Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Hackers Are Targeting the Shipping Industry (bbc.com)

Posted by msmash on from the need-upgrade dept.

An anonymous reader shares a report: When staff at CyberKeel investigated email activity at a medium-sized shipping firm, they made a shocking discovery. "Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department." Whenever one of the firm's fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number. "Several million dollars," says Mr Jensen, were transferred to the hackers before the company cottoned on. After the NotPetya cyber-attack in June, major firms including shipping giant Maersk were badly affected. In fact, Maersk revealed this week that the incident could cost it as much as $300 million in profits. But Mr Jensen has long believed that that the shipping industry needs to protect itself better against hackers -- the fraud case dealt with by CyberKeel was just another example. The firm was launched more than three years ago after Mr Jensen teamed up with business partner Morten Schenk, a former lieutenant in the Danish military who Jensen describes as "one of those guys who could hack almost anything." They wanted to offer penetration testing -- investigative tests of security -- to shipping companies. The initial response they got, however, was far from rosy.

48 comments

  1. Virus? by JohnFen · · Score: 2, Interesting

    I doesn't sound like a virus to me -- a virus has to be self-replicating. This sounds more like an implant.

    1. Re:Virus? by Z00L00K · · Score: 2

      It really doesn't matter and it still highlights that segmenting your network is a good idea.

      Different parts of the business shall be isolated from each other and avoid central servers. Using well-defined interfaces between the different business areas and closing all the traffic between the segments from all non-essential traffic is also important.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    2. Re: Virus? by Anonymous Coward · · Score: 0

      Nice in theory but bad in practice. Billing touches many parts of a company (sales, commission tracking, operations, inventory, AR, 5tge GL.) On top of this is a desire for companies to be more integrated so that you do not have to wait a week after the month closes to get data.

      Most companies try to operate like e-companies but have done little more than attach a web gui to an old system.

  2. Theft or redirection? by hired+killer · · Score: 3, Interesting

    Could this be the kind of response someone would give when misappropriation of money is found out.

  3. Not even mad, bro by nitehawk214 · · Score: 2

    When government outlaws regexes, only outlaws will have regexes.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  4. Container ships are amazing vessels... by __aaclcg7560 · · Score: 1

    There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" by Rose George. The New York Times gave it a good review when it first came out, mentioning that the author traveled on a Maersk ship to research the book.

    In related news, autonomous ships will soon become a reality. More targets for hackers.
    http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here

    1. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      your dick looks so thick, big bro

    2. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      that's my arm you're sucking on

    3. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      fat stubby arms and big thick dick, you got enough stick for three chicks at the same time

    4. Re:Container ships are amazing vessels... by Carewolf · · Score: 2

      There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" by Rose George. The New York Times gave it a good review when it first came out, mentioning that the author traveled on a Maersk ship to research the book.

      In related news, autonomous ships will soon become a reality. More targets for hackers.
        http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here

      They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook. An autonomous sailing ship could get rid of those people.

    5. Re:Container ships are amazing vessels... by Carewolf · · Score: 1

      There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" by Rose George. The New York Times gave it a good review when it first came out, mentioning that the author traveled on a Maersk ship to research the book.

      In related news, autonomous ships will soon become a reality. More targets for hackers.

        http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here

      They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook. An autonomous sailing ship could get rid of those people.

      An autonomous sailing ship could get rid of ONE those people

    6. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      Get rid of the cook. Let the crew eat cargo.

    7. Re:Container ships are amazing vessels... by Z00L00K · · Score: 1

      TV Dinners.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    8. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      creimer has the most annoying trolls on /.

    9. Re:Container ships are amazing vessels... by k6mfw · · Score: 1

      Interesting. I was thinking the line from the 1947 movie "The Ghost and Mrs. Muir" as Rex Harrison as a crusty old sea captain says something like "typical landlubbers don't know it is ships and men that bring them precious goods from far away lands." And how Europeans particularly England became a global force with transoceanic commerce and warships to dominate countries on the other side of the world. Also debated what if China (Ming Dynasty) maintained their large navies (debate is they were faced with threats from the Mongols, issue of gunboats from Europe became a big problem later on but it was too late for the Chinese at that time). People talk about air freight but even the US Army relies more on ships to move equipment and resources instead of airplanes. Exception of fast response forces, i.e. 82nd.

      Besides the ships the container concept to unload the vessel rapidly. Your mention reminds me of this site cargolaw.com which has lots of examples of container ships getting into trouble, http://www.cargolaw.com/2011ni... You have to wonder how many containers sitting at the bottom of the ocean, and all the cheap crap from China these contain.

      Speaking of ships, a slashdotter posted his thoughts from readings of many books about sailing ships when European countries began expanding beyond, mainly wrote about misconception that all those ships had crews that were mostly slaves. On the contrary many vessel captains reminded him of people leading a Silicon Valley startup. They were in their 20s, very knowledgable of ship handling and navigation but like successful startups knew how to motivate and organize people. If the captain were to leave the ship to command another vessel, many sailors will follow the captain. This person went on to write royal and noble families saw this would be a good career opportunity for their sons so they were able to manipulate the system to get their boys as captains but many did not have that talent to lead and motivate sharp crews. This led to many vessels being lost such as taking the ship around the Cape of Good Hope where eventually wind direction will abruptly change so switching sails has to be timed just right. Most didn't get it and they'd lose the mast. I don't know the specific details or facts but it would be interesting comparing successful startup presidents to effective sailing ship captains of back in the days.

      --
      mfwright@batnet.com
    10. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      Creimer is impossible to ignore with that irresistible fat cock he hides in his pants.

    11. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      And here's a movie they made about you.

      Just kidding. No one ever loved you.

    12. Re: Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      Is this how a US Navy ship ran into a cargo ship? Cargo ship was in auto pilot and didn't yield? Although, my understanding is the Navy ship should have yielded in any case.

    13. Re:Container ships are amazing vessels... by John.Banister · · Score: 1

      No deck crew? You really expect the officers or the cook to handle lines? I don't think they're manned by just three. Container ships carrying the refrigerated containers usually have at least three people just to watch those things. They've been known to be less than perfectly reliable. The totally automated vessels need to have a lot more redundant systems than do the less automated ones. I have to wonder whether the people (like Rolls Royce) who are trying to sell these hugely expensive automation systems will manage to get the customer overhead down far enough to compete with having mariners before some other company makes robots for providing that same automation with older vessels.

    14. Re:Container ships are amazing vessels... by Anonymous Coward · · Score: 1

      "They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."

      Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...

      You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.

      https://www.youtube.com/watch?...

    15. Re: Container ships are amazing vessels... by __aaclcg7560 · · Score: 1

      Is this how a US Navy ship ran into a cargo ship? Cargo ship was in auto pilot and didn't yield? Although, my understanding is the Navy ship should have yielded in any case.

      From the reports that I've read, the destroyer made a series of sudden course changes in a crowded channel before being t-bone by the freighter. The Navy had recently announced that they were disciplining everyone who was on duty at the time of the accident.

    16. Re: Container ships are amazing vessels... by ls671 · · Score: 1

      hmm.. first, I would have been "t-boned" not "t-bone". Second, being t-boned means a side collision in a middle of the car, usually at 90 degrees. None of this applies in this case since the ship was hit in the font part with an angle.

      Also, when you get t-boned, your vehicle looks like a t-bone afterwards.

      http://www.businessinsider.com...

      --
      Everything I write is lies, read between the lines.
    17. Re: Container ships are amazing vessels... by Anonymous Coward · · Score: 0

      The only t-bone creimer knows about is in his tranny porn collection.

    18. Re:Container ships are amazing vessels... by Carewolf · · Score: 1

      "They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."

      Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...

      You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.

      https://www.youtube.com/watch?...

      I get it from people serving on those ships. For shipping companies like Mærsk the rest are in the habors which they run.

    19. Re:Container ships are amazing vessels... by Carewolf · · Score: 1

      "They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."

      Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...

      You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.

      https://www.youtube.com/watch?...

      I get it from people serving on those ships. For shipping companies like Mærsk the rest are in the habors which they run.

      But to be clear that is the minimum crew, and it contains a cook because usually there are more people.

  5. Huh by Anonymous Coward · · Score: 0

    "before the company cottoned on"

    What do the editors even do here?

    1. Re:Huh by Anonymous Coward · · Score: 1

      Dude - 0.5 seconds of google work shows this is a cromulent phrase. Chill.

  6. Dumb by avandesande · · Score: 3, Insightful

    Any actionable financial emails should be encrypted and signed. Why would they do business this way? Even a signed pdf invoice would have been better...

    --
    love is just extroverted narcissism
    1. Re:Dumb by djinn6 · · Score: 2

      I don't understand why all email shouldn't just be encrypted and signed by default. The computing power that would cost is negligible.

    2. Re:Dumb by Anonymous Coward · · Score: 0

      I don't understand why all email shouldn't just be encrypted and signed by default. The computing power that would cost is negligible.

      because the NSA wants to read them...

    3. Re:Dumb by toejam13 · · Score: 1

      Even if the emails are sent over SMTP-TLS and the emails themselves are signed and encrypted, the workstations of the people in finance could be targeted via a spear-phising attack. A trojan could alter the text as their email client displays it. Companies really need to treat those devices with special care and extra doses of paranoia.

    4. Re:Dumb by PPH · · Score: 1

      Key management and encryption standards. Too many people are positioned to make their platform/product THE industry standard (for a small per transaction fee, of course). Rather than getting behind a distributed peer-to-peer solution. And when the industry or government puts together a working group to propose an open solution, the leading providers just send Goober to sit on the committee and mess things up.

      Back in the old days, things happened on the Internet before the big players caught on. Now they have people everywhere watching.

      --
      Have gnu, will travel.
  7. Transfer millions to an email account number ? by McCaskill · · Score: 1

    Transferring millions to an account number found in an email ? That sounds dumb to me.... But at the end there is always a human that makes mistakes. I guess every industries should learn from this 'incident'... Never trust emails for conducting business. Pick up the phone!

  8. Re: Yet they ain't big enough for your fat ass... by Anonymous Coward · · Score: 0

    Creimer posting as APK. Another APK Creimer post. Welcome to slashdot boys.

  9. Crossover by Nidi62 · · Score: 1

    Looks to me like someone's list of favorite movies growing up included Hackers and Office Space

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  10. Re: Yet they ain't big enough for your fat ass... by Anonymous Coward · · Score: 0

    APK Creimer is a dreamboat. So thick so sweet.

  11. Never trust email 100% by ErichTheRed · · Score: 4, Informative

    Large companies often have this problem. At the end of all the financial safeguards, double and triple checks, and hidebound processes for moving money around, the actual way it's done is very dependent on a human recognizing a message is from a trusted source. Billion-dollar companies have a bunch of payroll people literally emailing or EDI-ing unencrypted Excel files to their payroll processor showing who to pay what amount, and the only security on that process is that "I'm the payroll clerk, so I know what's going on." Same goes for invoices -- if something looks legit, and it looks like it came from a vendor, it gets paid.

    If a company wants to keep these manual processes in place, they need to ensure the channels these messages run over are totally secure. At least train people to pick up a phone and call if they see something out of the ordinary.

    1. Re:Never trust email 100% by l0n3s0m3phr34k · · Score: 1

      "train people to pick up a phone and call if they see something out of the ordinary." At my last job, we really tried to drill this idea into the Accounting department's head. It actually worked, and stopped several potential phishing scams dead in their tracks. They eventually subscribed to Mimecast that actively hooks into their AD to verify (one among many methods) that internal senders are internal senders, only accepting email from specific IP addresses, running sandboxes on all attachments, etc.

    2. Re:Never trust email 100% by Anonymous Coward · · Score: 0

      Doubt that would help here. It came from the machine it was supposed to, and the machine was already infected. Unless you're saying that the initial infection would have been prevented in this way, your proposed solution doesn't plug up the hole. In fact, this is re-writing an email sent from someone internal, so they would have said "Yes, that came from me." when asked about the modified email instructions. Cryptographic email signatures may not even help since the malware modified the message on the originating host and could possibly do so before a signature step.

    3. Re:Never trust email 100% by Anonymous Coward · · Score: 0

      Read it again. This wasn't out of the ordinary. These were VALID invoices from VALID customers with VALID amounts, it is just the bank routing and account numbers were changed. This isn't something anyone would notice to pick up a phone and call because it isn't out of the ordinary. No one memorizes bank routing/account numbers, much less for their entire customer base.

  12. IT isn't important by Anonymous Coward · · Score: 0

    Just another company that doesn't think IT is important until something bad happens. No big surprise.

  13. hack the planet! by Anonymous Coward · · Score: 0

    Well then, put the ships' ballasts under manual control.

    There's no such thing anymore, Duke.

    These ships are totally computerized. They rely on satellite navigation, which links them to our network, and the virus, wherever they are in the world.

  14. A small virus? by bwd777 · · Score: 1

    I thought they were all pretty small. It sounds like a joke, don't worry it's only a small virus.

  15. Good documentary about that. by ponraul · · Score: 1

    I saw this documentary in the mid-90s about hackers putting viruses on supertankers to capsize them. But it really wasn't the hacker. The hackers were the good guys trying to stop the executives who were the real villains. I think it was called 'Computer Hackers' or something.

  16. E-Mail??! by StormReaver · · Score: 1

    They used email as their source of banking account information?! Whoever wrote a policy that said that was okay needs to never work around money ever again. That is too stupid for words.