Hacker News new | comments | ask | show | jobs | submit login

I can understand using unencrypted network within a data center (unless you are doubly paranoid), but why wouldn't they encrypt data between data centers?

Apparently these data centers were linked via dedicated lines -- there was no traffic or outside access to these fiber lines. They were used solely for communication between the two data centers (so technically still an isolated network).

A pretty good example to smack in the face of all those "Just Air-gap your distributed SCADA system!" devotees.

Such people exist?!

they do, sadly

They buy the lines in the ground. It is suppose to be 100% private. It is like having a wire from one room of your house to another. Wikileaks has a list of vendors/products who allow these types of things to happen. What I want to know is how they tapped the actual line. I would assume these lines are going directly into Google owned (or controlled) buildings.

You can tap fiber in a non-destructive way ( http://en.wikipedia.org/wiki/Fiber_tapping ) and in ways that increase attenuation only slightly (and that is contingent on you detecting it and having the equipment to even detect it).

If you know the route the fibre takes (which should be public and certainly government knowledge) you can install the tap anywhere along the length of the cable, roll up with a van the equipment and two guys in high viz vests with a fake work order, who the hell is going to check....(think the Ghostbuster's scene where they close half the road).

The crazy thing is that so many smart people at Google and encrypting the data still wasn't done.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact