Is it possible to tap fiber-optic cables without the owner getting wise? Even if you could tap modern cables, I assume everything is now encrypted and carries so much bandwidth that it becomes possible to sample the interesting intelligence.

It certainly has been the case in the past (when undersea fiber operators were much less careful) that cables have been tapped without the owner getting wise. IIUC the method used in the past was to bring the cable inside a submarine which has a specialized fiber cleaving and joining machine. Some amount of full transmission loss already occurs, so to the operator is just looks like blip.

Here's a description of an early operation (which I think was actually on copper cables): https://en.wikipedia.org/wiki/Operation_Ivy_Bells

When I worked at Google, Snowden and others showed that it was likely the US NSA was spying on Google fiber outside of US, I believe the speculation was that they tapped lines around UK, possibly underwater. There's nothing quite like seeing a packet trace containing an RPC between a frontend and backend and being able to recognize the communicating services, collected by a third party. Google greatly sped up its RPC encryption project after that revelation.

Google's Grace Hopper cable lands right next to GCHQ Bude, which has an NSA listening station. They don't even need to be subtle about it.

This is one of those ones where my instinct is "no": not only would you have to not cause an interruption or reflection that the break detection TDR systems could see, and crack any encryption, and sample what you want from the Tbps, all from a small box under the sea, but also you have to somehow get that data out and back to base, again from under the (mostly radio-opaque) sea and halfway around the world, all without even a whisper of a clue to the tappees.

Then I remember how far ahead the likes of the NSA and NRO are compared to what we're familiar with, and become rather less sure. The Orion satellites have 100m radio dishes, and were first launched in the 90s. Two Hubble-like telescopes were so old hat that they were donated to NASA in 2012. Considering that the NRO is so secrecy-oriented that its very existence was classified until 1992 (it went 11 years completely undetected, and leaked via a New York Times article in 1971 and an accidental entry in a budget report in 1973) and no mission since 1972 is declassified, this says a lot about how much further on they are.

Then again, if unattended taps were installed on cables, you'd also expect them to occasionally be found when lifting cables for repair. And they'd be so advanced that it might be worth lifting an entire cable to check for and acquire such a tap. Which means the tappers would think twice about putting one in, if they could then lose it.

> if unattended taps were installed on cables, you'd also expect them to occasionally be found when lifting cables for repair

<conspiracy theory> An advanced enough attacker would build their cable taps in such a way that they automatically dropped off when they detected the cable being lifted - and would probably result in suspected but not provable "damage caused by human activity" that has broken through the cable armouring and exposed the fibre bundle inside. Now I'm wondering if the Svalbard cable damage was a software bug in the cable tap device.

even the metadata would be valuable though, so you wouldn't need to crack the encryption, and you don't have to have it be real-time, so you can just process and save the relevant data and pick it up later, so my instinct is that it's possible there's something there, but it would be really difficult, and we might hear about it in 50 years, just like we learned about Bletchley Park.

Normal fiber optic can be tapped surreptitiously[0]. There are a number of companies that sell anti-intrusion tech, but it's hard to say which side is winning with respect to what governments can do.

[0] https://fac.ksu.edu.sa/sites/default/files/06149809-Optical_...

Just tap a repeater and deal with encryption later.

As I understand it (being nothing more than a Google expert on the subject), the repeaters aren't the sort of thing you can just "tap". They don't decode and re encode any data, they don't even "see" the raw encrypted data as such, they're just specially doped sections of fibre with pump lasers that amplify the optical signals.

The "Get pumped" section of this page has an almost ELI5 overview: https://hackaday.com/2023/08/08/under-the-sea-optical-repeat...

Private companies provide equipment and software to analyse all raw data going through an ISP. All the big names, from US and EU to some countries in Asia, bought this equipment and software.

So, my guess is that a government's budget can enable sampling anything from "so much bandwidth". Regarding encryption, if you run the numbers, to brute force common encryption algorithms it would take Google's compute 1 second. Image all Google service have an outage for 1 second. Google is just an example to imagine the sizing required. In other words, technically possible. And shouldn't be dismissed with "oh, there is encryption, so that door is closed for any threat actor".

> Source: I worked on said analytical software.

> if you run the numbers, to brute force common encryption algorithms it would take Google's compute 1 second

That's not true at all.