A cyberattack targeting an underwater cable that could have shut down telephone services, financial transactions, internet and cable connectivity in Hawaii was foiled last week by federal agents with Homeland Security Investigations.
The servers of a private Oahu company responsible for managing a trans-Pacific undersea cable that connects Hawaii and the Pacific region were targeted by an international hacking group, according to HSI, the investigative unit of the U.S. Department of Homeland Security.
Acting on a tip from out-of-state colleagues, federal agents identified the cyberattack and took measures to block access, according to HSI. A suspect was arrested in an “international location.”
“This is only one of the many examples of cyber incidents that HSI has responded to in Hawaii and the Pacific Region,” said HSI Special Agent in Charge John F. Tobon in a statement. “Not only do we aggressively pursue these bad actors, but we also provide significant support to the private sector victims.”
Tobon said the federal investigation prevented damage or disruption to critical telecommunications infrastructure in Hawaii and that there is no immediate threat at this time.
HSI did not identify the targeted Hawaii company, the country where the suspect was arrested or the name of the suspect. Nor did the unit disclose what the suspect and the international hacking group hoped to accomplish, or what
nation or state actors they may have been aligned with.
Homeland Security also did not reveal the potential criminal charges facing the suspect.
“If the breach was not detected, it would have opened the door to serious damage that could have had an impact on business, industry and the everyday consumer in Hawaii,” said James Curry, HSI’s public
affairs officer in Honolulu.
More than 95% of international data and voice transfers are routed through fiber-optic cables laid across the seafloor, according to the National Oceanic and Atmospheric Administration.
Burt Lum, broadband strategy officer for the state Department of Business, Economic Development and Tourism, said that any potential cyberattack targeting the undersea cables “is a point of great concern.”
What happens when an island loses complete connectivity became apparent in October 2019 when an islandwide outage of phone service, the 911 system and internet and cable TV service occurred on Kauai after a third-party carrier’s network fiber was damaged.
“Hawaii is absolutely dependent on the trans-Pacific and undersea cables for our connectivity,” Lum said. “If they did a massive cyberattack that potentially hit multiple trans-Pacific lines … and they were able to somehow sever redundant paths, you could put a lot of businesses out of commission as well as affect the ability for the Department of Defense to communicate from Hawaii.”
Hawaiian Telcom was not the company targeted by last week’s cyberattack, according to a spokesperson.
Hawaiki, a New Zealand-based company that owns the 9,320-mile-long telecommunications cable connecting 356 million consumers in Australia, New Zealand, American Samoa, Hawaii and the mainland, did not immediately reply to questions emailed to a representative.
The U.S. departments of Defense and Justice have repeatedly warned that China, Russia and cybercriminals affiliated with those nations’ intelligence services have sought to shut down, disrupt or infiltrate U.S. networks and online activity, including undersea telecommunications cables.
Justin Sherman, author of the Sept. 13 study by the Atlantic Council titled “Cyber defense across the ocean floor: The geopolitics of submarine cable security,” wrote that the “security and resilience of undersea cables and the data and services that move across them are an often understudied and underappreciated element of modern Internet geopolitics.”
“As the White House increasingly focuses on cybersecurity threats to the nation and the global community, including from the Chinese and Russian governments, it must prioritize investing in the security and resilience of the physical infrastructure that underpins Internet communication worldwide,” Sherman wrote. “Failing to do so will only leave these systems more vulnerable to espionage and to potential disruption that cuts off data flows and harms economic and national security.”
There are five privately owned locations on Oahu where trans-Pacific undersea cables come ashore and are connected through landing stations, according to Submarine Cable Networks, a website devoted to
the submarine cable industry. Three of them are owned and operated by companies other than
Hawaiian Telcom.
The Makaha Cable Landing Station is used by the
Japan-U.S. Cable Network, a consortium of 33 members from 11 countries.
The Keawaula Cable Landing Station is where the $1.24 billion TPC-5 cable connecting Japan, the mainland, Hawaii and Guam comes ashore. It is used by a consortium of 78 multinational companies and carriers. The Keawaula station also connects the Telstra Endeavour cable linking Hawaii to Sydney, according to a 2011 Telestra news release.
The station also carries the American Samoa Hawaii Cable, an international fiber-optic cable between American Samoa, Samoa and Hawaii that is Samoa’s link to global networks.
The Kapolei Cable Landing Station is operated by DRFortress on behalf of Hawaiki, according to SCN.
Lum recommended increased physical security where the lines run underwater and connect on land. He also called for increased coordination among the private companies that control the cables and landing stations.
“We need to be better able to coordinate between the players involved in trans-Pacific and interisland (connectivity). Now they are all private and pretty much do their own thing,” he said.
The Hawaii Office of Homeland Security did not immediately reply to a
Honolulu Star-Advertiser
request for comment about the cyberattack.
“HSI Honolulu is on the front lines of the cyber fight every day, and our expertise in this area is unmatched,” Tobon said in his statement. “We live in paradise, but that does not mean there is a diminished threat, particularly in the cyber world. Our goal is to interrupt the hackers before serious damage is done.”
