According to Information Security magazine, the US government’s budget for information technology (IT) security in 2006 was $1,685,000 and climbing, along with threats to global infrastructure, but most traditional methods of securing data traveling over fiber optic networks remain easily evaded by inexpensive hardware, software and a little know how.

Once believed to be safer for moving data than copper-wired networks and wireless LANs, fiber and its growing use has offered hackers more opportunity than ever to tap into confidential data. Though breaches are generally kept quiet, they have been numerous, including hacks to networks operated by Deutsche Telekom, Verizon, police in Holland and pharmaceutical companies in the United Kingdom and France. The online availability of fiber optic cabling maps posted by some cities to draw business makes finding a place to breach easy.

Once the cable is accessed, clip-on couplers costing under $1,000 can be used to make a bend in the cable so small as to not interrupt light signals, thereby evading detection. The couplers leak a small amount of light through the sheath, allowing a photo detector, listed online for around $500, to capture data. An optical/electrical converter, found online for about the same price, facilitates a connection to an Ethernet network interface card, which then allows sniffer software to filter data packets.

Vendors have begun to develop intrusion detection and prevention technologies at the physical layer that provide alerts when an optical event, signaling a possible breach, is detected. Besides that, encryption is the easiest way to avoid loss of confidential information, eliminating the need for costly security solutions. EC

© Information Inc.