The U.S. Department of Homeland Security, Homeland Security Investigations in Hawaii quietly let on that they had successfully thwarted a targeted attack against the network of a company that is responsible for managing the undersea cable connecting Hawaii with the Pacific region. The telecommunication cable hosts internet, cable, and mobile phone services.
The HSI Special Agent in Charge, John F. Tobon, commented in a statement to a local Hawaii news outlet, Star Adviser, “This is only one of the many examples of cyber incidents that HSI has responded to in Hawaii and the Pacific Region. Not only do we aggressively pursue these bad actors, but we also provide significant support to the private sector victims.”
While formal announcements are short on details, what is known is that the HSI Honolulu office received information that identified the attack by an international hacking group and working together with international law enforcement and the private company in Hawaii the suspect (not further identified) was located, and ultimately arrested.
Attribution has not been shared. Therefore, it is worth noting the Russian submarine forces have the know-how and capability to interfere with undersea telecommunications cables. In addition, the GRU (Russian military intelligence) is adept at compromising telecommunications networks. Given the recent CISA admonishment re Russia and the national infrastructure, one should not be surprised if attribution is ultimately placed at the feet of the Russian Federation.
Undersea cables as a target
Undersea telecommunications cables have long been a target of interest for intelligence organizations, whose successes and failures in exploiting access have been well documented in the annals of history. For example, in 1971 the undersea operation targeting the USSR navy, codename Ivy Bells, was initiated and ran for many years until compromised by Ronald Pelton who revealed the operation to the Soviets.
From time to time, accidental rupture of undersea cables occurs when anchors are dragged across seabeds in areas where cables are present. Similarly, natural disasters can and do interrupt undersea cable connectivity as was the case when the volcano erupted in January 2022 off the coast of Tonga.
In January 2020, Yemen’s telecommunications capabilities were cut by over 80% when a cable was inexplicably cut. Similarly, in 2008, 14 countries had their communications degraded when two cables connecting the Middle East and Europe were cut.
In an unrelated incident in March 2013, Egypt arrested three divers who were trying to cut the undersea cable off the coast of Egypt near Alexandria. The trio, in this instance, were targeting the South East Asia Middle East Western Europe-4 cable (SEA-ME-WE 4), which is one of the primary cables in the Mediterranean.
More recently, on January 7, the undersea cables connecting the island of Svalbard with Norway failed. Space Norway investigated and determined that the cable failure was not caused by nature. In other words, it was either an accidental or purposeful rupture of the cable. Two weeks later, on January 21, the cable was repaired, and law enforcement told the Norwegian press, “Preliminary investigations strengthen our hypothesis about human impact leading to the loss of communications in one of the cables.” Norway has not attributed the action to any individual, organization or country, leaving us all to speculate.
The fact that DHS/HSI noted the threat, addressed the threat, and neutralized the threat with the apprehension of the unidentified miscreant is a win, and keeping with the DHS/CISA warnings on the need to protect the nation’s infrastructure.