The challenge with these interventions is that they don't meet the threshold of force, so we don't have an international regime under which we could ultimately classify what this constitutes. It's clearly an exploitation of our network, and it hearkens back to the problem with the vulnerabilities of the network. This is rerouting of traffic by effectively recoding DNS servers. It shows the vulnerability within the network as a whole.
The network works on switches. There are only a certain number of top-level switches. Each of the telecom providers has a very small number of these top-level switches. The closer you can get to these top-level switches, the more you're able to capture traffic or to reroute traffic. Currently, what our adversaries have to do is to try to get as high as possible into these switches, including physically co-locating their own servers on the same premises as some of the large telecom companies.
We would hope that telecom companies would be watching out for that, but we don't actually know whether they're making sure that, for instance, adversaries aren't renting the floor space below or above to hook into those switches physically.
Currently, the problem is that you actually have to capture the traffic by having a server that captures traffic in and out, or you have to reroute using the DNS servers. You can do that only for a certain period of time, because eventually people will catch on, so you do this strategically when you're trying to capture particular communications.
The problem now is that if you have an adversary entity's technology in the system itself, they no longer have to get to the top-level switches, because everywhere in the system you now have a vulnerability. As opposed to rerouting traffic, they can now capture all the traffic they want.