The internet is often referred to as "the cloud," but in reality, it relies on fiber-optic lines and terrestrial wiring to function. While wireless technologies like Wi-Fi and cellular signals are prevalent, they ultimately connect back to these wired systems.
The true backbone of the internet lies in undersea cables, which stretch across oceans and rest deep on the sea floor, linking countries and continents. These cables, roughly the diameter of a thigh, can span thousands of kilometers and transfer data at speeds reaching terabits per second (Tbps), enabling high-speed global communication.
To protect these critical networks, the cables are placed in remote, deep-sea locations, far beyond easy access to prevent tampering. They are highly resilient, but vulnerable to intentional disruption.
This vulnerability is what has led to speculation following the mysterious severing of two undersea internet cables in the Baltic Sea, cut just hours apart.
The cables affected were the BCS East-West, connecting Lithuania and Sweden, and the C-Lion1, linking Finland with Germany.
Both cables were suddenly severed on Sunday and Monday, sparking international concern.
European officials have suggested that the disruption of the two undersea internet cables in the Baltic Sea was an act of sabotage.
Germany’s Defense Minister, Boris Pistorius, quickly dismissed the possibility that the cables were accidentally damaged, emphasizing that “nobody believes” this was a simple mishap.
The foreign ministers of Finland and Germany voiced their “deep concern” in a joint statement, speculating that the incident could be part of a broader "hybrid warfare," specifically implicating Russia. This assessment aligns with growing suspicions, as Russia has been accused of engaging in tactics in Europe, including sabotage and other covert actions.
After all, the countries that are connected through those two cables are member countries of the NATO alliance.
The disruption came shortly after NATO said that Russia was mapping undersea fiber optic cables as part of its strategy to disrupt communication, and issued warnings about the potential targeting of critical undersea infrastructure by Moscow, fueled by months of suspicious Russian naval activity in European waters.
The U.S. however, think that it was likely an accident.
Two officials who are familiar with the initial investigation, suggested the damage was likely caused by an anchor drag from a passing vessel rather than deliberate sabotage.
Such accidents have occurred before, though not in such quick succession.
Despite this, law enforcement agencies in Sweden and Finland have opened investigations, suspecting intentional damage. Sweden’s Prosecuting Administration launched a preliminary probe into suspected sabotage, while Finland's National Bureau of Investigation initiated a criminal investigation into potential interference with communications.
One vessel, in particular, has drawn attention: the Chinese-flagged Yi Peng 3.
Owned by Ningbo YiPeng Shipping Co Ltd. and managed by Win Enterprise Ship Management, Yi Peng 3 is a bulk carrier with about 200 meters in length and 32 meters in width.
With a gross tonnage of roughly 50,000–60,000 GT, typical for bulk carriers of this size, its deadweight tonnage (DWT) is around 70,000–80,000 tons.
The Yi Peng 3 has a history of transporting Russian thermal coal, including shipments from Murmansk and Nakhodka, with at least seven recorded trips.
Even if the undersea cable is strong and resilience, a vessel this size and weight can make the cable look more like a string.
According to its tracking data, the vessel passed over both cables around the time each was cut.
The ship, which had recently docked in a Russian port, was seen crossing key undersea infrastructure in the Baltic, including gas and oil pipelines and other cables. The Danish Armed Forces confirmed their presence near the vessel but did not specify if any action was taken.
Despite suspicions surrounding the Yi Peng 3, no concrete evidence has been found linking the ship to any nation or entity involved in such an attack.
The vessel, currently anchored in international waters near Denmark and Sweden, had been traveling out of the Baltic Sea after a stop in Russia.
According to public records, the carrier left Ust-Luga Anchorage, some 80 kilometers east of St. Petersburg, on November 15, and its next destination was Port Said in Egypt.
The Danish Navy reportedly boarded and detained the Yi Peng 3 in the Danish Straits, near the exit of the Great Belt.
While no official reports have been made, the authorities suggest that they are "carefully studying the Chinese vessel."
Denmark sent two ships.
China denied any involvement, maintaining that its ships adhere to international laws.
Before this undersea cable disruptions, there was another incident in 2023 involving a Chinese cargo ship, which reportedly dragged its anchor for hundreds of kilometers, causing damage to a gas pipeline in the Baltic Sea that connects Finland and Estonia. Finland has maintained that this was not an accident, but an intentional act.
It also came more than a year after Sweden announced a "purposeful" rupture of an undersea cable to Estonia through the Black Sea, which it never explained how or why.
The incident further fueled concerns about the safety and security of undersea infrastructure in the region, particularly given the ongoing tensions involving Russia and increasing scrutiny of Chinese vessels operating in European waters.
Undersea cables are essential not just for providing internet access to the public, but also for carrying critical military and government communications.
This makes them especially vital for countries like Finland and Lithuania, which are situated on the frontlines of geopolitical tensions.
Finland shares a border with Russia, while Lithuania lies north of Belarus — the same country from which Russian President Vladimir Putin launched the invasion of Ukraine in 2022.
Given the strategic significance of these nations, the security of their undersea infrastructure is paramount, as any disruption could have far-reaching implications for both national security and international stability.
It's worth noting that undersea cables are intertwined, and that they're more than a bunch of them lying under the water.
If one fails, data can be rerouted.
And in Europe, known for having one of the most crowded internet traffic, there are over 100 undersea internet cables that run beneath the Baltic Sea, alone connecting countries in Northern and Eastern Europe.
The Lithuanian cable that was severed carried about a third of the nation's internet capacity.
Its capacity however, can be carried out via other routes.
According to Cloudflare, there was no apparent impact to traffic volumes in any of the affected country at the time that the cables were damaged.
While an increased in latency did occur, internet quality metrics for both countries showed no sudden anomalous shifts visible around the time of the cable cut.
Also, there was no change in announced IP address space was visible, suggesting no loss of connectivity as the capacity was rerouted.
Incidents like this can cause disruption in connectivity, if load cannot be rerouted, like in cases when the cable is the only one, or the only one of the few that connect a country to the outside world. This can happen because the cable represents a concentrated point of vulnerability, whether for an individual network provider, city/state, or country.
To fix this kind of issue, a lot of time and resources are needed.