One of the tasks of the last few weeks was fighting a pitched battle against some telco sales guys with some very funny ideas about information security.
It seemed completely appropriate to them to claim that their MPLS network was secure and that our data was secure because it was in an MPLS-VPN.
Yeah… I was giggling too – in that “would you like orange or the more traditional black and white striped jumpsuit with your sentence” – rather than in the “wow, these guys are so out of their league, I should take it upon myself to edumacate them” way that I usually use.
For the record – there is no wide-area connection currently available which is impervious to either malicious or stupid failures in what little security is offered sufficient to protect your data. You MUST provide for CIA all by yourself.
And then today – this story from the lovely folks over at Vulture Central — “Optical Link Hacking Unsheathed”
At the Infosecurity show in London, Swiss encryption appliance firm Infoguard demonstrated the use of optical tapping to intercept a Voice over IP call travelling across an optical link (picture above). There was no noise on the line while the tap was in progress. A PC connected to the optical link via a media recorder (ED NOTE: Should be media converter) was able to recover the unencrypted data flowing over the link.
The scenario of optical hacking might appear like the fodder from Hollywood hacksploitation flicks rather than a practical threat. However, Infoguard said that in 2003 an illegal eavesdropping device was found attached to Verizon’s network. Investigators probing the hack reckoned it was motivated by an attempt to access the quarterly statements of a mutual fund company. The perps were never identified.
Yeah… exactly.
[tags]wan, encryption, optical, hack[/tags]