Tech

'Cyberpirates' break into shipping firm server to find the best cargo on the open sea

A group of attackers exploited backdoor vulnerabilities in a shipping firm's systems to seek out the best rewards for piracy.

Written by Charlie Osborne, Contributing Writer March 4, 2016 at 4:10 a.m. PT

It's not often you bring cybersecurity and piracy together unless you're talking about software, but now, researchers have stumbled upon sail-and-sea pirates using digital attacks to find the best cargo to steal.

As reported by Ars Technica, security researchers from Verizon revealed at the RSA conference this week an interesting scenario they were brought in to help with involving piratical theft and compromised servers.

Within the latest Verizon Data Breach Digest, the team said they were recently asked to assist a global shipping company in tackling a highly unusual case of cyberattackers breaking into corporate networks to aid their piratical efforts.

Security

According to the publication, Verizon's RISK security response team aided the company after a series of attacks on ships conducted by pirates.

We often hear of pirate crews attacking ships in order to demand ransom payments, but in this case, the group instead went after specific shipping containers -- which suggested they had insider knowledge and knew where the best booty was hidden.

Verizon says within the report:

"They'd board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate -- and that crate only -- and then depart the vessel without further incident."

This, as you can imagine, is highly unusual behavior for pirates usually associated with ransoms and hostages.

After bringing in the security team, the unnamed shipping company discovered that the pirates had compromised its networks. A vulnerability within the firm's content management system (CMS), a custom platform for managing stock and cargo data, provided the avenue for the cyberattackers to upload a malicious shell script which granted the pirates access to the server -- as well as download cargo reports.

Armed with this information, the pirates were then able to sort through which cargo was the most valuable based on bar codes, board vessels, and sail off into the sunset with the shipping containers.

However, the pirates were far from hacking experts. Verizon's team found they used straight HTTP rather than SSL encryption, and it was an easy task for the researchers to capture data packets and work out where the CMS vulnerability lay.

The RISK team also said that the pirates struggled to interact with the server and there was evidence of mistyped commands, but that wasn't the end of the pirate's failures. They did not seem to care about being tracked either, as they did not enable a proxy and instead connected directly through home systems.

The vulnerability was rapidly patched and the pirate's IP address was blocked, stopping the tailored attacks.

While some may consider the story amusing, there is an important lesson here -- with very little knowledge or effort, a cyberattacker -- including those who would write down 'pirate' as their day job -- is able to cause some serious damage to a firm if basic security protections are not in place.

It's becoming more and more critical for companies in every industry, whether it be shipping, health or technology, to ramp up their cybersecurity efforts.