Sometimes Things just Break
For the last several days it has almost been impossible to get away from the news of numerous undersea telecommunications cables serving the middle east and sub-continent regions having been cut in a relatively short period of time.
Rather than just being passed off as a coincidence that four cables had been cut through (two in the Mediterranean and two in the Persian Gulf) via one means or another over several days, a lot of the analysis and opinion being put forward was that there was some form of secretive government conspiracy taking place and that the cable cuts were a diversion. Naturally the secretive government activity belongs to the United States and they are trying to tap sensitive communications passing through the Middle East.
This particular flight of fancy fails to take into account the ease with which communications can be tapped at the point that they enter or leave the undersea cable (thank you CALEA), and the problem that fixing a physical severance of an undersea line generally means that the line segments need to be raised and physically rejoined, which means that a physical tap on the line will be readily noticed (as well as detectable using line quality monitoring tools).
At least, the cables should be repaired and functional within a week or so. Although it is nice to think of the Internet as being a fault-tolerant mesh-like network, capable of readily redirecting around damage to one or more nodes, in reality there are a limited number of key trunk lines that are responsible for making sure whole segments of the Internet can talk to each other. When some of these lines break, as with these undersea cables, it forces their network load onto communication channels without sufficient bandwidth. This network overload can also cause some connections to fail, which is being suggested as the reason for at least some of the failures. At no stage is communication completely cut, it just shrinks in available bandwidth to the point that it is effectively cut for most users. Information originating from The Economist, but commented on over here indicates that there are only three cables providing most of the network interaction for the whole region affected, and they all pass very closely to each other at various geographic choke points.
The readiness of many Information Security "Professionals", as well as many other armchair quarterbacks, to jump to the conclusion that the breaks were a malicious attack is a poor reflection on the public perception of Information Security Professionals. Of course, if they said it was all a part of normal operations, then there would be no need for undersea cable breaks to be splashed all over the news. Internet users from within the affected region and conspiracy theorists were more than happy to point to the planned Iranian Oil Bourse as the reason for the cuts, but despite some claiming single data points as authoritative, Iran never actually lost its internet connectivity.
Claiming the cut cables is the result of malicious activity is as valid as saying that the bungled Antivirus definitions file updates from Symantec (and other vendors) that results in end user systems being rendered unbootable are a malicious act.
Security Theater and overreaction is a topic that has been covered before, but this is a case where a lack of knowledge was allowed to develop into ignorance of facts and the public reporting is actually more damaging than not reporting about the breaks. It is symptomatic of the generally poor state of reporting on technical matters, and it allows for the rapid deterioration of facts into conspiracy fodder.
Observing how information gleaned from a few sources (reports of cable cut, non-response of a specific Iranian network device, and excited bloggers, reporters and Internet users within the affected countries) is allowed to spread and evolve is like watching the world's biggest game of Chinese Whispers. In this case, poor information was able to dominate over good information. With Information Security, it is this challenge that is faced every day - how to adequately extract accurate information and original sources from a flood of data that may be tertiary reporting and more harmful than beneficial. Some people have solved this problem better than others.
9 February 2008
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.