Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Transportation

How Hackers Are Targeting the Shipping Industry (bbc.com) 48

An anonymous reader shares a report: When staff at CyberKeel investigated email activity at a medium-sized shipping firm, they made a shocking discovery. "Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department." Whenever one of the firm's fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number. "Several million dollars," says Mr Jensen, were transferred to the hackers before the company cottoned on. After the NotPetya cyber-attack in June, major firms including shipping giant Maersk were badly affected. In fact, Maersk revealed this week that the incident could cost it as much as $300 million in profits. But Mr Jensen has long believed that that the shipping industry needs to protect itself better against hackers -- the fraud case dealt with by CyberKeel was just another example. The firm was launched more than three years ago after Mr Jensen teamed up with business partner Morten Schenk, a former lieutenant in the Danish military who Jensen describes as "one of those guys who could hack almost anything." They wanted to offer penetration testing -- investigative tests of security -- to shipping companies. The initial response they got, however, was far from rosy.
This discussion has been archived. No new comments can be posted.

How Hackers Are Targeting the Shipping Industry

Comments Filter:
  • Virus? (Score:3, Interesting)

    by JohnFen ( 1641097 ) on Friday August 18, 2017 @01:16PM (#55042255)

    I doesn't sound like a virus to me -- a virus has to be self-replicating. This sounds more like an implant.

    • by Z00L00K ( 682162 )

      It really doesn't matter and it still highlights that segmenting your network is a good idea.

      Different parts of the business shall be isolated from each other and avoid central servers. Using well-defined interfaces between the different business areas and closing all the traffic between the segments from all non-essential traffic is also important.

  • by hired killer ( 665430 ) on Friday August 18, 2017 @01:19PM (#55042287)
    Could this be the kind of response someone would give when misappropriation of money is found out.
  • by nitehawk214 ( 222219 ) on Friday August 18, 2017 @01:20PM (#55042301)

    When government outlaws regexes, only outlaws will have regexes.

  • There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.

    In related news, autonomous ships will soon become a reality. More targets for hackers.

    • There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.

      In related news, autonomous ships will soon become a reality. More targets for hackers.
      http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here [ieee.org]

      They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook. An autonomous sailing ship could get rid of those people.

      • There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.

        In related news, autonomous ships will soon become a reality. More targets for hackers.

        http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here [ieee.org]

        They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook. An autonomous sailing ship could get rid of those people.

        An autonomous sailing ship could get rid of ONE those people

      • No deck crew? You really expect the officers or the cook to handle lines? I don't think they're manned by just three. Container ships carrying the refrigerated containers usually have at least three people just to watch those things. They've been known to be less than perfectly reliable. The totally automated vessels need to have a lot more redundant systems than do the less automated ones. I have to wonder whether the people (like Rolls Royce) who are trying to sell these hugely expensive automation system
      • by Anonymous Coward

        "They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."

        Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...

        You must be a programmer to have such a childishly

        • "They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."

          Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...

          You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.

          https://www.youtube.com/watch?... [youtube.com]

          I get it from people serving on those ships. For shipping companies like Mærsk the rest are in the habors which they run.

          • "They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."

            Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...

            You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.

            https://www.youtube.com/watch?... [youtube.com]

            I get it from people serving on those ships. For shipping companies like Mærsk the rest are in the habors which they run.

            But to be clear that is the minimum crew, and it contains a cook because usually there are more people.

    • by k6mfw ( 1182893 )

      Interesting. I was thinking the line from the 1947 movie "The Ghost and Mrs. Muir" as Rex Harrison as a crusty old sea captain says something like "typical landlubbers don't know it is ships and men that bring them precious goods from far away lands." And how Europeans particularly England became a global force with transoceanic commerce and warships to dominate countries on the other side of the world. Also debated what if China (Ming Dynasty) maintained their large navies (debate is they were faced with t

  • Dumb (Score:4, Insightful)

    by avandesande ( 143899 ) on Friday August 18, 2017 @01:34PM (#55042445) Journal
    Any actionable financial emails should be encrypted and signed. Why would they do business this way? Even a signed pdf invoice would have been better...
    • by djinn6 ( 1868030 )
      I don't understand why all email shouldn't just be encrypted and signed by default. The computing power that would cost is negligible.
      • by PPH ( 736903 )

        Key management and encryption standards. Too many people are positioned to make their platform/product THE industry standard (for a small per transaction fee, of course). Rather than getting behind a distributed peer-to-peer solution. And when the industry or government puts together a working group to propose an open solution, the leading providers just send Goober to sit on the committee and mess things up.

        Back in the old days, things happened on the Internet before the big players caught on. Now they ha

    • Comment removed based on user account deletion
  • Transferring millions to an account number found in an email ? That sounds dumb to me.... But at the end there is always a human that makes mistakes. I guess every industries should learn from this 'incident'... Never trust emails for conducting business. Pick up the phone!
  • Looks to me like someone's list of favorite movies growing up included Hackers and Office Space
  • by ErichTheRed ( 39327 ) on Friday August 18, 2017 @01:54PM (#55042707)

    Large companies often have this problem. At the end of all the financial safeguards, double and triple checks, and hidebound processes for moving money around, the actual way it's done is very dependent on a human recognizing a message is from a trusted source. Billion-dollar companies have a bunch of payroll people literally emailing or EDI-ing unencrypted Excel files to their payroll processor showing who to pay what amount, and the only security on that process is that "I'm the payroll clerk, so I know what's going on." Same goes for invoices -- if something looks legit, and it looks like it came from a vendor, it gets paid.

    If a company wants to keep these manual processes in place, they need to ensure the channels these messages run over are totally secure. At least train people to pick up a phone and call if they see something out of the ordinary.

    • "train people to pick up a phone and call if they see something out of the ordinary." At my last job, we really tried to drill this idea into the Accounting department's head. It actually worked, and stopped several potential phishing scams dead in their tracks. They eventually subscribed to Mimecast that actively hooks into their AD to verify (one among many methods) that internal senders are internal senders, only accepting email from specific IP addresses, running sandboxes on all attachments, etc.
  • I thought they were all pretty small. It sounds like a joke, don't worry it's only a small virus.
  • I saw this documentary in the mid-90s about hackers putting viruses on supertankers to capsize them. But it really wasn't the hacker. The hackers were the good guys trying to stop the executives who were the real villains. I think it was called 'Computer Hackers' or something.

  • They used email as their source of banking account information?! Whoever wrote a policy that said that was okay needs to never work around money ever again. That is too stupid for words.

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...