Today Tonight Senetas and MAN/WAN eavesdropping

So Today Tonight did a story called "The Big Take" http://au.todaytonight.yahoo.com/video#

Have a watch and share in the anger provoked by unmitigated vendor Fear Uncertainty Doubt (FUD) sell. Pretty much it featured some guys from Senetas (who I remember best from one of them embarrassing himself at a professional association by pretty much heckling a security professional from a banking institution during question time after a fantastic presentation he had delivered).

Well in the story they demo'd tapping a fiber optic cable (whoop de fricking doo, you can tap the copper out the front of your house with a linesman's handset as well) and running a sniffer.

Then they packed up the gear in a van and donned workmen's gear and went for a tour around Sydney. The video shows them posing for the cameras with an open laptop on top of a telco cable pit, and using some cable snips on a cable etc. Then the "reporter" makes some insinuations about fiber connected ATMs and diagrams within buildings (OMG the sky is falling!! quick buy some expensive hardware encryption devices to go on each end of my MAN links).

So what are you going to get if you start tapping a telco link in a CBD cable pit?

Umm well you will probably have multiple customers going across the link, probably ATM maybe SONET. Maybe even ethernet over MPLS over ethernet on fiber. So what are you going to use to decode all that and how are you going to make sense of all the exchange server replication, SMB chatter etc. etc? Wireshark just aint going to cut it.

Not as easy as putting a sniffer on and looking for known plaintext (like in the demo the Senetas whores benched up)

Database replication these days is even trickier to intercept with SAN snapshots replicating over fiber between datacenters using proprietary protocols.

Remember that most sensitive Personally Identifiable Data like cardholder data is submitted via web forms that are encrypted with TLS (oh and PIN blocks are encrypted with 3DES, not that that there are many if any Metropolitan Area Network connected ATMs around anyway). Didn't see them cracking out Dug Song's webmitm and arp-spoofing gateways (now that would be a challenge with all the Layer 2 wackiness going on on a MAN). You'd be camped out for a month in a cable pit to get that working and capture anything worth-while.

Then what if someone has just put some host to host IPSEC in (windows servers can do that you know out of the box, it's even in the MS guide) or a VPN over the MAN/WAN?

Overall it sounds simple to the layperson, but in practice its impractical. Best case you could write some custom software to record a few credit card numbers flying by in _email_.

Now what they could have reported on would be the risk of someone taking an axe to some fiber in a metro area, much more likely to occur and more damaging. This has happened in a number of places and even in Tasmania I believe

IMHO unless you are a global organisation who has to worry about nation state sponsored corporate espionage or you are in the defence/intelligence community don't worry about this fantastical theatrical issue. If you are in that category why not wack a digital certificate into your email clients (they all support S/MIME these days) sign some emails and add your colleagues certs to your contacts in your mail client and enjoy secure communications by default.
A bit of IPSEC VPN might not go astray either if you're in that category.

I suggest the next time anyone sees "journalists" or vendors prancing around breaking the law, prising up cable pit covers, etc. call the cops and you-tube the whole debacle.

Technical Clarifications/Comments/Flames/Tin Foil Hat wearer conspiracies welcome