Part two of Qrypt’s “Understanding Quantum Risk” series of articles.
When data is transmitted over the internet there is always some risk that it could be intercepted. This is why secure encryption is so important – once an email or other data is sent off to another party you have no control over the security of all the mediating servers, undersea cables and other hardware through which your data needs to pass. It is worth considering the various points at which a message can be intercepted from the moment you press “send.”
Your own computer or organization’s server is an obvious first exposure. According to a 2017 study by Cloudflare, between four and ten percent of all encrypted web traffic is intercepted, usually by exploiting the sloppy handling of certificates or weak cryptography. If you are here reading about as sophisticated a topic as quantum-secure cryptography, you probably already know about the risks of weak passwords, phishing attacks, malware, and thumb drives of uncertain provenance. So, let’s move on to where the data goes next.
Data is routed from one IP address to another using a system in which individual servers identify their proximity to other servers in order to pass the packets of data along toward their destination. Various methods of data theft occur when servers are deceived about a compromised system’s ability to deliver that data. This is called Border Gateway Protocol (BGP) hijacking, which for example results in traffic getting sent through a country you wouldn’t expect. Other than properly encrypting your data, there isn’t much that you can do to prevent this from happening, since the hack takes place after the data has left your own servers. Publicly known BGP hacking incidents in the last few years have impacted Google, Amazon, Cloudflare, Microsoft and others.
According to Telegeography, a telecommunications market research firm, 99% of the world’s internet traffic zips around on fiber optic cables, most of which travel undersea. People can and do tap these cables in order to intercept data. Undersea cables in particular occupy a legally murky area. At the bottom of the ocean, no government has legal jurisdiction over what happens to them.
According to Forbes, the Russian government has a fleet of small submarines equipped with skids to lay deep on the sea floor and a pair of manipulator arms with which they tap undersea communications cables, including fiber optics.
Non-state actors may be able to compromise undersea cables as well. In April of 2022, The Department of Homeland Security announced that they had made an arrest in connection with a cyber-attack on an undersea cable by an international hacking group.
China is known for aggressively using military and intelligence resources to obtain trade secrets that can provide advantages to Chinese-owned businesses to the detriment of western businesses and economies. Any internet traffic that passes through China or its waters is vulnerable to interception. The threat is real enough that the US government put its foot down and refused to allow the Pacific Light Cable Project to be completed, even after millions of dollars had already been spent by a partnership including Google and Facebook to lay undersea cable. The cable was to come ashore in Hong Kong, where the Chinese government would have been in a position to intercept its traffic.
Of course, plenty of other cables reach shore stations in Chinese territory and massive amounts of data travel on those networks every day.
Interception of data by the Chinese government also potentially includes anything transmitted on Huawei’s infamous 5G network hardware. Beyond China, Huawei has been able to expand its network to cover other Asian countries and plans to build out a larger network in Africa. Any point in the world where any of Huawei’s hardware is used is an opportunity for data interception by the Chinese government. Even though Huawei has been stopped in the US by both the Trump and Biden administrations, if your organization needs to communicate with or through anyone in a part of the world where their hardware is used, then your data will probably be intercepted there.
While most of the world’s intercontinental internet traffic is routed through cables, a growing percentage is over satellites. That poses an even greater threat than over fiber optic cables. A few hundred dollars worth of equipment is all it takes for a hacker to start pulling data out of the sky without the risk of being caught physically tampering with anything.
An executive sending emails from an airplane is using a satellite, whether they think about it or not. Cruise ships and resorts in tropical paradises also tend to be supplied with internet access through satellite connections. The workaholics who keep getting on their laptops or checking their work email while on vacation are funneling data through one of the most insecure possible means.
These are data capture risks that an organization with data to protect can do relatively little about. You may be able to control IT security within your own computers and networks, but when communicating among a global team or with other organizations, the danger of data being intercepted is largely out of your hands.
This is why dependable, quantum-secure cryptography is so important. Using conventional forms of cryptography like RSA may seem adequate at the moment, but some amount of your encrypted data is probably being captured now and stored until more powerful quantum computers are available in the coming years to decrypt it.
Qrypt offers quantum-secure cryptography to ensure that whether your data is captured by a Russian cable tap, Chinese 5G equipment, or a hacker with a cheap satellite dish, they won’t be able to do anything with it. Ever. To learn more, sign up for our newsletter on our home page or contact our sales team at firstname.lastname@example.org.