Replicating the usual configuration of an office’s network, Mitnick simulates a daily situation: any employee sends an email that, before reaching its destination, will stop on a server (represented by a second laptop in the demo, for practical reasons).

Attackers do not require physical access to any of the two computers. Their task is limited to finding a point where they can intercept the optical fiber. As shown in the video, they can couple into any cassette or junction box carrying the cable before it reaches the victims office or home.

Probably you have seen these cassettes when the technician on duty went to install them. They are usually stacked in a box in the telecommunications room (RITI) of the building, a room that is usually in the garage or in the access floor – or maybe it is the same where the electricity meters are.

If the room is closed with a key, probably it won’t be the place chosen by an intruder to hack the connection. Still in the building, on the upper floors, he could tap the junction box where the cables which end in every home or office start. And also outside the building, on the street, the cybercriminal can find somewhere to couple the cable.

Once located the spot, the attacker will tap the communication thanks to a small ordinary device. Known as ‘clip-on coupler‘, is a device that technicians use for maintaining and identifying the cables. Mitnick used it on his show, and a specific software installed in the computer, to intercept data packets travelling by optical fiber.

This time is the email (and its content, an important password) that ends up in the hands of the fictional attacker. In a real scenario, the cybercriminal could spy any communication that is not encrypted. Moral: do not send passwords, confidential reports or other sensitive material unencrypted via e-mail.

How to prevent your optic fiber from being coupled

• Restrict access to the optic fiber cabinets to authorized personnel.
• Use secure tools for sharing files and information.
• And common sense.