fibers within the sheath and causing high attenuation.) Of course, fiber optic networks change regularly over time as a function of temperature. (Polarization Mode Dispersion can change drastically in older fibers when comparing day and night). BUT, this is often overkill... Could possibly also help with early discoveries of various "natural" damages, not only intrusions. Opinions, comments, construction hints, ideas about better and/or simpler approaches? There'are already "smart structures" such as bridges that use VERY cheap versions of "OTDRs" to look at much less detailed information than a true OTDR. These incoporate FBGs (fiber bragg gratings) into the concrete, and the reflected energy through the grating is a strong function of the stress and strain on the structural elements. As for looking for spooks and terrorists, it's been known for a long time that NSA has its own sub that makes undersea taps, for monitoring intercontinental traffic. I've thought about how you'd detect such a splice, and I believe it would be difficult but do-able. Difficult because there's going to be a mandatory few dB of loss associated with the split, but that kind of thing can easily happen to fibersmaybe a killer dolphin chewed on the cable or something (and of course they'll use an isolator in order to hide whatever's on their side of the tap). But that kind of splice might have a characteristic signature that will look different from other random kinks or attenuation, particularly when combined with certain databases. (I'd say looking at it over time would help, but its probably too late for the undersea fibers.) -TD _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail