This sounds like a counter-surveillance technique.
If you're an island nation with one cable for all your traffic you are very susceptible to a variety of state actor attacks: traffic analysis, mitm, protocol downgrades etc.
If your traffic goes out one way and back in via a totally divergent link these kinds of techniques become significantly harder to pull off and much easier to detect their use.
Passive undersea fiber monitoring is well within the means of more than a few intelligence operations and quite popular. They're in international water, unguarded, unrealistic to regularly inspect and they can be modified to leak just enough light to see every bit while being pretty difficult to detect.
A cable strung between Venezuela and Cuba would be impossible to resist for anyone in the region with a highly advanced signals intelligence program and spent 40+ years defined by communism/socialism as public enemy number one.
A year delay in lighting at all suggests to me very strongly that they had direct evidence or strong indicators that their cable had been split/bent or their DWDM repeaters / inline terminals or other equipment came into question - most of it is made by companies pretty cozy with large state actors.
After traffic snooping your second big intelligence concern these days is data exfiltration. The classic radio bug is way more trouble and effort than malware mics & cams, keyloggers and mobile phones. Even more popular is just files - grab it all and see whats good. Mostly that's very hard to catch leaving the country because there are so many paths and the data volume is so large.
But if you've previously built a monitoring system for your only route out, and it's slow enough you can do a credible job of traffic analysis then you're probably loathe to give up on it. In comparison, the kind of gear needed to do DPI, anomaly detection, key weakening etc. at a 100G+ is very pricey and probably covered by export bans anyway.
Asymmetric internet works pretty well anyway. Most commercial service is tuned that way because thats what the use looks like, way more in than out. Sat latency ain't a ball of joy but for bulk data and web pages it's probably pretty decent service especially when compared to what it's replacing.
I assume there must be something preventing the two ends of the cable from just generating a secure 256-bit AES key and using it on all of the traffic going over the link, thus preventing snooping, but I can't think of what it would be. Is the data rate just too high for that to be practical, or is there something else there?
Anachronistically, The US still enforces a broad based embargo on trade with Cuba, leaving it with the dubious honor of the tightest controlled destination, beating out even Iran and North Korea. We also have it on the list of states that sponsor terrorism which is recognized by many 3rd party nations.
Top tier crypto gear including anything suitable for trunk class traffic is one of the most controlled export goods - canada is literally the only country on earth that doesn't require an export license.
Realistically it's mostly a formality if the destination is on the list of favored nations, mostly western democracies. There are 3 more tiers: mostly ambivalent, our shit list and lastly those we label rogue/terrorist.
Mass communications gear and business grade crypto get a lot of scrutiny, really only topped by spaceflight and the tools of war.
Theoretically you'd probably be able to get export licenses for high speed aes to send to Venezuela, but practically it would be subject to a ton of discretionary terms that would make it a non-starter. A smattering of possible terms the US would impose: all source code including 100% of the ASIC designs, use of a US ASIC fab with production under the supervision of the government, require lawful intercept functions to be enabled, key escrow storage in us territory only, no customer access to source code, software upgrades performed only by us personel on site, mandatory random on site checks by us government officials to ensure it hasn't been transferred, is used in a licensed manner, hasn't been tampered with, software is approved version, etc.
It's not like they'd demand a huge obvious list like that, but pretty much any one of those restrictions means the customer is pretty much at the mercy of the US government. Most of those practices are designed to find or insert flaws that enable total plaintext recovery.
Understandably most states that are subject to intense US intelligence activity generally don't even consider it. There is plenty of diversion that goes on through cutouts, but there are plenty of published stories where US intelligence knew all about it and owned the gear before it shipped.
Practically your other choice is chinese gear, which is what most of that class of country buys. But the chinese gear is almost certainly subject to similar intentional weaknesses in addition to stuff placed by multiple competing domestic security services so they can spy on each other. It's a pretty safe bet that a number of western intelligence agencies can exploit these as well - so you're back to square one again.
General purpose software is an option of course, but i think itd take a lot of kludges to handle such a fat pipe with consumer cpus/gpus. And then of course they are a bunch of computers on a network with static encryption keys sitting in memory run by poorly paid government workers, probably not something that would resist a motivated attacker.
Very roughly, you strip the casing and then bend the fiber until a small amount of light begins escaping through the small gaps created by the bending. Most of the light continues to travel through the cable unharmed aside from a tiny decrease in intensity.
Here is a page with some pictures of something along those lines:
Wouldn't this scale to multiple links? Bug one, then blow the others up. "Oops, that cruise ship had a C4-infused anchor and it hit your cable, sorry."
I'm surprised this doesn't happen more often, actually.
About a year ago, the young people in Cuba already knew that the cable was laid, but were already very skeptical that it would ever be in operation. It's disheartening to read that they were right, for now. A number of positive changes have taken place in Cuba over the last couple years, but none that might be as consequential as offering low-cost internet. I believe that the government overestimates the "danger" in this -- the people just want to use facebook on their phones.
That made me laugh. Seriously. Have you ever been in Cuba?
I was there last summer. Most people don't even have a mobile phone, let alone a smartphone. Public phones are extremely common. Most likely many people never even heard of facebook or twitter.
The last family i lived for a week got internet access from a friend who got those coupons. So, from what i was told, basically people that need to have access to the internet at work get a sort of coupons for some hours of internet usage and there of course there's something like a black market for it. Anyway, i don't think peoplein Cuba miss Facebook. They'd probably be more then happy to have mobile phones in general and a good mobile/GPRS coverage for now. In general, internet is so extremely slow over there that it feels like the whole country is on an analog line from Fidels office.
I have been several times and I have a lot of family there. Notice how I started my comment with "young people." I'm not familiar with the eastern part of the island, but in Havana, mobile phones are quite common amongst young people. Furthermore, you're wrong, the young people in Cuba DO miss facebook. This is because university students are allowed to use the (slow) internet more or less freely. The censorship is not as comprehensive as that of the chinese firewall. And after spending several years with access to gmail and facebook, they're thrown into the regular society, where access to internet more difficult to come by.
Yes, there may be a mobile phone here and there. But the difference between the usual european or american standard is so extreme, i'd say that before they can dream about facebook they dream about easier/faster/better internet access and widespread mobile (or even smartphone) usage. And no censorship of facebook ;)
It is not exactly a coupon system, depending on where you work you might have unlimited Internet access (albeit slow) or you might have a set of traffic quotas for Internet and email, sometimes pretty strict (~20mb per month on aggregated email traffic). However, this is not a centralized system or a government mandate, but more of a necessity for some institutions, for example universities normally have a 512kpbs link (or two if they are really big) and the only way to avoid saturating the link is by assigning these traffic quotas to the users.
All residential Internet access in Cuba is illegal (as in is not legally sanctioned by the government) using good old modems, and only a handful of people in very high government positions can have an officially sanctioned house connection. Everyone else is buying it off the black market.
Cellphone coverage is only basic voice and texting without Internet access, and at horribly expensive rates.
Remember what Facebook and Twitter means for these authoritarian regimes.It's the possibility for their people to voice their opinions and learn more about what's happening beyond their borders.
This cable was laid between Venezuela and Cuba in 2007.
There was an attempt about a couple of years ago to block certain websites here in Venezuela that were deemed dangerous by the government. The reaction from the people over twitter and FB prevented it. I've always been worried that the venezuelan govt will follow the lessons from their cuban and chinese mentors.
Hi Rafael! Assuming you're Venezuelan, you're the only one (beside myself) that I've seen in hacker news. I'd be interested in chatting about what you're doing and your view of Venezuela's situation. Please email me (find email in profile). Cheers!
The cable isn't a mystery, the article states, but its fate was. Also, the cable's not in Cuba -- It was laid in 2007 between Cuba and Venezuela. They just activated this undersea internet link, and the real mystery is 'how's it misconfigured?' Slightly misleading title.
The article implies that the cubans are, for some reason, receiving packets over fiber, but sending over satellite, which, for all intents and purposes, is insane. It is a real mystery as to why anyone would configure a network to operate in this manner.
It is akin to having a 10gigabit fiber line in your office and choosing to have all outbound traffic routed over a 1.5megabit DSL line instead. Madness!
It's more like having a 10gigabit fiber line and choosing to have outbound traffic routed via carrier pigeon. It's latency, not bandwidth, that makes a satellite connection maddening.
Yes, that configuration is madness, but it's no mystery. The mystery is why is that configuration in use? The answer probably has to do with reducing internet usage in Cuba to prevent a Cuban Spring.
The most likely explanation is that traffic is bi-directional on the fiber line, but a lot of additional latency is introduced by software based (as opposed to hardware accelerated) deep packet inspection.
If you're an island nation with one cable for all your traffic you are very susceptible to a variety of state actor attacks: traffic analysis, mitm, protocol downgrades etc.
If your traffic goes out one way and back in via a totally divergent link these kinds of techniques become significantly harder to pull off and much easier to detect their use.
Passive undersea fiber monitoring is well within the means of more than a few intelligence operations and quite popular. They're in international water, unguarded, unrealistic to regularly inspect and they can be modified to leak just enough light to see every bit while being pretty difficult to detect.
A cable strung between Venezuela and Cuba would be impossible to resist for anyone in the region with a highly advanced signals intelligence program and spent 40+ years defined by communism/socialism as public enemy number one.
A year delay in lighting at all suggests to me very strongly that they had direct evidence or strong indicators that their cable had been split/bent or their DWDM repeaters / inline terminals or other equipment came into question - most of it is made by companies pretty cozy with large state actors.
After traffic snooping your second big intelligence concern these days is data exfiltration. The classic radio bug is way more trouble and effort than malware mics & cams, keyloggers and mobile phones. Even more popular is just files - grab it all and see whats good. Mostly that's very hard to catch leaving the country because there are so many paths and the data volume is so large.
But if you've previously built a monitoring system for your only route out, and it's slow enough you can do a credible job of traffic analysis then you're probably loathe to give up on it. In comparison, the kind of gear needed to do DPI, anomaly detection, key weakening etc. at a 100G+ is very pricey and probably covered by export bans anyway.
Asymmetric internet works pretty well anyway. Most commercial service is tuned that way because thats what the use looks like, way more in than out. Sat latency ain't a ball of joy but for bulk data and web pages it's probably pretty decent service especially when compared to what it's replacing.