The Unsolved Mystery Attack on Internet Cables in Paris (wired.com) 47
As new details about the scope of the sabotage emerge, the perpetrators -- and the reason for their vandalism -- remain unknown. From a report: Buried deep beneath your feet lie the cables that keep the internet online. Crossing cities, countrysides, and seas, the internet backbone carries all the data needed to keep economies running and your Instagram feed scrolling. Unless, of course, someone chops the wires in half. On April 27, an unknown individual or group deliberately cut crucial long-distance internet cables across multiple sites near Paris, plunging thousands of people into a connectivity blackout. The vandalism was one of the most significant internet infrastructure attacks in France's history and highlights the vulnerability of key communications technologies. Now, months after the attacks took place, French internet companies and telecom experts familiar with the incidents say the damage was more wide-ranging than initially reported and extra security measures are needed to prevent future attacks. In total, around 10 internet and infrastructure companies -- from ISPs to cable owners -- were impacted by the attacks, telecom insiders say. The assault against the internet started during the early hours of April 27. "The people knew what they were doing," says Michel Combot, the managing director of the French Telecoms Federation, which is made up of more than a dozen internet companies. In the space of around two hours, cables were surgically cut and damaged in three locations around the French capital city -- to the north, south, and east -- including near Disneyland Paris.
"Those were what we call backbone cables that were mostly connecting network service from Paris to other locations in France, in three directions," Combot says. "That impacted the connectivity in several parts of France." As a result, internet connections dropped out for some people. Others experienced slower connections, including on mobile networks, as internet traffic was rerouted around the severed cables. All three incidents are believed to have happened at roughly the same time and were conducted in similar ways -- distinguishing them from other attacks against telecom towers and internet infrastructure. "The cables are cut in such a way as to cause a lot of damage and therefore take a huge time to repair, also generating a significant media impact," says Nicolas Guillaume, the CEO of telecom firm Nasca Group, which owns business ISP Netalis, one of the providers directly impacted by the attacks. "It is the work of professionals," Guillaume says, adding that his company launched a criminal complaint with Paris law enforcement officials following the incident. Two things stand out: how the cables were severed and how the attacks happened in parallel. Photos posted online by French internet company Free 1337 immediately after the attacks show that a ground-level duct, which houses cables under the surface, was opened and the cables cut. Each cable, which can be around an inch in diameter, appears to have straight cuts across it, suggesting the attackers used a circular saw or other type of power tool. Many of the cables have been cut in two places and appear to have a section missing. If they had been cut in one place they could potentially have been reconnected, but the multiple cuts made them harder to repair.
"Those were what we call backbone cables that were mostly connecting network service from Paris to other locations in France, in three directions," Combot says. "That impacted the connectivity in several parts of France." As a result, internet connections dropped out for some people. Others experienced slower connections, including on mobile networks, as internet traffic was rerouted around the severed cables. All three incidents are believed to have happened at roughly the same time and were conducted in similar ways -- distinguishing them from other attacks against telecom towers and internet infrastructure. "The cables are cut in such a way as to cause a lot of damage and therefore take a huge time to repair, also generating a significant media impact," says Nicolas Guillaume, the CEO of telecom firm Nasca Group, which owns business ISP Netalis, one of the providers directly impacted by the attacks. "It is the work of professionals," Guillaume says, adding that his company launched a criminal complaint with Paris law enforcement officials following the incident. Two things stand out: how the cables were severed and how the attacks happened in parallel. Photos posted online by French internet company Free 1337 immediately after the attacks show that a ground-level duct, which houses cables under the surface, was opened and the cables cut. Each cable, which can be around an inch in diameter, appears to have straight cuts across it, suggesting the attackers used a circular saw or other type of power tool. Many of the cables have been cut in two places and appear to have a section missing. If they had been cut in one place they could potentially have been reconnected, but the multiple cuts made them harder to repair.
Putin (Score:1)
Re:Putin (Score:5, Insightful)
Re: (Score:3)
Follow the money: What would a state actor, or any large-scale actor for that matter, gain by doing this? And I don't mean a generic "well they could do X when Y is happening", I mean this specific attack at this time?
Pulling the top plate off a cable duct and cutting the cables with a cordless cutter of some kind isn't Mission Impossible, I could organise that with a few friends in about an hour, most of which would be spent googling where the cables ran and driving there. So if the overall impact was ab
Re: Putin (Score:2)
Both are totally possible and you guys know it
Re: Putin (Score:2)
Re: (Score:2)
Sounds like a test (Score:5, Insightful)
This sounds like a test to be to judge if simultaneous attacks were possible, how well they would work, and probably response/repair time.
Now that data has been gathered, the next one will be the real deal.
Would be interesting to see how they act to try and prevent this. Increased security around the entrance for these maintenance points? Seems like you couldn't really guard all of them very well.
Re: (Score:2)
You don't need to dig anything up. Every few hundred metres there will be a manhole giving access to the ducting.
Re: (Score:3)
Indeed. The trick is not getting to the cables and cutting them, the trick is to know where to look and which cables to cut. Once that is clear, better hobbyist-level equipment and a few actually competent people can do it.
Re: (Score:2)
Seeing some people working at a maintenance junction would likely not attract attention from passersby. People randomly digging up a section of hillside or street might result in a visit from a local cop wanting to see credentials and work orders.
Re: Sounds like a test (Score:2)
Re: (Score:2)
Would be interesting to see how they act to try and prevent this. Increased security around the entrance for these maintenance points? Seems like you couldn't really guard all of them very well.
I would guess something like better armor on the ducts, maybe fencing, maybe cameras and alarms? It should be possible (if annoying, ugly, and expensive) to change the physical design from a "resist accidental damage and protect the uninvolved public" model to "delay and respond to intentional attack" one.
You can't make these kinds of attack totally impossible, but if you can make them take more time, require heavier equipment, or reduce response time it can be a lot harder to do an attack and get out witho
Re: (Score:2)
Re: (Score:2)
Maybe. It could be French intelligence playing games again. They have a history of being loose cannons.
Re: Sounds like a test (Score:2)
Could also be a distraction while a fourth cut was made on a more interesting junction to install tapping equipment. Remember the âoeJimmy Carter?â
JC Denton's back at it (Score:2)
Time to round up Silhouette.
Re: (Score:2)
centralization (Score:2)
We like to think of the internet as decentralized. Separate networks have to connect somewhere to make an internet. These inter-connection points create centralized places to do a lot of damage.
I admire the French... (Score:3)
Re: (Score:3)
In that case they forgot their goal (Score:2)
> This was probably a job action ... designed to send a message
If so, they absolutely suck, because they forgot to state any message at all.
Re: (Score:3)
because they forgot to state any message
It was the mimes. No message WAS the message.
Called "Hankecised" (Score:1)
Back in the early 90s I used to work in a hospital. Over the preceding 2 decades, cables were ran in the ceilings. We're talking an RS-232 cable for each terminal connecting to mainframes and DEC minis. It was to the point that the drop-ceiling in the basement had quite a bow in parts due to the weight of the cables. They called this one guy named Hank from telecom and told him to reduce the weight on the ceiling on the parts that were bowing by removing unneeded cables.
So what did Hank do? He goes to
Re: Called "Hankecised" (Score:3)
Donning my Cyberpunk-RPG hat (Score:3)
That's what I would do when I would prepare for an assault on a company that relies heavily on internet connectivity. How long does it take for the connection to be reestablished? What services are actually down? What processes are in place to remedy the situation? What backup services are in place?
Backup services are notoriously badly secured. Because they exist as an emergency tool that doesn't receive the same scrutiny as the primary connections when it comes to security and safety, because they should never really be used, so why waste resources on securing it?
Re: (Score:2)
You wouldn't cut the cable to prepare. You'd access the cable and identify it and do everything but cut it, if you could be reasonably sure that you could avoid detection in the process. You don't cut the cable until you're actually ready to perform the attack, so presumably whatever was going to happen has already happened.
Re: (Score:2)
Depends on the attack. If the attack includes the line "Hi, I'm here from your provider to fix your problem"...
hostile adversary (Score:1)
i know it's fashionable to always blame Russia, but it may be warranted in this case.
This is a "cheap" operation which is capable of causing a great deal of trouble.
if you are trying to destabilize european democracies, these sort of attacks can cause a great deal of chaos with very little investment.
also too, is it possible that this was done as misdirection, i.e. to cover up some other attack ?
Maybe not... (Score:1, Interesting)
i know it's fashionable to always blame Russia, but it may be warranted in this case.M
If it was Russia it would have been 100 cuts, not 3, and many of the junctures would have had explosives to take out repair crews.
Though it could still be Russia and that's the eventual plan.
Authority is too Soft (Score:1)
Re: (Score:2)
Hardly a new problem (Score:2)
French Security Service making a point? (Score:2)
This is the most optimistic interpretation; 'white' attackers have proved to a lot of companies that they need to get their level of redundancy in their networks WAY up.
Let's hope this wake up call gets the attention it deserves. As evidence it was the government, I find the fact that no videos of the attackers were referred to; if this had happened in London, such images would have been released. Note also that it's just after the Presidential election, so not designed to affect that.
Re: French Security Service making a point? (Score:1)
What did they steal? (Score:2)
Free 1337 (Score:2)
What an unusual choice for a company name! I'm no detective but if they were the first to "immediately" post images of the cut lines, that seems awfully sus to me.
Re: (Score:2)
Espionage / Theft Motivation? (Score:2)
Michel Combot (Score:2)
That name sounds a bit fishy. Is that really just a communications bot?