DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii

Written by

Federal agents in Honolulu last week “disrupted” an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region, the agency said in a statement Tuesday.

Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts that led to the disruption of a “significant breach involving a private company’s servers associated with an undersea cable.” The investigation revealed that “an international hacking group” was behind the attack, and “HSI agents and international law enforcement partners in several countries were able to make an arrest.”

The statement did not identify the type of cyberattack alleged to have occurred, the hacking group responsible, the other law enforcement agencies or where any arrests took place. No damage or disruption occurred, and there is no immediate threat, the statement said.

John Tobon, HSI’s special agent in charge in Hawaii, told a local news station that investigators found that the attackers had obtained credentials that allowed access to an unnamed company’s systems.

“It could have been something to just create havoc, in other words, just shut down communications, or it could have been used to target individuals in ransomware-type schemes,” he said.

As much as 95% of intercontinental internet data flows via hundreds of “submarine” internet cables, according to the National Oceanic and Atmospheric Administration. The cables are owned and operated by combinations of private and state-owned entities, and are facing increasing risks to their security and resilience, according to an Atlantic Council report published in September 2021.

That report’s author, Justin Sherman, outlines concerns such as authoritarian governments’ desire to control internet access, in part, by manipulating physical infrastructure such as the submarine lines. The lines are also attractive targets for surreptitious monitoring by government or criminal groups looking to steal sensitive data.

But another threat, Sherman wrote in a blog post summarizing his report, is that more cable operators are using remote management systems for cable networks. “Many of these systems have poor security, which exposes cables to new levels of cybersecurity risk,” he wrote. “Hackers could break into these internet-connected systems from anywhere in the world and physically manipulate cable signals, causing them to drop off entirely — undermining the flow of internet data to specific parts of the world.”

Sherman added that the ever-present ransomware threat is acute with respect to these lines: “One can even imagine a threat actor (state or non-state) hacking into a cable management system and trying to hold the infrastructure hostage.”