Fiber Optic Tapping - Tapping Setup

So let's recap, we currently know: How Fiber Optics Work

Latest Post Sources by joshua

So let's recap, we currently know:

Now let's move on to actually tapping the fiber. To begin we are going to need a few components. Note, most of these are only needed for demonstration purposes. If you were actually tapping a live fiber, the amount of hardware used would decrease. I'll make sure to note this as I explain.

The first thing we need to do is to set up a small fiber network between two computers. I am going to accomplish this with the following:

The above is only for a demonstration setup

Something I haven't covered yet is the connector types. I don't believe I need to do so because it's irrelevant to tapping since we are only concerned with the fiber behind the connector. Just keep in mind that if you're going to mimic my setup to keep the same connectors throughout, it's much easier that way.

I am going to use the two Raspberry Pi 2 machines as my computers. You could use two laptops as I did when I was doing all of my original testing and troubleshooting, I only switched to the Pi hardware as it was easier to transport to DEFCON than carrying three laptops, but I will explain both setups. For the two Pi machines, I loaded the UbuntuMate OS. I mainly chose this OS because of its performance though its interface was eye-pleasing and I wanted that for my presentation. If you're using a laptop then it doesn't really matter what OS you use, it really comes down to if your network interfaces supports Auto MDI-X as this will be a straight connection between two machines.

Raspberry Pi 2

We now need to connect the two machines together. For this, we will use two fiber media converters (FMCs). For those that may not know, fiber media converters convert electrical signals to optical signals and vice-versa. When an electrical signal is converted to an optical signal, a wavelength, it transmits using lasers or LEDs, and receives with photodetectors. Our coupler is compatible with the 1310nm and 1550nm (nanometer) wavelengths, which is the infrared part of the light spectrum. Generally multimode operates at 1310nm and single mode operates at 1550nm.

I purchased two TP-Link MC100CM FMCs ($35 USD~). They are 10/100 compatible, multimode, SC fiber and have a range of 1.2miles. This will allow our two PIs (or laptops) to communicate with one another. This decision was based on the price and reviews. When choosing a fiber media converter you have to remember what your requirements and restrictions are:

To elaborate; the FMC must be compatible with the coupler's wavelengths, must have the same connector types as your fiber, must be a compatible 10/100 setup or a 10/100/1000 setup, and depending on the connecting fiber, must support multimode, single-mode or both.

TP-Link MC100CM

SC to SC Multimode 62.5/125 Fiber Optic Cable

I configured my setup with one Pi serving as an FTP server, and the other acting as a client. I then connected a copper cable from each Pi to each FMC, and a fiber optic cable between each FMC. Once power is applied and you give each Pi an IP, you will see the lights on the FMCs sync up and you will be able to ping each machine. This is also the same for a laptop setup.

Enter the coupler! Now that we have established a network connection between our two Pis (or laptops), we are ready to introduce the coupler into the setup.

Make sure that the fiber works first by setting up the network before you go through the trouble of accessing the internal fiber.

Critical note, our goal is to tap the data going from the client to the ftp server. That being the case, we need to open the fiber optic cable on the transmit side of the client FMC. If you open the wrong side of the cable, then you will be tapping the fiber line coming back from the server to the client.

Data Flow Diagram

Once your cable has been modified then connect it back to the FMCs and ensure the network still establishes. If so, then we can move on.

We now need to get the signal that the coupler will be tapping to a machine that can record the data. I will call this machine the "attacker's laptop". In order to get the optical signal to the attacker's laptop, we will need another FMC. This FMC is different from the ones we used earlier. This FMC needs to support single-mode, as the fiber coming out of my coupler is single-mode. It also needs to support the same wavelengths mentioned earlier, and is compatible with your other FMCs (10/100 or 10/100/1000).

I used a TP-Link MC110CS ($35 USD~) as it has the same specs as the MC100CMs, aside this one is designed to be used with single-mode cables.

TP-Link MC100CM

I am using a NOYES FTS-20C Fiber Optic Clip-On Coupler ($900 USD~) in my setup. If you purchased the same coupler as I did, you will likely need a "hybrid mating adapter" ($7 USD~). My coupler came with an FC end connector. However, my FMC is SC. I could've got an FMC with FC inputs on it, but I wanted continuity and opted to go with a setup that uses all the same connectors. The mating adapter's only job is to take one end connector from a fiber cable and let another, different end connector meet with it. The ends do not actually touch inside the adapter. Instead, they are "air-gapped", which is a tiny gap between the two end connectors. You suffer a little signal loss, but not enough to cause any issues. Speaking of which, you will also need a single-mode fiber optic cable. This will be used to connect the coupler to the attacker's FMC in the receive port (RX). This is then connected by a copper cable to the attacker’s laptop.

FC to SC Hybrid Mating Adapter

SC to SC Single-Mode 8.3/125 Fiber Optic Cable

The single-mode FMC, hybrid mating adapter, single-mode cable and copper cable are needed regardless of a demonstration.

Now to place the exposed cladding into the coupler. There is a small groove in the guide wheel that provides the bend radius necessary for tapping to take place. The ultimate goal here is to place the fiber into the groove of the guide wheel and lower the coupler head down until it stops.

But take note of a few things first.


Fiber Optic Clip-On Coupler Guide Wheel, Arms & Prism Groove

If you do not follow the above steps, you can and will ruin your fiber optic cable. If you break the fiber core, then that entire line of the fiber optic cable is useless and cannot be repaired

Once the fiber is properly seated in the coupler, and the coupler head is pressed down, you should notice the lights on the attacker's FMC light up in sync with the other two FMCs. At this point, you have successfully tapped into the active fiber cable. However, if you do not see any lights then, troubleshooting is going to be necessary. Conveniently, that is the topic of the next post!

This is the setup I used during my presentation at DEFCON 23.
I'm not an art major for a reason