Oh, Snap

Who’s Cutting California Internet Cables? The FBI Has No Idea

Eleven times in the last year, fiber-optic lines have been snapped—cutting off 911 service in at least one community. Investigators are scrambling to figure out who’s behind the attacks.

07.04.15 9:25 AM ET

Someone (or some crew) has been skulking around northern California, possibly dressed as a cable technician, and snipping the fiber-optic lines that provide Internet, cable, and phone service. His motives are yet unknown. But the FBI has counted 11 such incidents in the past year and is appealing for the public to help catch the cable-cutting bandit.

The latest cut happened Tuesday, on three major Internet cables serving the Sacramento area, causing cable and Internet service disruptions as far north as Seattle. Microsoft said the damage slowed its Azure cloud computing service in the Western United States. And in one Sacramento-area community, a cable provider had to step in to restore 911 service to local residents whose phones had been knocked out.

The cost of the damages hasn’t been disclosed.

Tuesday’s cut follow 10 others over the past year in cities in the Bay Area, including Fremont, Walnut Creek, Alamo, Berkeley, and San Jose, the FBI said in a statement this week. The first five attacks occurred on July 6 and 7 of 2014, all in the late-evening or early-morning hours. The next seven months were quiet, then the cutter (or cutters) struck again in February of this year, twice in one night. Then came three more cuts in June. If the FBI has detected any pattern, they’re not sharing it.

But the attacks may not be isolated to the Bay Area. One day after cables were cut in Fremont, California, on February 24, a major Internet line serving Northern Arizona was also severed, disabling Internet, cellphone, and landline phone service for several hours. Special Agent Greg Wuthrich, a spokesman in the FBI’s San Francisco Division, told The Daily Beast that investigators are looking into whether the Arizona attack is connected to those in California, but he said he couldn’t comment yet on what they may have found.

In the California cases, the perpetrators may have been posing as communications company workers. In most cases, the attackers got access to the cables by lifting manhole covers, Wuthrich said. Asked if that suggests the assailants had insider knowledge of how cable lines work and where they’re located, Wuthrich declined to comment, but he noted that people who saw anyone working in the areas at the time—even if they were dressed like actual workers—should call the FBI.

What’s most baffling about the cutting cases is how little the FBI, or the affected companies, seem to know about them. So far, no one has publicly taken credit for the damage. And given that service was restored in relatively short order, it’s not clear that the cutter was trying to cause some prolonged digital blackout.

Indeed, the cuts seem specific and focused. While service disruptions have rippled out in some cases, all 11 cuts occurred within a concentrated geographic area. The February 24 attacks occurred on practically the same block, and within walking distances of churches, restaurants, and convenience stores. Whoever cut the cables might not have been too concerned about being noticed, hence the suspicion he may have been dressed as a worker. The cutter had also hit that same area once in July 2014.

One thing the FBI says it is sure of is that the California cuts are not connected to a bizarre, and still unsolved, shooting at an electrical power station outside San Jose in April 2013. One, and possibly two attackers armed with high-powered assault rifles shot up ten transformers. Cooling oil leaked out and caused the transformers to overheat and shut down, leading to electrical power disruptions.

But the assailants also cut communications cables at the facility in a manner very similar to the recent incidents in the Bay Area. Around 1 a.m. on April 16, the attackers went down two different manholes at the power station, which is operated by PG&E, cut the cables, and knocked out some local 911 services, the landline service to the power station, and cellphone service in the area, according to a senior U.S. intelligence official. The event was initially investigated by local law enforcement as possible vandalism, but it escalated to the FBI’s level—and caught the attention of U.S intelligence agencies—as investigators began to suspect “a higher level of planning and sophistication,” the official said.

To this day, it’s not clear who attacked the station. And the FBI hasn’t specified why they’re sure the shooting and the more recent cuttings aren’t linked.

As spooky as cable-slicing criminals operating in the dead of night sounds, sabotage of fiber-optic lines is a pretty common problem around the world.

“In addition to the various government-directed Internet blackouts in places like Egypt, Syria, Libya, and Sudan, there are unfortunately numerous incidents of sabotage of Internet connections as well,” Doug Madory, the director of Internet analysis at Dyn Research, told The Daily Beast.

Madory has documented sabotage of an undersea cable in Yemen, as well as an attack on power lines there, which he attributes to terrorists; sabotage on an undersea line in Gabon that led to a three-day Internet outage amid a labor dispute; an outage in Colombia following political strife; and a mysterious cut in Egypt that may have been the work of theives looking for scrap metal. Madory has also found intentional cable-cuttings in Bangladesh, Nigeria, and Kenya.

There’s nothing to indicate that the California cuts have any political motivation—at least not that the FBI is sharing. And the outages there were less disruptive than the ones overseas. But they all share the common theme of mass, public disruption. And that should come as no surprise.

“The Internet is a vital part of modern society and therefore has become a common target of saboteurs for various reasons,” Madory said.