
China Spying on Undersea Internet Cables - hsnewman
https://www.schneier.com/blog/archives/2019/04/china_spying_on.html
======
EastToWest
"As I have repeatedly said, we need to decide if we are going to build our
future Internet systems for security or surveillance. Either everyone gets to
spy, or no one gets to spy. And I believe we must choose security over
surveillance, and implement a defense-dominant strategy."

Can't agree more!

~~~
dogma1138
Even if you encrypt all traffic they can still spy you can't prevent physical
attacks nor can you prevent government spying trought warrants or by
compromising the service and content providers.

It doesn't matter if Facebook is going to be accessible trough TOR only or not
if the NSA or any other capable intelligence agency can compromise Facebook.

Even if you do somehow manage to put all physical transport links in the hands
of some impenetrable organization the US and China would just send a sub to
the ocean and tap the cables.

And just like it's granted that AT&T cables can be accessed by US authorities
China can access anything that a Chinese company lays down and likely even
with more ease.

~~~
dontbenebby
>Even if you encrypt all traffic they can still spy you can't prevent physical
attacks

Yes but a vast swathe of attacks are stopped with good encryption.

Recall for example that TLS ("HTTPS") provides integrity verification, not
just encryption.

~~~
dogma1138
Yes they are but it also doesn't have anything to do with this attack vector
where the ISP/backbone is the point of compromise.

~~~
vlovich123
A) If the traffic going over the backbone is properly encrypted compromise of
the backbone doesn't accomplish anything. B) Why can't the backbone nodes be
encrypted too so that any attempt to splice the fiber would result in a break
of the connection?

~~~
dogma1138
Some quantom cryptography can work but it's very iffy and expensive, there are
ways to detect taps and even when a cable is bent.

Simply cutting the connection because the signal was interupted won't work,
not to mention that many taps can be inserted without interruption and it's
not like the NSA can't figure out how to work around maintenance windows.

But in this case it's not even a covert unauthorized tap it's a Chinese
company ofc they'll cooperate with the Chinese government.

But again encryption doesn't prevent physical attacks of this sort they can
still suck all the data out and while it maybe useless unless they can decrypt
it this vector has nothing to do with building a secure internet.

The problem is that even if you encrypt everything state actors can simply go
one step up the chain at the end of the day someone needs to be able to
decrypt your packets besides you.

------
sandworm101
They aren't spying on "undersea cables". They aren't sending subs down to
split fibers or plant taps. Those days are long gone.

They are perhaps tapping at point where cables leave the shore, but even that
is old hat. With everything being encrypted, and the sheer volume of traffic,
intel agencies these days find it much easier to go to the source. If the NSA
or China want to read your email, they don't tap undersea cables. They go
directly to your email/text/cell service and siphon only the data they want.
Or, for things like meta data/location tracking, they can just buy the data
like any other company. That is the real future: the commoditization of
espionage.

~~~
dsl
> If the NSA or China want to read your email, they don't tap undersea cables

It is naive to say that the NSA does or does not use a particular collection
method. The truth is they use them all to varying levels of success.

Upstream collection (targeting the communication medium and infrastructure)
has been confirmed dating back to the 70s and as recent as 2013 with the
Snowden leaks. Even the PRISM program with its "direct access" to providers
like Yahoo and Google was eventually discovered to be tapping the fiber optic
links between the companies datacenters without their knowledge or consent.

~~~
dontbenebby
if you build it, they will tap

------
ttul
I wonder how much value there is in tapping undersea cables anymore. HTTPS is
pretty well established and companies are encrypting traffic between data
centers.

~~~
kitotik
Metadata and DPI is still pretty informative.

~~~
dnautics
it seems like the obvious solution would be to buy bandwidth on those and just
send a continuous bytestream over the cable, as a transport layer, say between
"2" and "3" and someone would just have to implement the standard protocols
(tcp/udp) over a subscription service to the moving bytestream.

------
BurningFrog
I always wonder how big the spy traffic is?

How many times is the average packet on the internet copied for surveillance
purposes, and how much does it slow down the net as a whole?

------
chrisseaton
I'm sure all large countries are spying on undersea internet cables.

------
HAL9000Ti
I'm already being spyed on by the USA, and have been for probably decades,
what's the difference?

~~~
DennisP
As the article says, "This shouldn't surprise anyone. For years, the US and
the Five Eyes have had a monopoly on spying on the Internet around the globe.
Other countries want in."

~~~
dsl
Which has a bad taste of whataboutism.

The huge difference is the NSA collects to achieve political goals. China
spies for political and economic benefit. Foreign businesses are frequently
targeted with the singular goals of IP theft or gaining leverage in business
negotiations.

~~~
A2017U1
Wow. I'm always astonished by the people who think economic espionage isn't a
huge part of Western intelligence services. It is.

The Americans just hide it better and it's entirely within their mandate.
China couldn't care less if the world finds out. France is absolutely running
wild and has been for decades. Australia has been caught planting bugs in
foreign leaders offices for the sole purpose of an oil companies business
deal.

------
stebann
How do they analyze the traffic? Is it possible to get something from these
actions?

------
Leary
So where in the article does it say that China is spying on the cables?

------
trpc
much of the internet traffic is served over TLS these days, DPI and such
equipment are becoming more and more useless. But hey, up to L4 is still
plaintext!

------
fisherwithac
Security has been the red-headed stepchild of software and, in some cases,
hardware innovation for a long time. And I agree that it's important to take
steps to ensure that changes.

I think two simple principles should be remembered to facilitate this:

1\. Most end users will choose convenience over security

2\. Security without usability is a compromise to security

If developers of these innovative technologies take the time to implement
tried-and-tested security/privacy controls while providing easy-to-undersatnd
education for non-technical users, then I believe things can certainly
improve.

------
chris_mc
Are we just making China the Boogeyman now on hacker news? I'm not trying to
be a whataboutist, but literally everything China is doing had been done for
decades by everyone else capable of doing that thing. Why are we suddenly up
in arms about China?

~~~
FakeComments
Because the US is engaged in a strategic struggle with China over ideological
dominance and influence on world events.

You can see the conflict spanning the South China see to trade relations and
economic investment to accusations both directions of misconduct in technology
manufacturing.

China has been getting more aggressive due to perceived US weakness, and this
kind of PR is part of a multi-pronged US response. As are increased
prosecutions for financial crimes and kicking up a fuss over the trade deal.

