It also doesn't say much except that the submarine can launch a little vehicle that goes down and taps the cables; tapping an already-installed 192 strand fibre cable without breaking any of the strands or disrupting communications would be impressive even even on land and there's no hint as to how the NSA is able to do this once they reach the cable.
Trying to install a tap on an active fiber cable sounds like a very much impossible feat for any kind of modern technology.
If I was the poor EE they laid this problem on, I would have the submarine install the tap while the cable is still being laid, before it's connected to any data streams.
Without knowing how long it takes to install the tap, it would also be possible to sabotage cables, install the tap while the cable is down, and make the sabotage out to be the doings of any number of semi-rogue countries in your targeted part of the world.
"The capacity of fiber optics is so much greater than other communications media
or technologies, and it's also immune to the stick-up-an-antenna type of
eavesdropping," said Jeffrey Richelson, an expert on intelligence technologies.
To listen to fiber-optic transmissions, intelligence operatives must physically
place a tap somewhere along the route. If the stations that receive and transmit
the communications along the lines are on foreign soil or otherwise inaccessible,
tapping the line is the only way to eavesdrop on it.
The intelligence experts admit there is much that is open to speculation, such
as how the information
recorded at a fiber-optic tap would get to analysts at the National Security
Agency for review.
The intelligence experts admit there is much that is open to speculation, such as how the information recorded at a fiber-optic tap would get to analysts at the National Security Agency for review.
How about another fiber in the same bundle?
Also, during the telco bust, there was a lot of 'dark' (i.e. unlit) fiber, probably prophylactically tapped by NSA.
Anyone recall the inet cuts to (Egypt?) about two years ago? (Damn, sorry - I just recall how the undersea cables were "cut" and there was a lot of speculation as to who/why... I think we have a culprit. [posting from my phone, ill try to search for a reference when I get to a machine]
I highly doubt it. The NSA has been tapping undersea cables for decades, there's no reason they'd have suddenly become so sloppy as to cut two cables in the same region. Especially as a cable will be inspected if cut and any surveillance equipment will be discovered.
I think it's more likely that those outages really were caused by ship anchors.
After reading the WSJ article from 2001, it's become clear that the FAZ/FAS article is largely based on it.
Interesting quote from the WSJ article, in light of the fact that it was written 3 months before 9/11:
The NSA long boasted some of the most powerful computers on earth. But the agency's technological edge dulled as the equipment aged and money grew tight. The NSA's budget is classified, but individuals familiar with it say it is about two-thirds what it was a decade ago, even before accounting for inflation.
Is there anyway for the signal to be bulk encrypted in realtime and have the cryptographic key between two end points automatically cycled and exchanged via means other than that cable?
I would imagine that making a cryptographically secure wired connection impervious to eavesdropped would be a thing by now.
> Is there anyway for the signal to be bulk encrypted in realtime and have the cryptographic key between two end points automatically cycled and exchanged via means other than that cable?
They could use one time pads (two identical lists of pregenerated random numbers) at the ends. Then XOR the traffic with those. It's unbreakable. They "key" could be terabytes long.
A terabyte of shared secret would run out in seconds on these links. (and if you reuse it, it's extremely insecure). It's totally possible (but possibly prohibitively expensive) to encrypt the traffic going through a link like this but a OTP is _not_ how you would do it.
There is a book called Blind Man's Bluff that documents how this started during the cold war by NSA tapping soviet undersea communication cables.
According to the book one of the captured tapping devices is on display in Moscow and on the side it says "Property of the United States Government". No point in hiding it...
The cable operators need to encrypt all traffic going through the fibers - problem solved. In fact what goes through the backbone should be encrypted many times over - by the backbone operator, by the company leasing the backbone bandwidth and by the end user.
Technologically I was in the impression that the end-points where barely able to route the traffic that's going trough these cables. Encrypting the traffic in real-time might not be possible.
Unfortunately, this article includes pretty much everything but how the NSA taps fiber at the bottom of the ocean. I'm actually a bit curious about this myself...
If you want to tap a classical signal traveling down a fiber, you want to turn that fiber into a beam splitter. A beam splitter probabilistically reroutes photons from the data stream down a different fiber. Since a single bit traveling down a fiber optic cable is represented by millions of photons in an identical optical state and fiber-optic lines are lossy, a few won't be missed. A 99/1 splitter (i.e. 99% one way, 1% the other) would be pretty hard to detect in a fiber optic line that is subject to fluctuating loss caused by bending, temperature change, etc..
The trick, according to this article, is to avoid cutting the fiber and splicing in a beam splitter. This is because, immediately after the fiber goes dark, the company running it will want to know where the fault is and hook up an OTDR to the line. In the simplest terms possible, this is a device that sends light down the fiber and looks at what gets reflected back. Any break in the fiber will reflect light back the way it came. Time how long the round-trip takes and you can pinpoint where the break is and send out a repair crew. If the operators are fast this can take mere seconds to do. Naturally, the NSA doesn't want repair crews finding their tap-in points!
So how do you turn a piece of fiber into a beam-splitter without cutting and splicing? Well, that's surprisingly easy. One way to create a fiber beam splitter is to take two fibers and fusion-combine them. Basically, you put them right next to each other and heat them up so that they melt together just a little bit. If you did this to a line in service it would never have to be cut. This is dead easy to do... to one fiber... in a lab. Doing it to a bundle of fibers in the deep sea is challenging! However, it's certainly feasible. Given that the NSA's budget dwarfs the entire scientific research budget of many nations, it's reasonable to expect they could get pretty good at it given a couple of decades.
They probably aren't doing this. I've done a little in free-space optics, but fiber really isn't in my bailiwick. There are probably other, much easier ways. However, based on a few minutes of thought I'm convinced the claims of the article are beyond merely feasible. I'd be shocked if the NSA, and every other nation out there with subs, doesn't have the same capability.
The real trick, of course, is getting the data back home (and processing it). The article suggests that the Jimmy Carter has the ability to lay fiber lines, presumably to take their purloined bits back to the nearest NSA processing center. The amplifiers spoken of are unlikely to be used to boost the signal that continues on the original fiber back to the people being spied upon, simply because a good method of tapping in should be indistinguishable from fiber loss, plus components like amplifiers spliced into the line are detectable! No, those amplifiers are likely there to boost the signal going down the NSA's pirate lines. What I don't understand is how the NSA keeps their lines from being detected. Wouldn't, for example, Russia patrol it's fiber back-bones (while tapping other nations fiber) and cut the NSA's lines? There may very well be an underwater struggle going on day-to-day that we're entirely unaware of!
I'd wager they've a dinky device that snaps onto a fibre (once it's unshielded), bends it a few degrees just enough that it leaks light ever so slightly, and have a photodiode within the device to amplify and relay the intercepted light down a parasite.
Ah... You sound like you know a bit! This method does indeed sound easier to pull off. Do you know how much loss you'd have to create before the fiber was bent enough to provide sufficient signal to the photodiode?
There's no way you're getting through that without it being service affecting. Even once you get through the layers of protective sheathing, and around the copper power lines that provide power to the undersea amps, you're suggesting that they fully remove the reflective sheathing to bend the fiber and tap off light? That is absolutely ludicrous. The process would introduce much more span attenuation than splicing in a 50/50 fiber tap (which is 3db).
Are you doing this to every fiber in the bundle, you'll need at least two tapped to get bi-directional communication. It's simply unfeasible.
Some types of optical amplifiers are vulnerable to side channel attacks, so they might be a weak point. However, they're also probably under more scrutiny from both maintenance and security people.
> A 99/1 splitter (i.e. 99% one way, 1% the other) would be pretty hard to detect in a fiber optic line that is subject to fluctuating loss caused by bending, temperature change, etc..
Please reference an example of a 99/1 splitter existing and usable on an optical line system. You can't get a usable signal from 1% of the light. The levels you would need to split off would be entirely noticeable.
> So how do you turn a piece of fiber into a beam-splitter without cutting and splicing? Well, that's surprisingly easy. One way to create a fiber beam splitter is to take two fibers and fusion-combine them.
This is not possible to do on a live system without it being service affecting.
Obviously, you'd need something faster. However, 1% of a microwatt is more than detectors like this need to get damned good signal. In fact, it might be enough to burn it out. If you have good control over the fusing process, splitting off much less than 1% would probably be preferable.
>This is not possible to do on a live system without it being service affecting.
Why not? The only impact on the fiber being tapped would be a brief period of heating and a temporary change in refractive index over, perhaps, a couple cm of fiber.
>If you have good control over the fusing process, splitting off much less than 1% would probably be preferable.
Nah, get the best split/splice you can without affecting the target fiber (without causing detection). You could use a power meter to determine the resultant signal strength, but if you've planned/done this more than a couple of times, you know what it is going to say. You could use an attenuator if needed to protect the detector, but since the detector current is dependent upon the gain of its amplifier, it would be simpler to simply adjust the gain. In fact using an auto-gain-circuit (AGC) here would be preferred, since it will automatically compensate for any differences in splice quality (within range). Also, it would be clumsy to design an amp that could easily burn out your detector, but sometimes you do crazy things when pushing performance to the limits.
IMO you couldn't use a silicon detector like the one from Perkin Elmer. It is fairly large (170um x 170um), and therefore has a large Capacitance, and therefore is as you say, slow. However, such detectors exist. They would probably use InGaAs if they used off the shelf stuff. Here is an example http://www.thorlabs.com/Thorcat/10700/APD310-Manual.pdf There are almost certainly better choices than InGaAs if they forget about cost and don't need to produce enough to supply the whole world. Given that NSA has its own chip-fab capabilities (it does), this seems like a possibility. Being on the ocean floor here is great because it is cool and dark, and therefore low-thermal-noise (also not a lot of RF, I bet).
>>This is not possible to do on a live system without it being service affecting.
>Why not? The only impact on the fiber being tapped would be a brief period of heating and a temporary change in refractive index over, perhaps, a couple cm of fiber.
I also see no reason that this or some other method could not be employed on a live cable, and go unnoticed.
My question is how the NSA gets the data back to where they want it. They have to lay cables of their own, probably have remote stations to reject some of the data; or maybe NSA has a secret undersea fiber network that rivals the normal one. They certainly have the money, I just never considered it.
No, they are probably using evanescent wave technology. Fiber optics works by reflecting the light down a channel - when light hits an interface between media with two different speed of lights, there is a reflective component and a refractive component. If you solve snell's law for a very shallow beam hitting a less dense media, you get an imaginary value for the angle of the refractive component. One way to interpret this is that zero of the light energy is reflected. But if you solve a wave function cos(x) with an complex value x, that is equivalent to a function with a complex exponential, potentially with nonzero, real preexponential.
That is what an evanescent wave is. There is light that decays exponentially "bleeding" off the reflective surface[1]. The snell's law solution is sort of a hack, what is really going on has to do with the quantum wavefunction of the photon ensembles, but the result is the same.
Biologists use evanescent waves to do microscopy - you can illuminate an area of low density underneath your coverslip, and effectively a very very thin layer of flourescence is illuminated right above the coverslip.
It would seem reasonable that the NSA would use exactly this technology to tap fiber optic cables without splicing them, and it should be nearly undetectable. There will be a nonzero loss of photons if you tap it, but it should be relatively negligible.
[1]note - the photonic energy is just 'there' as in the wavefunction has nonzero amplitude in that spatial region. It's 'bleeding' into the space outside of the fiber optic channel, but it's not actually bleeding energy, there is no energy loss from this 'spatial bleeding', unless there is something in that zone that is capable of absorbing that photonic energy.
If I understand both you and the parent correctly, you are describing the same process. When you melt two fibers together, the cores aren't really becoming one. Really, they melt together such that light from one core partially evanescently couples into the core of the adjacent fiber.
You can see this in "real life" if you take a glass filled with water and look into it. You can't see out of the glass, but if you press your finger to the side you'll see your fingerprint appear. You've changed the refractive index and change the reflection/refraction properties.
> No, they are probably using evanescent wave technology.
This is not a term used in fiber comm. The wave traveling down the fiber has a "mode", and part of it extends beyond the core. Yes, that part is evanescent, but it is part of the mode solution from Maxwell's equations.
All you've done is restated OP's explanation of how a fiber tap works.
I didn't read any physics in OP's explanation, and you don't necessarily need to melt a fiber optic cable to capture evanescent photons. However, I can see how melting the cable could achieve a splice using evanescent waves.
Might be able to kill the power to the line amps as well, install while it is being repaired. That could spread suspicion a little wider than the same line.
> Doing it to a bundle of fibers in the deep sea is challenging!
It is also detectable: Long haul folks sometimes pull up the cable to service it for various reasons. So they pull it up and see a zillion fiber taps? WTF?
And where does that cable tap go?
To your bigger point: Yes, this article has zero explanation of how it is done. The salient sentences are:
However, light signals can not be read in another way. Therefore you have so far to expose and turn that a small part of the light waves emerging from the fiber, the individual glass fibers. If you immediately reinforce these waves again and transported via another cable, it has diverted the data.
To anyone in fiber comm, this language is pretty much gobbledegook. Any chance the pastebin is a translation? It vaguely sounds like someone is describing a fiber tap, but in such confused language as to make it sound like a bad spy novel.
There's something which makes me suspicious about this story. Why would the NSA splice into fiber at the bottom of the ocean? Fibers at the bottom of the ocean have two endpoints, both of which are on or near land. Why bother with all the complications of splicing into a line at the bottom of the ocean when you can splice in on land?
Further, there are a ton of options for collecting data from a fiber connection at the endpoints that don't involve splicing the fibers at all. There's no reason to cut a fiber when you can detach the end and attach something between the end and the connector. Another possibility is a "software tap" where they could install packet sniffers in the relay firmware.
I'm not trying to say that I know how the NSA tap technology works, and I certainly can't rule out using a submarine to splice into wires at the bottom of the ocean, but I'm pretty sure there are smarter ways to achieve the desired result.
So how does the submarine know where the target traffic is going to be routed ? Unless it's greenland there are many ways your traffic could go: http://submarinecablemap.com/
I'm a little skeptical about this process given the other, much easier methods available to the NSA.
The one thing that isn't discussed here is data retention. Quite simply, how do you get the information to shore, where it can be processed, in a timely fashion? We're talking about thousands of TB or PB (or greater). You can't just simply send that up on a radio link, and a recorder device would have to be enormous. Processing and analysis cannot be realistically done on the submarine, and frequent trips back to the site would tie up a tremendous naval asset. I cannot in any sense see the Navy agreeing to the NSA's continued use of its submarines for tapping civilian traffic when its primary focus lies elsewhere (such as performing special operations in the Pacific.)
It's an open secret that the Jimmy Carter was built specifically to tap cables and perform other special missions, but the technical facets of tapping a major transatlantic cable for bulk data collection sounds too unrealistic when better alternatives exist; specifically, the major routing and landing points on US soil where equipment can be installed via cohersion of the owner.
This is my skepticism about these highly technical, complex theories as well. I don't know enough to discount them based on technical merit, and they all certainly sound feasible, however unlikely. It's possible that the NSA can be tapping fibers, running its own fibers back to Utah, storing the data in a massive storage network, running millions of CPUs to decrypt it all, reverse-engineering the ever-changing application protocols, running very deep analysis against the results, and then coming up with the targets' communications patterns. It just seems much easier, cheaper, and faster for them to drop a secret, legal order on the involved companies and let the data come to them. It's the ultimate hack.
I think everyone is overestimating the complexity here. There a stations underwater that contain optical amplifiers that necessarily boost the signal. A lot of optical amplifiers include monitor ports (splitters) built into the equipment.
71 comments
[ 1.6 ms ] story [ 786 ms ] threadOriginal is in german, sorry for the crappy Google translation.
Little info on Wikipedia: http://en.wikipedia.org/wiki/USS_Jimmy_Carter
EDIT: original article in german: http://pastebin.com/Sy8q4gmT
If I was the poor EE they laid this problem on, I would have the submarine install the tap while the cable is still being laid, before it's connected to any data streams.
Without knowing how long it takes to install the tap, it would also be possible to sabotage cables, install the tap while the cable is down, and make the sabotage out to be the doings of any number of semi-rogue countries in your targeted part of the world.
How about another fiber in the same bundle?
Also, during the telco bust, there was a lot of 'dark' (i.e. unlit) fiber, probably prophylactically tapped by NSA.
It does not appear to contain any new information that was not already publicly available: see, for example, the Wikipedia entry for the USS Jimmy Carter: http://en.wikipedia.org/wiki/USS_Jimmy_Carter_(SSN-23)
1. Behind a paywall at http://bit.ly/12cXRi9 ; full original text at http://pastebin.com/KFhVj2X1
I think it's more likely that those outages really were caused by ship anchors.
Alternative link (WSJ one acts wierd) : http://www.zdnet.com/news/spy-agency-taps-into-undersea-cabl...
Also for anyone looking for better reading, the wikipedia page sources (4][5][6][7]) all discuss this topic. http://en.wikipedia.org/wiki/USS_Jimmy_Carter_(SSN-23)
A video on how Fiber Optic splicing is done by boat is super interesting : http://www.dailymotion.com/video/xvlowj_tyco-resolute-mighty... (45minutes Tycho Resolute).
You would think this is a much easier way than building a billion dollar submarine, then again some cables are in delicate waters.
Interesting quote from the WSJ article, in light of the fact that it was written 3 months before 9/11:
The NSA long boasted some of the most powerful computers on earth. But the agency's technological edge dulled as the equipment aged and money grew tight. The NSA's budget is classified, but individuals familiar with it say it is about two-thirds what it was a decade ago, even before accounting for inflation.
I would imagine that making a cryptographically secure wired connection impervious to eavesdropped would be a thing by now.
They could use one time pads (two identical lists of pregenerated random numbers) at the ends. Then XOR the traffic with those. It's unbreakable. They "key" could be terabytes long.
According to the book one of the captured tapping devices is on display in Moscow and on the side it says "Property of the United States Government". No point in hiding it...
http://en.wikipedia.org/wiki/Blind_Man%27s_Bluff:_The_Untold...
If you want to tap a classical signal traveling down a fiber, you want to turn that fiber into a beam splitter. A beam splitter probabilistically reroutes photons from the data stream down a different fiber. Since a single bit traveling down a fiber optic cable is represented by millions of photons in an identical optical state and fiber-optic lines are lossy, a few won't be missed. A 99/1 splitter (i.e. 99% one way, 1% the other) would be pretty hard to detect in a fiber optic line that is subject to fluctuating loss caused by bending, temperature change, etc..
The trick, according to this article, is to avoid cutting the fiber and splicing in a beam splitter. This is because, immediately after the fiber goes dark, the company running it will want to know where the fault is and hook up an OTDR to the line. In the simplest terms possible, this is a device that sends light down the fiber and looks at what gets reflected back. Any break in the fiber will reflect light back the way it came. Time how long the round-trip takes and you can pinpoint where the break is and send out a repair crew. If the operators are fast this can take mere seconds to do. Naturally, the NSA doesn't want repair crews finding their tap-in points!
So how do you turn a piece of fiber into a beam-splitter without cutting and splicing? Well, that's surprisingly easy. One way to create a fiber beam splitter is to take two fibers and fusion-combine them. Basically, you put them right next to each other and heat them up so that they melt together just a little bit. If you did this to a line in service it would never have to be cut. This is dead easy to do... to one fiber... in a lab. Doing it to a bundle of fibers in the deep sea is challenging! However, it's certainly feasible. Given that the NSA's budget dwarfs the entire scientific research budget of many nations, it's reasonable to expect they could get pretty good at it given a couple of decades.
They probably aren't doing this. I've done a little in free-space optics, but fiber really isn't in my bailiwick. There are probably other, much easier ways. However, based on a few minutes of thought I'm convinced the claims of the article are beyond merely feasible. I'd be shocked if the NSA, and every other nation out there with subs, doesn't have the same capability.
The real trick, of course, is getting the data back home (and processing it). The article suggests that the Jimmy Carter has the ability to lay fiber lines, presumably to take their purloined bits back to the nearest NSA processing center. The amplifiers spoken of are unlikely to be used to boost the signal that continues on the original fiber back to the people being spied upon, simply because a good method of tapping in should be indistinguishable from fiber loss, plus components like amplifiers spliced into the line are detectable! No, those amplifiers are likely there to boost the signal going down the NSA's pirate lines. What I don't understand is how the NSA keeps their lines from being detected. Wouldn't, for example, Russia patrol it's fiber back-bones (while tapping other nations fiber) and cut the NSA's lines? There may very well be an underwater struggle going on day-to-day that we're entirely unaware of!
There's no way you're getting through that without it being service affecting. Even once you get through the layers of protective sheathing, and around the copper power lines that provide power to the undersea amps, you're suggesting that they fully remove the reflective sheathing to bend the fiber and tap off light? That is absolutely ludicrous. The process would introduce much more span attenuation than splicing in a 50/50 fiber tap (which is 3db).
Are you doing this to every fiber in the bundle, you'll need at least two tapped to get bi-directional communication. It's simply unfeasible.
The NSA loves when people think this thought.
At some point the signal must
a) be converted from electrical to optical
b) be boosted down the wire
c) be converted from optical to electrical
Easiest solution? Tap in at A, B or C.
Who's going to notice that your repeater at the bottom of the ocean actually has a NSA listener plugged into its debug socket?
Please reference an example of a 99/1 splitter existing and usable on an optical line system. You can't get a usable signal from 1% of the light. The levels you would need to split off would be entirely noticeable.
> So how do you turn a piece of fiber into a beam-splitter without cutting and splicing? Well, that's surprisingly easy. One way to create a fiber beam splitter is to take two fibers and fusion-combine them.
This is not possible to do on a live system without it being service affecting.
http://www.thorlabs.com/newgrouppage9.cfm?objectgroup_id=171...
>You can't get a usable signal from 1% of the light. The levels you would need to split off would be entirely noticeable.
http://www.perkinelmer.com/CMSResources/Images/44-12462DTS_S...
Obviously, you'd need something faster. However, 1% of a microwatt is more than detectors like this need to get damned good signal. In fact, it might be enough to burn it out. If you have good control over the fusing process, splitting off much less than 1% would probably be preferable.
>This is not possible to do on a live system without it being service affecting.
Why not? The only impact on the fiber being tapped would be a brief period of heating and a temporary change in refractive index over, perhaps, a couple cm of fiber.
Nah, get the best split/splice you can without affecting the target fiber (without causing detection). You could use a power meter to determine the resultant signal strength, but if you've planned/done this more than a couple of times, you know what it is going to say. You could use an attenuator if needed to protect the detector, but since the detector current is dependent upon the gain of its amplifier, it would be simpler to simply adjust the gain. In fact using an auto-gain-circuit (AGC) here would be preferred, since it will automatically compensate for any differences in splice quality (within range). Also, it would be clumsy to design an amp that could easily burn out your detector, but sometimes you do crazy things when pushing performance to the limits.
IMO you couldn't use a silicon detector like the one from Perkin Elmer. It is fairly large (170um x 170um), and therefore has a large Capacitance, and therefore is as you say, slow. However, such detectors exist. They would probably use InGaAs if they used off the shelf stuff. Here is an example http://www.thorlabs.com/Thorcat/10700/APD310-Manual.pdf There are almost certainly better choices than InGaAs if they forget about cost and don't need to produce enough to supply the whole world. Given that NSA has its own chip-fab capabilities (it does), this seems like a possibility. Being on the ocean floor here is great because it is cool and dark, and therefore low-thermal-noise (also not a lot of RF, I bet).
>>This is not possible to do on a live system without it being service affecting.
>Why not? The only impact on the fiber being tapped would be a brief period of heating and a temporary change in refractive index over, perhaps, a couple cm of fiber.
I also see no reason that this or some other method could not be employed on a live cable, and go unnoticed.
My question is how the NSA gets the data back to where they want it. They have to lay cables of their own, probably have remote stations to reject some of the data; or maybe NSA has a secret undersea fiber network that rivals the normal one. They certainly have the money, I just never considered it.
That is what an evanescent wave is. There is light that decays exponentially "bleeding" off the reflective surface[1]. The snell's law solution is sort of a hack, what is really going on has to do with the quantum wavefunction of the photon ensembles, but the result is the same.
Biologists use evanescent waves to do microscopy - you can illuminate an area of low density underneath your coverslip, and effectively a very very thin layer of flourescence is illuminated right above the coverslip.
It would seem reasonable that the NSA would use exactly this technology to tap fiber optic cables without splicing them, and it should be nearly undetectable. There will be a nonzero loss of photons if you tap it, but it should be relatively negligible.
[1]note - the photonic energy is just 'there' as in the wavefunction has nonzero amplitude in that spatial region. It's 'bleeding' into the space outside of the fiber optic channel, but it's not actually bleeding energy, there is no energy loss from this 'spatial bleeding', unless there is something in that zone that is capable of absorbing that photonic energy.
http://www.goochandhousego.com/products/passive-fiber-optic-...
This is not a term used in fiber comm. The wave traveling down the fiber has a "mode", and part of it extends beyond the core. Yes, that part is evanescent, but it is part of the mode solution from Maxwell's equations.
All you've done is restated OP's explanation of how a fiber tap works.
Make breaks A and B near the endpoints. Make a third break X, between A and B, and install splitter at X.
It is also detectable: Long haul folks sometimes pull up the cable to service it for various reasons. So they pull it up and see a zillion fiber taps? WTF?
And where does that cable tap go?
To your bigger point: Yes, this article has zero explanation of how it is done. The salient sentences are:
However, light signals can not be read in another way. Therefore you have so far to expose and turn that a small part of the light waves emerging from the fiber, the individual glass fibers. If you immediately reinforce these waves again and transported via another cable, it has diverted the data.
To anyone in fiber comm, this language is pretty much gobbledegook. Any chance the pastebin is a translation? It vaguely sounds like someone is describing a fiber tap, but in such confused language as to make it sound like a bad spy novel.
Edit: I should have read through the thread. It is a translation: https://news.ycombinator.com/item?id=5982681
Further, there are a ton of options for collecting data from a fiber connection at the endpoints that don't involve splicing the fibers at all. There's no reason to cut a fiber when you can detach the end and attach something between the end and the connector. Another possibility is a "software tap" where they could install packet sniffers in the relay firmware.
I'm not trying to say that I know how the NSA tap technology works, and I certainly can't rule out using a submarine to splice into wires at the bottom of the ocean, but I'm pretty sure there are smarter ways to achieve the desired result.
two: when you're a gov't agency you want to justify having a big budget and a shiny new toy, plus the overhead can be used for other stuff.
Maybe that's the old way ...
Yes, the other countries' subs patrol, but with submarines it's all about stealth and avoiding the patrol.
Blind Man's Bluff is a great read on the subject. http://en.wikipedia.org/wiki/Blind_Man%27s_Bluff:_The_Untold...
The one thing that isn't discussed here is data retention. Quite simply, how do you get the information to shore, where it can be processed, in a timely fashion? We're talking about thousands of TB or PB (or greater). You can't just simply send that up on a radio link, and a recorder device would have to be enormous. Processing and analysis cannot be realistically done on the submarine, and frequent trips back to the site would tie up a tremendous naval asset. I cannot in any sense see the Navy agreeing to the NSA's continued use of its submarines for tapping civilian traffic when its primary focus lies elsewhere (such as performing special operations in the Pacific.)
It's an open secret that the Jimmy Carter was built specifically to tap cables and perform other special missions, but the technical facets of tapping a major transatlantic cable for bulk data collection sounds too unrealistic when better alternatives exist; specifically, the major routing and landing points on US soil where equipment can be installed via cohersion of the owner.
But this is its primary focus, and is performing special operations in the Pacific.
https://www.google.cl/search?q=snowden+backbone+routers