Summary

European investigators allege that the Chinese-owned ship Yi Peng 3 deliberately dragged its anchor to sever two Baltic Sea undersea data cables connecting Lithuania-Sweden and Finland-Germany.

While the Chinese government is not suspected, officials are probing possible Russian intelligence involvement.

The ship’s suspicious movements, including transponder shutdowns and zig-zagging, suggest deliberate action.

The vessel, linked to Russian trade since March 2024, was carrying Russian fertilizer when stopped.

NATO warships surround the ship, but international maritime laws limit investigators’ access.

  • FuglyDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    29 days ago

    Not easily.

    They’re deep enough down that getting to them requires some creativity (ROVs, specially trained deep sea divers, etc.)

    Then, how do you sever the connection with the operator not seeing the break? Just installing the snooper is going to take time. A sudden loss of all signal and then that signal coming back? Yeah they’ll notice.

    Then how do they get the data back? Either they have to run their own cable out (expensive and obvious,) or they use the cable itself and double the data going through…( also obvious. )

    Further, everyone and their grandma uses encryption for basically everything. Anything actually interesting is going to be heavily encrypted. (This is also why they’d double the data through put. The snooper won’t have the power to break the encryption,)

    • sbv@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      10
      ·
      29 days ago

      FWIW, optical cables have electronic repeaters spaced regularly along their length, so it may not be necessary to interrupt the connection to put a tap on it.

      Even if data is encrypted, the source and destination addresses may be in the clear. If that’s the case, it is still valuable for traffic analysis. Similarly, it’s possible that an attacker has the means to decrypt traffic (they have the keys, or an exploit in the implementation).

      As to getting the data back, you’re right that an attacker probably wouldn’t want to duplicate the entire flow of traffic, but they may wish to copy all data to/from certain addresses.

      • FuglyDuck@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        29 days ago

        True, but gaining physical access to the repeater is going to still be difficult, and I would be shocked if there’s not some type of switch that triggers an alarm when it’s accessed. It would also be extremely difficult to upload fresh firmware to it in place- at least, or without removing it to a dry environment.

        (Maintenance would just upload it through the data connection.)

        It would be easier (and probably actually profitable…) to gain access to it during manufacture. This was the legitimate concerns about 5g infrastructure being made in china.

        Regardless, it’s almost certainly more cost effective to get hooks into the IT guy maintaining the system than any physical attack.

        • catloaf@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          29 days ago

          Even if there are tamper sensors (unlikely, for something on the seabed built by cheapskate telcos), you could very likely trip it or just take it offline, and they’d attribute it to normal wear and tear from the ocean and its denizens.

          Also, you can tap fiber optic lines by bending them, no cuts required. This seems unlikely for undersea cables, considering the size and weight and thickness of sheathing, but isn’t impossible.

      • jonne@infosec.pub
        link
        fedilink
        arrow-up
        1
        ·
        28 days ago

        They can actually just store the data on drives on the snooping device, and then periodically swap out the storage devices with a submarine.