Fibre Optic Cables: How They Work and How to Hack Them

Fibre optic cables are the backbone of the world as we know it. Because the data is transmitted by light and not electricity, they can travel further and faster than copper cables. In 2025, we reached approximately 1.6 million kilometres of undersea fibre optic cable, enough to wrap around the planet more than 40 times. 

People sometimes assume that the majority of data is transmitted wirelessly, because that's what we're used to now. But 99% of all international data is still transmitted by undersea fibre optic cables.

Because of this, they have become a target in themselves. Usually cyber attacks concentrate on systems and devices, but in the last few years there have been numerous suspected attacks on these undersea cables, which often lie completely unprotected on the sea bed.

In this post, we're going to look at how fibre optics work, the different types of fibre optic cable, and then examine some attack vectors for fibre optics.

Let's get into it.

How Fibre Optic Cables Work

Fibre optic cables contain two glass cores. The diameter of a core is measured in microns, represented by $\mu m.$ A light is shone down one end of a core, and is received at the other end. 

Data is transmitted as bits, either 1s or 0s. Fibre optic cables simply transmit as the following: light on is 1, light off is 0. The receiver converts this signal back into bits, and sends it on its way.

Each core is uni-directional, it is used to transmit data in one direction only. From the point of view of a network appliance, one core is used to receive, one is to transmit.

Multimode Fibre Optic

Multimode fibres have larger cores than single mode$.\; This\; large\; core$ allows light to enter at different angles and travel in multiple paths, or 'modes'. Some beams can travel in a straight line, and some 'bounce' of the sides, but this means multiple signals can be transmited simultaneously. 

The problem arises because the different rays now have a different length of path, and therefore arrive at differnet times, which is called modal dispersion. Over short distances, this isn't too much of a problem, but over long distances the rays can start to overlap, making the data unreadable.

There are five generations of multimode fibre.

OM1 is largely redundant now, as is OM2. Both used inexpensive LEDs to generate the light signals, wheras newer generations switched to VCSELs (Vertical Cavity Surface Emitting Lasers), which are much faster and allow for more precision. This is important when dealing with multiple signals.

Single Mode Fibre

Single mode fibre has much smaller cores that only allow for one light path. Because there is only one signal, it elimates the blurring cuased by light paths overlapping and can be used over much greater distances, from between buildings to between continents.

Cyber Attacks

Denial of Service

This is the most obvious one, which is simply to cut the cable. This is often achieved by ships dragging their anchor along the sea bed. Even as I write this, Finnish authorities have detained a ship and its crew after a cable was damaged. NATO launched a project earlier in the year aimed at strengthening undersea cable protection, but this is a growing problem.

These incidents can be hard to assign causation and blame to. Attackers often have plausible deniability, through using ships registered under various flags, and deliberate sabotage can be difficult to prove.

Bear in mind the earlier stat that 99% of international traffic uses these cables, and you can see why they are now a target of malicious states.

Eavesdropping

Because fibre optic cables transmit data using light, not electricity, they don't emit electromagnetic signals. However, there are still various methods of tapping fibre optic cables to read the signals passing through.

Using a tecnique called 'macro bending', attackers can cause a small amount of light to leak from a core by changing the angle of reflection. A clip-on coupler can then read this data without the signal ever being degraded. This YouTube video shows how this can be used to watch a video being transmitted over fibre.

Other methods include cutting the cable and injecting a splitter, which sends a percentage of light to the original destination and the rest to a dedicated receiver. This causes a slight drop in signal strength, but is still very hard to detect. An example of this is Room 641A, a facility operated by the NSA. The splitters in this example sent an exact replica of the signal to supercomputers capable of analysing a significant portion of western US internet traffic.

Countermeasures

A denial of service attack is always the hardest to counteract, because it can be achieved through so many different measures. Redundancy is key, meaning if one cable is broken, traffic routes down different paths and still finds it destination.

Many undersea and long range cables now have acoustic sensing capabilites. This basically turns the cable into a giant microphone, which can detect vibrations of a digger or an anchor. They also use OTDR (Optical Time-Domain Reflectometry) which measures that path the light takes through the core, and can pin-point any new bends to within a few metres.

However the most effective way of protecting data in a fibre optic cable remains encryption. If the data is encrypted, the attacker can't read it. Current estimations are that 95% of data traversing undersea cables is encrypted. While this still leaves some information available, it protects vital information from falling into the wrong hands.

Conclusion

So there we have it, a quick look at the different types of fibre optic cable and the threats that face them. Whilst attacks on fibre take significant resources, they are possible and happening, particular by nation states.

Given they are crucial to the high speed internet we all know and use, protecting them has now become an international priority.