Calif. attacks send warning that Internet lines are 'basically unsecured'

Trevor Hughes | USA TODAY

Show Caption Hide Caption What does an Internet fiber-optic backbone cable look like anyway? What does an Internet fiber-optic backbone cable look like anyway?

DENVER – Repeated and successful attacks on fiber-optic cables in California have security experts warning the Internet's physical infrastructure is "basically unsecured" and vulnerable to both casual and determined attackers.

FBI agents in California are investigating after someone early Tuesday morning severed three high-capacity fiber-optic cables, causing Internet outages in the San Francisco area and suburban Sacramento. It was the 11th such attack in a year. The outages highlighted the fact that virtually all information today is routed via the Internet, from phone calls and Facebook updates to remote security cameras.

Experts and the FBI say whoever cut the lines needed tools and expertise, and that it's unlikely the repeated acts are simple vandalism. The attacks generally happened in underground vaults where the cables were protected by sheathing called conduit.

Those underground vaults are rarely monitored, and often sit in remote areas. In many parts of the West, the cables are buried a few feet underground but their routes are marked by waist-high orange poles, and above-ground junction boxes are housed in easily accessible storage sheds. While the Internet was designed to be redundant, there aren't that many backbone cables. Cutting a few could cause widespread disruption.

"Our most critical infrastructure is basically unsecured," said Roger Entner of Massachusetts-based Recon Analytics.

Fixing the three cables cut Tuesday took more than five hours, and they were all in the same vault, the FBI said. What worries security consultants is that someone may be testing how long cable repairs take, and how customers respond.

"There are a lot of people who didn't get to watch 'House of Cards' and they're probably pissed," said Brian Laing of California-based Lastline, an Internet security firm.

Laing said a more sophisticated attacker could access the backbone cables and siphon off data, or even worse, conduct what's known as a "man in the middle" attack where data is intercepted, changed and then sent back on its way, with no one the wiser.

FBI investigating string of attacks against Internet backbone in Calif. The FBI is investigating string of attacks against the Internet backbone in California, including one early Tuesday morning.

Fiber-optic cables transmit data in pulses of light, sent down hair-thin strands of plastic or glass. FBI agents say whoever cut the cables has tools and equipment necessary to enter underground cable vaults and slice through protective conduit. High-capacity lines usually contain more than 100 individual fibers wrapped together. Many of the cables are thin enough they can be cut with scissors, a fragility belying their importance as the interstates of the information superhighway.

In April 2009, underground fiber-optic cables in California were cut at four sites, knocking out landlines, cell phones and Internet service for tens of thousands in Santa Clara, Santa Cruz and San Benito counties.

At high-security military installations, soldiers physically inspect fiber-optic cable daily, said Ralph Descheneaux of North Carolina-based Network Integrity Systems. Descheneaux's company makes military-grade equipment to remotely monitor fiber-optic lines for signs of tampering.

"You can spend a lot of money on encryption and fire walling, but you also need to cover the basics," he said. "At the end of the day, if you don't protect the actual transport mechanism, you're always going to have a point of vulnerability."

FBI agents are asking for the public's help in solving the rash of fiber-optic cable attacks, but warn the attackers might actually be dressed up as utility workers.

Contributing: Jessica Guynn