The world’s internet is interconnected by a vast web of undersea cables, and it’s no secret that global intelligence agencies have tapped them to siphon up everyone’s data. But what about the fiber optics being installed everywhere underground and fixed to power poles across North America? It’s the stuff of movies, like in the film "Kandahar," where Gerard Butler poses as a broadband contractor in Iran just to tap the fiber, enabling the CIA to sabotage the nuclear base with malware. It sounds far-fetched, but tapping fiber optics is easier than you think if someone with bad intentions has sufficient access.
High-speed fiber optics form the backbone of our communication networks, carrying vast amounts of data and providing a single point of entry to the internet. While fiber optics offer incredible speed and bandwidth, they are not immune to security vulnerabilities. In fact, fiber optic cables can be tapped with relative ease, allowing malicious actors to intercept and potentially manipulate data without detection. This article explores the methods and risks associated with fiber optic tapping and highlights the importance of encrypting all data in transit using a VPN to secure your internet not just from your ISP, but from potentially unforeseen threats in between.
Understanding Fiber Optic Tapping

In 2015, the late Kevin Mitnick demonstrated just how easy it is for a hacker to tap into a fiber network and read someone's email. Using an optical fiber clip-on coupler, Kevin showed how, in under five minutes, someone in close proximity to a fiber optic wire could set up a clandestine operation, sniff the network, and capture any unencrypted data flowing through it. Although optical fiber clips weren't designed for this purpose, they can be used effectively for tapping and are available on the darker corners of the internet for just a few hundred dollars.
Fiber optic tapping involves accessing the light signals traveling through a fiber optic cable. These signals can be intercepted without interrupting the flow of data, making fiber optic tapping a stealthy and effective method of eavesdropping. There are two primary types of fiber optic tapping: intrusive and non-intrusive.
- Intrusive Tapping: This method involves physically cutting the fiber optic cable and inserting a tapping device. Although effective, it is more likely to be detected due to the disruption it causes.
- Non-Intrusive Tapping: This method does not require cutting the cable. Instead, it exploits the properties of light propagation within the fiber. Techniques such as bending the fiber or using optical splitters allow data to be tapped without causing noticeable disruptions.
Common Fiber Tapping Techniques

Fiber optic tapping involves accessing the light signals traveling through a fiber optic cable, allowing for the interception of data without interrupting its flow. This method of eavesdropping is both stealthy and effective, making it a significant security concern. There are many methods that can be used to tap fiber at different points, and the equipment and complexity required can vary widely based on the resources a threat actor has on hand. The exact point of access and proximity to the attacker also play crucial roles in determining which method is used to gain persistent, undetected access. Various methods to tap fiber optics include:
- Fiber Bending: By bending the fiber at a specific radius, light can be forced to leak out of the core, where it can be captured by a tapping device. This method exploits the critical angle of total internal reflection within the fiber. When the fiber is bent beyond its tolerance, the angle of incidence changes, causing some of the light to escape from the core. This escaped light can then be captured and analyzed.
- Optical Splitting: This involves inserting a splitter into the fiber optic line, which diverts a portion of the light signal to a monitoring device. Although this method is more intrusive, requiring the fiber to be cut and rejoined, it can remain undetected for long periods if done carefully. Splitters are designed to divide the optical signal, allowing simultaneous transmission of data to the intended recipient and the monitoring device.
- Evanescent Coupling: This technique requires placing a polished fiber next to the target fiber, allowing light to couple between the two fibers. When the fibers are in close proximity, the evanescent field of one fiber can transfer light to the other. While this method is highly effective, it is difficult to implement in the field due to the precise alignment and polishing required.
- V-Groove Cut: A V-shaped groove is cut into the cladding of the fiber, causing light to escape from the core. This method relies on creating a precise cut that disrupts the total internal reflection within the fiber. The escaped light can then be captured by a photodetector. This method requires specialized equipment and expertise to execute correctly.
- Scattering: By etching a Bragg Grating into the core of the fiber, a portion of the light signal can be reflected out. This method uses the principles of diffraction and reflection to divert a part of the light signal. It requires advanced technology to create the grating, making it less common but highly effective when used.
The Process of Tapping Fiber Optics

Tapping fiber optics is relatively straightforward, but siphoning off the data for analysis at another location requires careful planning and technical expertise. An attacker would need knowledge and pre-authorized access to optical cables and connection points or use covert methods to remain undetected. As computer boards become smaller and faster, and with the rise of 5G and satellite internet, the potential for such scenarios increases. This is especially true as internet service providers rush to install new high-speed internet across new territories, often overlooking physical security to be the first to service an area. Here are the steps a potential attacker would take:
- Setup:
- The attacker places a tapping device at a strategic point in the fiber optic network, such as a splice point or distribution hub. The tapping device is connected to an optical network terminal (ONT), which converts the intercepted optical signals into electronic signals.
- Data Capture:
- Packet sniffers and analyzers, like Wireshark, are used to capture the electronic signals. These tools help the attacker identify and filter valuable data streams from the mass of intercepted information.
- Traffic Analysis:
- The attacker analyzes the captured data to identify specific targets, such as login credentials, emails, or VoIP calls. This information can be used for further exploitation or sold to other malicious actors.
- Data Exfiltration:
- The intercepted data is either stored locally on the tapping device or transmitted to a remote location using wireless transmission methods like Wi-Fi or cellular networks.
- Traffic Manipulation:
- Advanced attackers can also inject malicious data or commands into the network, exploiting the compromised connection to launch further attacks or disrupt services.

Real-World Examples of Fiber Tapping
If this sounds implausible, it’s not, because it’s happened before. In 2000, three main trunk lines of Deutsche Telekom were breached at Frankfurt Airport, allowing attackers to intercept sensitive data without detection. Similarly, in 2003, an illegal eavesdropping device was discovered on Verizon's optical network, highlighting the vulnerability of even well-secured networks. Further showcasing the lengths to which some entities will go, the submarine USS Jimmy Carter was retrofitted in 2005 to conduct undersea cable tapping, demonstrating the potential for intercepting fiber optic communications on a large scale. These real-world examples underscore the importance of physical security when guarding fiber optic networks against such threats.
Securing Your Data with TorGuard VPN

Given the ease with which fiber optic cables can be tapped, it is crucial to secure not just your data at rest, but all data transmitted over internet-connected networks. It’s not just a question of "Do you trust your ISP?" but rather "Do you trust the subcontractors, the installation methods, and the physical security of your Internet Service Provider’s infrastructure?" As ISPs compete to offer service in new territories, one must consider the hiring methods and background checks of the contractors chosen to build and service existing installations. These are complicated questions, but by encrypting your data in transit, you can be assured that even if it is intercepted, it remains unreadable and useless to the attacker.
TorGuard VPN service offers a robust solution for securing your internet activities, providing several key benefits:
- End-to-End Encryption: TorGuard VPN encrypts all data transmitted between your device and the internet, protecting it from interception and eavesdropping.
- Anonymity: By masking your IP address, TorGuard VPN helps maintain your anonymity online, making it difficult for attackers to target you specifically.
- Secure Protocols: TorGuard VPN uses advanced security protocols such as OpenVPN and WireGuard, ensuring that your data is protected by the latest encryption technologies.
- Preventing Traffic Analysis: VPNs obscure your internet traffic, preventing attackers from analyzing your data to extract useful information.
- Remote Access Security: TorGuard VPN allows secure remote access to your network, ensuring that your data remains protected even when accessing it from unsecured locations.
By implementing these measures, you can significantly reduce the risk of successful fiber optic tapping and ensure the security of your data in an increasingly connected world. Don't take off that tin foil hat just yet.