Useful Links
SMBlog
RSS feed RSS icon
About this blog
About me
Archives of Dave Farber's IP list
Archives of RISKS Digest
The Legal Information Institute at Cornell University
Thinking Security
Firewalls and Internet Security: Repelling the Wily Hacker
The Electronic Frontier Foundation
The Tor Project
The Center for Democracy and Technology
Freedom to Tinker blog
Bruce Schneier's blog
Matt Blaze's blog
Matthew Green's A Few Thoughts on Cryptographic Engineering
Krebs on Security
February 2008
Underwater Fiber Cuts in the Middle East (4 February 2008)
Abandoned Ship Anchor Found Near Cable Cut (7 February 2008)
Teach a Man to Phish (13 February 2008)
A Technical Mistake (16 February 2008)
A Pakistani ISP "Hijacks" Youtube (24 February 2008)
Recent Posts
A Last Blog Post About Voting (4 November 2024
Voting: The Role of Process (3 November 2024
Voting While Temporarily Disabled (31 October 2024
My Retirement Talk (9 May 2024
Brief Notes on Computer Word and Byte Sizes (7 March 2023
In Memoriam: Frederick P. Brooks, Jr. --- Personal Recollections (18 November 2022
Attacker Target Selection (5 July 2021
Where Did "Data Shadow" Come From? (26 June 2021
Vaccine Scheduling, APIs, and (Maybe) Vaccination Passports (2 April 2021
Security Priorities (25 February 2021
Archive
2007 (43)
2008 (39)
2009 (21)
2010 (15)
2011 (16)
2012 (14)
2013 (6)
2014 (16)
2015 (14)
2016 (6)
2017 (17)
2018 (16)
2019 (17)
2020 (15)
2021 (4)
2022 (1)
2023 (1)
2024 (4)
 
Full Index
Tag Index

Underwater Fiber Cuts in the Middle East

4 February 2008

Within the last week, there have been outages affecting four underwater cables. Millions of users are off the net in India, Pakistan, Egypt, Saudi Arabia, UAE, Kuwait, Qatar, and Bahrain.

It isn’t clear yet exactly what happened. Two cables in the Mediterranean, SEA-ME-WE 4 and Flag Telecom’s FLAG cable were cut. The latter cut was 8.3 km from Alexandria; the former was reported to be cut near Marseille, though other reports have that cut near Egypt, too. After that, there were problems with two cables in the Persian Gulf. Flag’s Falcon cable was cut; a cable between the UAE and Oman has suffered some sort of power failure.

Four failures in less than a week. Coincidence? Or enemy action? If so, who’s the enemy, and what are the enemy’s goals?

You can’t have that many failures in one place — especially such a politically sensitive place — without people getting suspicious. Naturally, most of the fingers have pointed at the US and Israel, with Iran seen as the likely target. There’s just one problem: Iran doesn’t seem to have been affected much. In fact, one study shows better throughput to Iran after the incident.

Now — the US certainly has the ability to tap undersea cables. After all, they did just that to the Soviets several decades ago. That said, I don’t think it’s an NSA or Mossad operation, as some have speculated, because I don’t think they’re that stupid. Four failures at once will raise suspicions, and that’s the last thing you want when you’re eavesdropping on people.

If if wasn’t a direct attempt at eavesdropping, perhaps it was indirect. Several years ago, a colleague and I wrote about link-cutting attacks. In these, you cut some cables, to force traffic past a link you’re monitoring. Link-cutting for such purposes isn’t new; at the start of World War I, the British cut Germany’s overseas telegraph cable to force them to use easily-monitored links. One of the messages they intercepted — and cryptanalyzed — was the Zimmerman telegram, which asked Mexico to join Germany in attacking the US, in exchange for financial support and recovery of Texas, New Mexico, and Arizona. Instead, public outrage in the US contributed to the decision to enter the war against Germany.

The problem with this scenario is that the benefit is short-lived: the cables will be repaired in a few weeks.

One can construct other scenarios. Some I’ve seen involve stock market manipulation, al Qaeda trying to block access to nasty Internet content, clueless terrorists launching a denial of service attack, etc. Any of these are possible, but are they plausible? Who gains, and by how much?

Cables do fail, for all sorts of reasons, including ship anchors, storms (and there was bad weather in the area), earthquakes, even sharks. To be sure, a common failure cause seems improbable, given the geographic and temporal extent of the failures. Besides, Egypt says there were no ships in the area. (Cables fail even more on land, as Neal Stephenson explained in a wonderful article some years ago.)

So — I don’t know what happened. As a security guy, I’m paranoid, but I don’t understand the threat model here. On the other hand, four accidental failures in a week is a bit hard to swallow, too. Let’s hope there will be close, open examination of the failed parts of the cables.

Update: there’s a good summary article here. It also states definitively that both cuts in the Mediterranean were near Alexandria, which increases the odds that there was a common cause for the failure. Presumably, the confusion about the location of the SEA-ME-WE 4 break arose because the other end of the cable is in Marseille.
Update: Contrary to some rumors and reports, Iran has not been knocked off the net. See the Renesys analysis for details.
https://www.cs.columbia.edu/~smb/blog/2008-02/2008-02-04.html