recommended reading

Threatwatch

Hackers Tipoff Pirates to Ship’s Precious Cargo and Coordinates

Cyber espionage; Network intrusion; Software vulnerability

A major Middle Eastern shipping concern freaked out and called Verizon’s breach response team, when it looked like robbers had advance knowledge of what was on its ships.

It can take up to days to go through the tens of thousands of shipping containers on a major cargo vessel.

These looters, however, were in and out in 90 minutes.

When crews emerged from the designated “safe rooms” where they hide during hijackings, they found that most of the cargo — cars and car parts — was untouched.

The pirates had tampered with the ones holding diamond jewelry.

That meant the pirates likely had access to the ships’ manifests and bills of lading, documents that would provide the exact location of the most valuable and easy-to-move cargo on the ship.

“The obvious, immediate suspicion was that the pirates had someone on the inside. But the company rechecked its employees’ backgrounds and came up short,” Buzzfeed reports.

So the company flagged down Verizon.

Verizon wrote up a roster of everyone at the company who had access to the content management system (CMS), where all the shipping data was stored, and then systematically checked what all these employees were doing at their workstations.

None of these employees were doing anything out of the ordinary.

It was, however, possible for a hacker to connect to the system’s backend over the Internet. With that in mind, the Verizon team installed a proprietary forensics device that analyzed all the traffic related to the system.

Verizon discovered someone had installed a so-called web shell, malicious software that enabled users to browse, query, and download files from the CMS. Hackers had visibility into info on just about everything the shipping company did.

What’s worse: The shipping company’s CMS included near-real-time GPS tracking of its vessels.

Whoever was stealing this data knew exactly where the ships would be, exactly what was on them, and where. It didn’t get much easier to be a pirate.

Judging by the outbound traffic, it appeared the hackers were hiding behind a European proxy server.

“Hackers can make millions of dollars without ever getting on a ship.” After all, said Chris Novak, director of Verizon’s response team, “The ocean is a big place. If you don’t know where to look, for all you know you could be hijacking a ship full of manure.”

sector

Transportation

reported

March 17, 2016

reported by

Buzzfeed

number affected

Half a dozen ships

location of breach

Middle East

perpetrators

Criminals

location of perpetrators

Europe

date breach occurred

Unknown

date breach detected

Early 2015