Sunday, September 27, 2015

Are physical cables attacks practical?

Is it practical to carry out an attack that requires physical access to a cable?

It is extremely practical, depending on the value of the target or ease of access. Practicality is based on cost versus reward, just like risk is based on value vs likelihood. CISSP resources discuss qualitative assessments for computing risk where a damage ranking is low, medium, or high. (Gregg, 2005) Using a response based on those rankings, a data integrity or confidentiality attack would represent a high reward for an attacker. Since the yield value is high, a high cost can be invested in it. According to Mandiant, remote attackers persist in an infected network for over two hundred days before detection. (Mandiant, 2014) The physical cable attack by the United States under the Sea of Okhotsk lasted for most of the 1970s until its existence was exposed to the Soviets by a defector. (Drew & Drew, 2008) Ronald Pelton was the spy that turned over that tap to the Soviets, which was collected in 1981. (Warner, 2012) What is a mere 200 days of information if an attacker can suck up data for a decade?

Who might exploit a physical access attack?

  • Random individual (in the accidental case)

  • Disgruntled insider (or former employee)

  • Financially-motivated criminals

  • (Maybe) ideologically-motivated actors ("terrorists")

  • (Or even) state-sponsored professionals ("spies") (Sauver, 2011, p5)

On the side of spies, the United States carried out another instance of this sort of attack against East Germany with the CIA in Operation REGAL. (NSA, 1988) A tunnel was dug to grant access to telecommunications lines and a physical layer tap was applied. In pop culture, ideologically motivated attackers demonstrated the value of a physical attack when a hacker social engineered his way into a secure storage facility and spliced a Raspberry Pi system into the network, which used a wireless card to provide a remote access backdoor. (Giles, 2015)

On the denial of service side, the ease of the attack once access is available means that it can be combined with other attacks. In 1969 the ritualistic murder of Sharon Tate by the Charles Manson family was accompanied by cutting the phone line. (Gardella, 1969) It is both effective and cheap, which has led to it being a staple in pop culture across many mediums. (TVTropes, n.d.)

When considering that cleaning jobs and private building security jobs are fairly low paid, getting hired or paying off an existing worker would not be much of a stretch for a motivated attacker. (PayScale, 2015) If the attacker is a disgruntled insider then they already have convenient access to cabling and time to plan and carry out the act, so pretty much all of the 'practicality' of the attack is already free.

Drew, C., Sontag, S., & Drew, A. L. (2008). Blind Man's Bluff: The Untold Story of American Submarine Espionage. PublicAffairs.

Gardella, K. (1969, August 10). Actress and 4 slain in ritual. Sunday News. Retrieved September 27, 2015

Giles, M. (2015). Mr. Robot Recap: Casualties in Every Revolution. Vulture. Retrieved September 27, 2015 from

Gregg, M. (2005, October 28). Risk Assessment. Pearson. Retrieved September 27, 2015 from

Mandiant. (2014). Beyond the Breach. M Trends. Retrieved September 27, 2015 from

NSA. (1988). Operation REGAL: The Berlin Tunnel. National Security Agency. Retrieved September 27, 2015 from

PayScale. (2015). Maid or Housekeeping Cleaner Salary. Retrieved September 27, 2015 from

Sauver, J. (2011). Physical Security of Advanced Network and Systems Infrastructure. Internet2. Retrieved September 27, 2015 from

TVTropes. (n.d.) Cut Phone Lines. Retrieved September 27, 2015 from

Warner, M. (2012). Cybersecurity: a pre-history. Intelligence and National Security, 27(5), 781-799.

No comments:

Post a Comment