Summary
European investigators allege that the Chinese-owned ship Yi Peng 3 deliberately dragged its anchor to sever two Baltic Sea undersea data cables connecting Lithuania-Sweden and Finland-Germany.
While the Chinese government is not suspected, officials are probing possible Russian intelligence involvement.
The ship’s suspicious movements, including transponder shutdowns and zig-zagging, suggest deliberate action.
The vessel, linked to Russian trade since March 2024, was carrying Russian fertilizer when stopped.
NATO warships surround the ship, but international maritime laws limit investigators’ access.
Not easily.
They’re deep enough down that getting to them requires some creativity (ROVs, specially trained deep sea divers, etc.)
Then, how do you sever the connection with the operator not seeing the break? Just installing the snooper is going to take time. A sudden loss of all signal and then that signal coming back? Yeah they’ll notice.
Then how do they get the data back? Either they have to run their own cable out (expensive and obvious,) or they use the cable itself and double the data going through…( also obvious. )
Further, everyone and their grandma uses encryption for basically everything. Anything actually interesting is going to be heavily encrypted. (This is also why they’d double the data through put. The snooper won’t have the power to break the encryption,)
FWIW, optical cables have electronic repeaters spaced regularly along their length, so it may not be necessary to interrupt the connection to put a tap on it.
Even if data is encrypted, the source and destination addresses may be in the clear. If that’s the case, it is still valuable for traffic analysis. Similarly, it’s possible that an attacker has the means to decrypt traffic (they have the keys, or an exploit in the implementation).
As to getting the data back, you’re right that an attacker probably wouldn’t want to duplicate the entire flow of traffic, but they may wish to copy all data to/from certain addresses.
True, but gaining physical access to the repeater is going to still be difficult, and I would be shocked if there’s not some type of switch that triggers an alarm when it’s accessed. It would also be extremely difficult to upload fresh firmware to it in place- at least, or without removing it to a dry environment.
(Maintenance would just upload it through the data connection.)
It would be easier (and probably actually profitable…) to gain access to it during manufacture. This was the legitimate concerns about 5g infrastructure being made in china.
Regardless, it’s almost certainly more cost effective to get hooks into the IT guy maintaining the system than any physical attack.
Even if there are tamper sensors (unlikely, for something on the seabed built by cheapskate telcos), you could very likely trip it or just take it offline, and they’d attribute it to normal wear and tear from the ocean and its denizens.
Also, you can tap fiber optic lines by bending them, no cuts required. This seems unlikely for undersea cables, considering the size and weight and thickness of sheathing, but isn’t impossible.
They can actually just store the data on drives on the snooping device, and then periodically swap out the storage devices with a submarine.
Periodically like every minute?
These cables can carry terabits per second. I suppose if you had 100 petabytes of storage (that could probably be achieved with a single large rack of machines) you could just swap the entire rig every few hours or so, but that feels extremely cumbersome.
https://en.m.wikipedia.org/wiki/Operation_Ivy_Bells
You can just store metadata instead of all traffic (most of it is encrypted anyway). Or just store the packets that interest you.
Feels like setup for a movie.
Call it Geek Squad