The FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California’s San Francisco Bay Area dating back a year, including one early Tuesday morning.
Agents confirm the latest attack disrupted Internet service for businesses and residential customers in and around Sacramento, the state’s capital.
FBI agents declined to specify how significantly the attack affected customers, citing the ongoing investigation. In Tuesday’s attack, someone broke into an underground vault and cut three fiber-optic cables belonging to Colorado-based service providers Level 3 and Zayo.
The attacks date back to at least July 6, 2014, said FBI Special Agent Greg Wuthrich.
“When it affects multiple companies and cities, it does become disturbing,” Wuthrich said. “We definitely need the public’s assistance.”
The pattern of attacks raises serious questions about the glaring vulnerability of critical Internet infrastructure, said JJ Thompson, CEO of Rook Security, a security consulting and services provider in Indianapolis.
Fiber-optic cables are essentially bundles of slender glass fibers that use light waves to transmit data. They are the interstate highways of the information superhighway, carrying vast amounts of data between decentralized hubs. From there, Internet services are delivered to homes and businesses by lower-capacity cables, including DSL.
In Arizona earlier this year, tens of thousands of residents were cut off from Internet service after someone sliced through underground fiber-optic cables.
In April 2009, underground fiber-optic cables in California were cut at four sites, knocking out landlines, cell phones and Internet service for tens of thousands in Santa Clara, Santa Cruz and San Benito counties.
“When it’s situations that are scattered all in one geography, that raises the possibility that they are testing out capabilities, response times and impact,” Thompson said. “That is a security person’s nightmare.”
Wuthrich said cutting the lines requires tools. Although fiber-optic lines themselves aren’t much bigger than diameter of a pencil, they’re usually protected by tough, flexible conduit. Citing the ongoing investigation, he declined to further discuss specifics of the attacks, which he said have generally occurred in remote areas not monitored by security cameras.
Mark Peterson, a spokesman for Internet provider Wave Broadband, said an unspecified number of Sacramento-area customers were knocked offline by the latest attack. He characterized the Tuesday attack as “coordinated” and said the company was working with Level 3 and Zayo to restore service.
Spokeswomen for Level 3 and Zayo confirmed the disruption but declined to discuss specifics.
“Law enforcement is involved and restoration crews are working to restore connectivity as quickly as possible,” Zayo spokeswoman Shannon Paulk said via email.
Level 3 and Zayo are primarily business-to-business Internet providers, connecting local services like Wave to the broader Internet with their high-speed fiber-optic lines.
Safeguarding these lines “is a massive challenge for municipalities, governments and Corporate America to deal with,” Thompson said.
Fiber-optic cable lines are everywhere and are very visible, said Richard Doherty, research director of The Envisioneering Group, a technology assessment and market research firm.
“There are flags and signs indicating to somebody who wants to do damage: This is where it is folks,” Doherty said. “You often have fiber from several companies sometimes going down the same street or the same trench. One attacker can dig one hole and wipe out service from three companies.”
Backup systems help cushion consumers from the worst of the attacks, meaning people may notice slower email or videos not playing, but may not have service completely disrupted, he said.
But repairs are costly and penalties are not stiff enough to deter would-be vandals, Doherty said.
“It’s a terrible social crime that affects thousands and millions of people,” he said.