Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pirates Hacked Shipping Firm's CMS To Plan Attacks, Find Valuable Cargo (softpedia.com)

Posted by timothy on from the they-learned-nothing-from-the-wire dept.

An anonymous reader writes: Verizon's most recent Data Breach Digest includes a curious hacking case. Apparently a group of sea pirates have hired a hacker who uploaded a Web shell to a shipping company's CMS that allowed them to download cargo inventories and ship routes. They then used this information to attack ships, equipped with a barcode reader (and weapons of course), searching specific crates, emptying all the high-value cargo, and making off with the loot within minutes of launching their attacks.

12 of 104 comments (clear)

  1. Are they still called pirates? by sims+2 · · Score: 2

    Now that we are referring to netflix subscribers by the same name we may need to come up with another name for people who steal at sea. What should we call them? Searates? Picaroons? Thieves?

    --
    Minimum threshold fixed. Thanks!
    1. Re:Are they still called pirates? by ArsenneLupin · · Score: 2

      In French, "hackers/crackers" are called "pirates" (not just those that copy movies, but those that hack into servers. And that word was already used in the nineties). Quite appropriate word in this case...

    2. Re:Are they still called pirates? by tlhIngan · · Score: 2

      Now that we are referring to netflix subscribers by the same name we may need to come up with another name for people who steal at sea. What should we call them? Searates? Picaroons? Thieves?

      Well, the nautical version has been around a long time, and the copyright version has been around since the 17th century or so when copyright was first established.

      Though I have to admit, this is one of the few times where the two worlds collide...

      Maybe we can do what the Navy does - where "pilot" is an overloaded term (one is the sailor who guides ships into port, the other is the aviator)... pilot retains its traditional nautical terminology, while flying pilots are known as naval aviators...

  2. Unarmed ships are helpless. by jcr · · Score: 3, Interesting

    It's fucking ludicrous that a vessel carrying a billion dollars worth of cargo isn't protected by at least a pair of .50 caliber Gatling guns. These pirates should be getting turned into a red mist at 500 yards.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
    1. Re:Unarmed ships are helpless. by spork+invasion · · Score: 2

      The idea has definitely been discussed. It would seem very irresponsible to travel unarmed in pirate-infested waters such as near Somalia. However, it's not clear where this attack took place. It should be relatively safe to ship through the north Pacific or north Atlantic. I'd also expect the Southern Ocean is pretty safe because there isn't too much down there.

      There's an article from the Christian Science Monitor that does a really good job of explaining the issues with protecting ships. It says that if crews are armed, pirates may retaliate if fired upon, injuring the crew or damaging the ship. Similarly, they believe that having specific armed security on ships will result in pirates getting more powerful weapons and firing from a distance. In short, they don't want to create an arms race with the pirates. There are other measures to protect ships, though they're somewhat expensive. I'd guess that shipping companies don't want to spend the money to protect ships traveling in areas where pirates aren't common.

      --
      I hate all anonymous shitbags. Log in, you filthy bastards.
    2. Re:Unarmed ships are helpless. by excelsior_gr · · Score: 3, Insightful

      Get Gatling guns on one ship, the next pirate crew will show up with an RPG. If I was a sailor on one of those ships, there would be no chance in frozen hell I would fire back on a pirate to protect some rich dude's shit on board that's probably insured anyway. You can be as gun-ho about this as you want from your armchair, I'm throwing my hands in the air and letting the pirates go with the cargo.

    3. Re:Unarmed ships are helpless. by AHuxley · · Score: 2

      That could have been fixed under the Rome Convention, 2005 Protocol but it seems all the big powers only want their own nations mil with big flags flying or a push for ever more UN powers.
      The inherent right of individual or collective self defense seems to have been totally blocked by the big powerful nations who could have allowed more protections at any time in the past decades but ensured nothing was useful was done.
      All they did was update the forbidden cargo lists to contain nations doing bad exports and the right for a navy to stop them ie more state only policy was added.
      The UN and the big powers wanted to keep their monopoly of force with their own govs and mils.
      The question of who is a pirate and what another nation can do to any nation harboring pirates gets to be fun. What would be the limits for justifying a counter attack?
      Failed state? Lax state? Poor state? Coup in play? Are Western backed freedom fighters pirates? One nations pirates are another nations clandestine services backed, freedom loving, moderate, pro democracy forces :)
      The US suppression of the trade in drugs going out far over maritime zones?
      All that has been done is a call for more naval units, international criminal investigations ie tracking pirates financial and logistical support. The UN and big nations like the proportionate use of their warships. The other neat new trick is to "invite" a nations customs inspectors for trade back to that nation.
      Everything has been done to support the US gov, project UN power and nations navy patrol options. The US and UN took great care to shape the scope of any new options and selected the UN, big navy and big gov as the only real option.
      Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation
      https://en.wikipedia.org/wiki/...

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Unarmed ships are helpless. by JWSmythe · · Score: 5, Informative

      There are legal issues about having weapons on a ship. That is, when they transit different national waters, they may, or may not, be allowed to have some, or any, weapons on the ship, regardless if it's stored or not.

      Simpler. Say your boat leaves a country where you can legally have Gatling guns. You transit inside another nation's waters where you can't legally have one, such as the Canada, US, or Mexico. You could end up in jail over it. Depending on the rules and policies, it could be the responsible party, captain, or crew. Unmounting the Gatling gun, and placing it in a locker isn't usually good enough.

      Cargo ships can be transiting the waters of many nations during their cruise.

      I wouldn't really focus on the chance of escalating force. The pirates that are committing most of these crimes are working on a real shoe-string budget. Like, a small boats, where the pirates are armed with knives, rifles, and the (very) occasional RPG. Clicking through the pirate activity map, I couldn't find any reports stating heavier weapons than rifles. Most were unarmed, or armed with knives. If they could afford, or steal, better ships and weapons, they'd be doing it already.

      Pirate activity map

      Here is a writeup on the issue

      --
      Serious? Seriousness is well above my pay grade.
  3. Re:Given Slashdot's Pro Piracy position by penguinoid · · Score: 2

    I don't know. Do they take the original loot, or are they making copies of it?

    Probably the one that carries a smaller penalty.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  4. Coldfusion? Joe in 2001? by radicimo · · Score: 2

    Although interesting on the surface, that softpedia piece reads like it was written by Verizon PR. No surprise, since the "article" is basically a regurgitation of the Verizon "whitepaper" most likely regurgitated by someone who has none to a basic understanding of pen testing and web security:

    "With all this information in hand, Verizon helped the company block the hacker's IP, remove the Web shell, take down its server, reset passwords for all compromised accounts, and upgrade the CMS."

    And the world was great again. Right?

    "For instance, we found numerous mistyped commands and observed that the threat actors constantly struggled to interact with the compromised servers."

    Next time you won't be so lucky ... or alternatively, what about the more l33t sk1ll3d that are still inside the shipping company network who Verizon didn't find?

    "Additionally, as a sign of their lack of skills, the attacker also didn't use a proxy or VPN and exposed their home IP address."

    Send in the drones?

    Interesting angle but poorly written article that blows smoke so far up Verizon's ass that it comes out their nose. Based on the descriptions of how incompetent the hackers were, OPM could have figured this one out. Hardly a ringing endorsement of Verizon RISK team.

    --
    100 REM PISS OFF CODE FASCISTS 200 GOTO 100
  5. Way To Much Effort by Anonymous Coward · · Score: 2, Insightful

    Apparently a group of sea pirates have hired a hacker who uploaded a Web shell to a shipping company's CMS that allowed them to download cargo inventories and ship routes. They then used this information to attack ships, equipped with a barcode reader (and weapons of course), searching specific crates

    if you've got that much access, why not just reassign valuable packages/containers deliveries to addresses or shipping companies you control in,and just drive the goods away. Who looks inside a shipping container at a dock anyway? Pick random/breakable commodities of modest value and the company might never twig anything was wrong until you had made off with millions. I don't see the advantage in storming a supercarrier in a small boat and making off with handfuls of jewlery when you could have an entire container delivered to your front door.

  6. Re: pirates by deathlyslow · · Score: 2

    How is that different from others bashing Christians?

    --
    Don't blame me for redundant posts. I can't type very fast. Hence the user ID.