Slashdot Mirror
Ships Infected With Ransomware, USB Malware, Worms (zdnet.com)
An anonymous reader writes: IT systems on boats aren't as air-gapped as people think and are falling victims to all sorts of cyber-security incidents, such as ransomware, worms, viruses, and other malware -- usually carried on board via USB sticks. These cyber-security incidents have been kept secret until now, and have only been recently revealed as past examples of what could go wrong, in a new "cyber-security guideline" released by 21 international shipping associations and industry groups. One of the many incidents: "A new-build dry bulk ship was delayed from sailing for several days because its ECDIS was infected by a virus. The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship's master and officers. A producer technician was required to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus. The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case are unknown. The delay in sailing and costs in repairs totaled in the hundreds of thousands of dollars (U.S.)." The document also highlights an incident involving ransomware. "For example, a shipowner reported not one, but two ransomware infections, both occurring due to partners, and not necessarily because of the ship's crew," reports ZDNet. Another ransomware incident occurred because the ship failed to set up proper (RDP) passwords: A ransomware infection on the main application server of the ship caused complete disruption of the IT infrastructure. The ransomware encrypted every critical file on the server and as a result, sensitive data were lost, and applications needed for ship's administrative operations were unusable. The incident was reoccurring even after complete restoration of the application server. The root cause of the infection was poor password policy that allowed attackers to brute force remote management services successfully. The company's IT department deactivated the undocumented user and enforced a strong password policy on the ship's systems to remediate the incident.
Don't run ships on Windows, for obvious reasons.
Also, not carrying ANY paper charts as a backup? Dumb, dumb, DUMB.
Just cruising through this digital world at 33 1/3 rpm...
Now where did I hear this before. Oh yes! The plot of the BSG reboot mini series.
Fifteen years ago.
Look, if you want Cylons fucking you over, just keep doing what you are doing people.
usually carried on board via USB sticks.
Well the USB and other similar external connectors should always be hard-disabled in mission critical applications.
But never mind that! What sort of drooling imbecile walks a USB device into the facility and plugs it into a system like that? Have we learnt nothing whatsoever from all the other cases since years where that was the attack vector for an airgapped system?
That is up there with surfing the open web from such a system with javascript enabled for sheer rank stupidity.
If you are allowing people to plug USB sticks into your computer you aren't as "air gapped" as you think you are. Sneaker-net is still a net. Air-gapped means no connection to the outside AT ALL.
Seven puppies were harmed during the making of this post.
My dinghy runs on BeOS.
You are welcome on my lawn.
Air gaping in network terms means no connection possible. More in fluid flow terms, a semi abuse of language from a time of solely wired connections. Air gapped really means no connections allowed, wired or unwired. Ships by their very nature can not be air gapped, communications need to be maintained.
The ships system should be locked down though only capable of taking input from wired connections, never ever wireless and that USB port should be locked behind a safe in the Captains cabin. Flexible == to insecure in the digital world, only capable of doing what it was specifically designed to do should be the rule of law for digital security.
Chaos - everything, everywhere, everywhen
Free Software developers of the world, open your eyes! Our communities are being raped, our work pillaged.
Detestable villains - thieving, mean spirited, belligerent, racist, unprincipled - are using underhanded tricks to force hypocritical "Codes of Conduct" on the projects we built.
These petty-authoritarian CoCs are always imposed anti-democratically. There is never free debate, and usually no public discussion at all. They are imposed by force without a vote. If the CoCs were put up for a fair democratic vote by project contributors, they would always lose by a landslide.
The purpose of these CoCs is to allow social activists, who have contributed nothing to the project, to conduct witch hunts against anyone who opposes their hate-driven agenda. Thereby they plan to steal our work for their shadowy corporate paymasters.
You can readily tell these CoCs are not about "just being nice" - because they are ALWAYS supported by the very LEAST NICE, most aggressively mean and shamelessly bigoted people you can imagine. Look how the CoC-mongers treat anyone who disagrees with them as subhuman.
If a project to which you contribute has been raped by CoC-mongers there is a simple solution: WALK AWAY. Never contribute again. If you have a patch almost ready, count the time you spent on it as a loss and throw it away. If you see a security issue, remain silent and do nothing. IT'S NO LONGER YOUR PROJECT. YOU ARE NOT WELCOME THERE.
If you are evaluating new software, don't even consider any projects burdened under the tyranny of a CoC. Their technical attributes do not matter - just don't consider them. Never be openly political, always make up a technical reason for rejecting CoCed projects.
Don't argue in public about the CoC. Doing so only exposes you to needless risk. You might be dis-employed, blackballed, and even set up for a #MeToo purge. Just stay far away. If you resign from a project that gets CoCed, try to do so on the same day the CoC is imposed. But give "spend more time with friends & family" or "pursue other interests & projects" as your reason for resignation. Protect yourself!
Comrades: Individually we are powerless, and easily crushed beneath the iron boot of Corporate Social Just-Us. But together in solidarity we are millions and we are strong. The Internet itself depends on our collective labor. If we stop working, the internet stops working.
Free Software developers, save yourselves and save your communities! Just WALK AWAY from any project with a CoC. Without our labor they are nothing.
Once it was the wood-eating teredo worm that sank ships, now it's data-eating worms!
is creimer's buttcrack. Get that cracker on the job and all your IT is secure!!!
Why aren't the USB ports sealed with epoxy? This is step one of basic physical security!
The designers chose Windows. They therefore chose insecurity. Works as documented.
And men with USB sticks will stick those in everything they can also.
This seems a pretty clear situation where you'd want to be able to boot from read-only-media, so if something goes awry, you reboot and are good to go?
Not foreseeing malware problems can be kinda forgiven if you're ignorant of IT. But not having paper charts on board? That's utter stupidity. You're going to risk the ship and the life of everyone on board because you don't want to pay about $100 for a set of waterproof charts? Never mind malware. What happens if a generator glitch sends a power surge through the onboard power system? Or a rogue wave smashes in a bridge window dumping salt water on all the electronics?
Or you could, you know, just not be an asshole.
Ships are not air-gapped, they are water-gapped!
And everyone knows that salt water conducts.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
... boats aren't as air-gapped as people think
Well of course not. If you want air-gapped you need an airplane, or at least a hovercraft.
I was in the Navy back in the early '70s, when LORAN was still king. Our ship not only had paper charts for the Quartermaster's Mates to track our position by dead reckoning, we took regular star sightings with a sextant for Celestial Navigation. And, we still had two mechanical chronometers that were kept wound, even though the ship's navigator had an Omega watch that was more accurate. The USN doesn't take chances with things like this and I'd bet that today's ships still use dead reckoning, hand-wound chronometers and sextants even with today's highly accurate GPS, just to keep in practice in case of an emergency.
Good, inexpensive web hosting
"I'm the Nigerian Prince of the world!"
Table-ized A.I.
Translation: Vendors, shipbuilders and owners allow an open-door policy on critical computer systems.
Just like the rest of the ship, its IT network should have access-control built-in from the beginning. ... not carrying paper charts ...
Translation: Didn't have a tertiary (paper) or even a secondary (non-networked) navigation system.
Not having a back-up for critical services is dumb, dumb, dumb.
Since they usually propogate via USB *drives* (not "sticks") then I'm going to go ahead and say they are exactly as air gapped as one might think.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Sadly, you might be surprised. I am not in the Navy, but I know people who are, and they have said basic seamanship skills are quickly fading with dependence on GPS and other fancy computer aids.
See the USS FITZGERALD and USS JOHN MCCAIN collisions of yesteryear for a show of the USN's navigational abilities.
HACK TEH PLANET!
Don't fight for your country, if your country does not fight for you.
I have worked on modern state of the art ships. While they have paper charts, sextants and lighthouses as backups, the propulsion is drive by wire meaning if you have a complete bridge power failure there is no easy way to steer and vary power on the ship. They are controlled by joystick and navigate from port to port on computer control. They are a mixture of windows PCs , industrial control systems and PLCs , and proprietary industrial computers, all connected to the internet via a two way tracking satellite dish. This is to allow remote diagnostics and updates, and also remote monitoring of position, fuel consumption and for general day to day business needs. Most tools run on windows, and while it is fine saying use something else, you want computers and features on the bridge that are most useful and relatively easy to update and manage over their 30+ years life. I am not saying it would not be good to have air gapped manual control, but in practice when a ship gets that large, it needs a network to steer and control it.
often COTS run windows, the navigation/sensors tends to be seperate network. Like all systems you need management and maintenance of those systems just like the engine etc
The problem comes when no one takes responsibility
Hospital Networks are vulnerable to even the most basic attack. London transport. Universal jobsearch job centres. UNICEF. Housing Association network L&Q. and so on. All the nasties at the moment on the Internet are playing around with universal jobsearch a simple five minute USB stick backdoor walking walkout all done.
If a 30y lifespan is necessary on both hardware and software, why would you go with Windows at all? How easy is it to run Windows 2.x and MsDOS 3 on modern hardware?
Now how easy is it to run and compile simple software under any version of Linux, even if it came from something arcane like SunOS or SCO Unix.
Custom electronics and digital signage for your business: www.evcircuits.com
They have satellite internet.
Some even fast enough connection to watch movies.
Air gap means NO outside connection.
Ships are NOT air gapped.
INT. ELLINGSON BOARDROOM.
A handsome looking woman in her late thirties walks in.
MARGO
Good morning, Gentlemen. Please be seated. I see we're still dressing in the dark, Eugene.
PLAGUE
(to Margo)
Once again, don't call me Eugene.
(to the board)
A recent unknown intruder penetrated, using a superuser acount, giving him access to our whole system.
MARGO
Precisely what you're paid to prevent.
PLAGUE ...God. So would your holiness care to change her password?
Someone didn't bother reading my carefully prepared memo on commonly used passwords. Now, as I so meticulously pointed out, the for most used passwords are love,
(gesturing lewdly)
sex, secret and...
(eyeing Margo)
Margo just blinks prettily.
PLAGUE
A hacker planted the virus.
MARGO
Virus?
PLAGUE
Yesterday, the ballast program for a supertanker training model mistakenly thought the vessel was empty, and flooded its tanks.
MARGO
Excuse me?
PLAGUE
(as if to a child)
The little boat flipped over. A virus planted in the Gibson computer system claimed responsibility.
MARGO
What, it left a note?
Plague hits a button on a remote control, and the virus -
a long haired male model - appears on a large screen, in
psychedelic colors. The virus speaks in a hammy Italian
accent.
VIRUS
Unless five million dollars are transferred to the following numbered account in seven days, I will capsize five tankers in the Ellingson fleet.
BOARD MEMBER
Is that...
PLAGUE
(interrupting)
That is the virus. Leonardo da Vinci. The problem is we have twenty six ships at sea and we don't know which ones are infected.
DUKE ELLINGSON
Well then, put the ships' ballasts under manual control.
PLAGUE
There's no such thing anymore, Duke. These ships are totally computerized. They rely on satellite navigation, which links them to our network, and the virus, wherever they are in the world.
I was in the Navy back in the early '70s, when LORAN was still king.
Loran(-C) was killed by the US domestically a few years ago, because 'we have GPS, why anything else?'. Turns out that DHS didn't notice at the time that GPS can be easily jammed. They're now looking at bring the system back (eLoran):
* https://en.wikipedia.org/wiki/Loran-C#The_future_of_LORAN
Windows is fine for some things, but the networks need to be segregated and external comms to critical systems should be proxied for status only and not control.
It sounds like the networks are even less robust than an automotive network, and they need to be more like an airplane.
echo "blacklist usbcore" > /etc/modprobe.d/no_brainer_security.conf
Oh wait, this is Windows. Never mind, then.
Given the recent collisions my guess is that seamanship isn't the US Navy's strong suit at the moment.
There is absolutely no good reason to keep Autorun on USB devices as a thing. People just need to learn to open Windows Explorer, and browse to an .exe to run if they need to install something. If it is drivers they are worried about, then provide simple steps on the device in print for where to download drivers. That is it, end-stop-goodbye.
I was in the Navy back in the early '70s, when LORAN was still king. Our ship not only had paper charts for the Quartermaster's Mates to track our position by dead reckoning, we took regular star sightings with a sextant for Celestial Navigation. And, we still had two mechanical chronometers that were kept wound, even though the ship's navigator had an Omega watch that was more accurate. The USN doesn't take chances with things like this and I'd bet that today's ships still use dead reckoning, hand-wound chronometers and sextants even with today's highly accurate GPS, just to keep in practice in case of an emergency.
In recent years we had two US Navy destroyers hit by commercial vessels... 1) In both cases it appears that the commercial vessels turned into a collision course without giving either crews enough time to avoid the collision 2) Both crews appeared to be too reliant on their automated systems 3) Given that two Navy destroyers were put out of commission the circumstances are highly suspicious... and if it was the result of a state sponsored (or state related) cyber attack on the commercial vessels navigation systems then we will likely never know as long as we want to avoid world war 3.
... shadowing the goddam ship's starboard aft and hopping a WiFi that was just a LAN?
The root cause of the infection was poor password policy that allowed attackers ...
Or did they land an Internet-connected drone on the deck and snake an Ethernet cable down to the server to "attack," it? What is "air gap" again?
It little behooves the best of us to comment on the rest of us.
iamthecaptainnow.exe
https://www.imdb.com/title/tt0113243/
When I was in the Navy, I was assigned to After Steering, just above the rudder. If the connections from the bridge to the rudder failed, we could steer from there, and often did for practice. If the motors moving the rudder died, we could even turn it manually, although very slowly, and the ship would be brought down to a safe speed. (No, I never had to do it, but I know it was done during a combat drill once.) Of course, we only had one rudder and I hate to think of how many men it would take to turn an aircraft carrier that way.
Good, inexpensive web hosting
The USN doesn't take chances with things like this and I'd bet that today's ships still use dead reckoning, hand-wound chronometers and sextants even with today's highly accurate GPS, just to keep in practice in case of an emergency.
I was in the Navy in the beginning 90's. From that time, you are correct regarding the dead reckoning (especially going into/out of ports), incorrect on the hand-wound chronometers (none on the ship) and correct on the sextants. We still had the LORAN C equipment. One of the gifts I gave myself when I turned 50 was I bought a Hamilton Model 21 Mechanical Chronometer. God, what a beautiful piece of machinery and still considered the best mechanical chronometer every made. If you can afford the $1.5K price and like mechanical timepieces, get yourself one, you'll never regret it. Gordon
One of my friends back then was a Quartermaster's Mate, which is how I know this stuff. When we went from Pearl to Subic Bay, our last leg was from Guam, after refueling. For dead reckoning, they used 2000 yards per nautical mile (rounded down) and all turns were treated as point turns, ignoring the distance traveled in the turn itself. When we made landfall, our calculated position was off by less than 2 nmi. I wonder how many of today's navigators could do so well.
Good, inexpensive web hosting
When they remotely infected that ship,
was the wek password 16309, or 123456?
I support the IT infrastructure for a fleet of about 30 ships. Big ones. Windows is still the default standard for most servers and workstations because that's what most software vendors require. ECDIS terminals are PCN in my environment; however, due to their lack of connectivity, USB drives are required to move updated chart and route information to and from these terminals. While we provide secure USB drives, the biggest risk is still the end user. They use personal computers and personal jump drives to do work because security slows down processes. USB drives are were most of our virus attacks originate. And because the ECDIS is a PCN, it doesn't get regularly security patched nor updated AV definitions. And ya, paper charts are a thing of the past. So are most nautical publications (Admiralty Digital Publications, and UKHO e-NP's)
RE Previous Comments: Never underestimate the greed of the transnational corporations that own and operate these ships or their general lack of concern for the brown skinned people they hire to crew them.
- You're a moron. I work with more than 1700 mariners and couldn't disagree with you more.
RE Previous Comments: ECDIS does much more than just simple google style nav. ECDIS also understands ship draft, water depth, turning radius, etc and is designed to keep the ship from doing something stupid like the Valdez did
- Nope. ECDIS will not prevent stupidity. It's just information display... not an AI
RE Previous Comments: Why aren't things done this way? Because companies are cheap. They don't want to maintain separate hard networks. They don't want to have to pay technicians to actually visit the ships to update software, and they don't want to pay what they would have to pay to get competent computer technicians to actually travel with the ship. Figure what a top IT person gets and then add the premium they would want for spending 24/7 at sea for a good portion of the year
-We run multiple PCN's and VLANs to segregate traffic. We run separate WIFI for crew morale to keep it off the business side of things. I sail frequently but that's a thing that's dying off... remote access over VSAT is more affordable but you have to configure your network to keep things safe. Some shipping companies are cheap and don't invest money in IT... but that too is changing. Most of our change is slow and it's because of SatCom. 1800ms latency with 3% packet loss and buffer bloat are problematic. I don't care if you have a 256kbps up/down link or an 8mb link... latency is the worst.
This story clearly indicates that digital bridges are for armchair sailors. Not only is it shocking that a ship would not carry paper charts (God only knows when ones they might have were last updated), but it is shocking that some much control is in the hands of a computer. What could go wrong? I wonder if the even had a sextant and a calculator to find their ass in the middle of the sea, or even if they did, whether there was anybody aboard who knew how it worked.
That is why, once upon a time, long long ago, when I was ship's navigator the US and most other navies carried paper charts, demanded LAN, sunrise and sunset star fixes, had windup chronometers and used the Mark I eyeball more often than the Mark IV radar to look out for vessels.
he USN doesn't take chances with things like this and I'd bet that today's ships still use dead reckoning, hand-wound chronometers and sextants even with today's highly accurate GPS, just to keep in practice in case of an emergency.
I mean they do, but I don't think this applies for the USN anymore, as demonstrated by that funny accident in Singapore a while back.