Can you hack a ship? Global maritime industry ripe for hacking

Can you hack a ship? Global maritime industry ripe for hacking
Tamlin Magee| Apr 03, 2018 https://www.techworld.com/security/can-you-hack-ship-global-maritime-ind...

Security researchers have for years been warning the maritime industry that it is low hanging fruit as incredibly high-value cargo is fitted to ships with legacy (at best) systems, bad awareness, poor processes, and seaports that can suffer from the same problems.

The maritime shipping industry is the main conduit for global trade, with more than 80 percent by volume transported from region to region by ships, and 10.3 billion tons in total moving between seaports around the world globally in 2016. Despite this, incident after incident has demonstrated just how much the trillion dollar industry is open to cyber attack.

Security researchers have for years been warning the maritime industry that it is low hanging fruit as incredibly high-value cargo is transported on ships with legacy systems, combined with poor processes and awareness, while the seaports they dock in often suffer from the same problems.

In 2015, Kaspersky Labs went as far as to claim shipping was "easy meat" for hackers. The Russian cybersecurity vendor reported on a wave of significant hacks: these ranged from a drilling rig that was hacked and tilted from its site in South Korea towards South America – in 2010. And in 2012 a criminal gang hacked into the systems of the Australian Customers and Border Protection Service agency, so they could be one step ahead of authorities that placed containers under suspicion.

Maritime security company CyberKeel warned that ships were switching off their navigation systems when travelling through waters where armed pirates are known to operate – sometimes faking the data to make the ships appear they were elsewhere.

A daring scheme in the Belgian port town of Antwerp meanwhile saw criminals gain access to systems that controlled the movement of containers to smuggle cocaine, heroin and guns.

"It's a very sophisticated attack and they got away with it for a while before they got caught," says cybersecurity firm NCC Group's Brendan Saunders, who specialises in transport security. "These people look at the most effective approach that they can take to streamline whatever it is that they intend to do.

"They'll take advantage of the skillsets that are available to them. Although, yes, there have been demonstrations of things like spoofing GPS, spoofing automatic identification system (AIS) data, and taking ships off course – there are things like that you can do but they're technically much harder.

"If your goal is to steal cargo there are easier ways of approaching piracy than some of the more sophisticated headlines that have been demonstrated by security researchers."

In 2017, a cargo ship travelling from Cyprus to Djibouti lost control of its navigation system for 10 hours – preventing a captain from manoeuvring and with the intention of steering it into territory where it could be easily boarded by pirates and robbed.

That's according to maritime industry magazine Safety At Sea, which heard from a source that the "IT system of the vessel was completely hacked".

More recently Ken Munro at PenTestPartners demonstrated just how vulnerable these ships are. In October 2017, Munro drew a comparison with industrial control systems – noting that although the network protocols and security systems were virtually nonexistent when they were created, this didn't matter so much as long as the endpoint and communications security was robust.

But ships, he writes, are "complex industrial controls, but floating".