How Hackers Are Targeting the Shipping Industry (bbc.com) 48
An anonymous reader shares a report: When staff at CyberKeel investigated email activity at a medium-sized shipping firm, they made a shocking discovery. "Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department." Whenever one of the firm's fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number. "Several million dollars," says Mr Jensen, were transferred to the hackers before the company cottoned on. After the NotPetya cyber-attack in June, major firms including shipping giant Maersk were badly affected. In fact, Maersk revealed this week that the incident could cost it as much as $300 million in profits. But Mr Jensen has long believed that that the shipping industry needs to protect itself better against hackers -- the fraud case dealt with by CyberKeel was just another example. The firm was launched more than three years ago after Mr Jensen teamed up with business partner Morten Schenk, a former lieutenant in the Danish military who Jensen describes as "one of those guys who could hack almost anything." They wanted to offer penetration testing -- investigative tests of security -- to shipping companies. The initial response they got, however, was far from rosy.
Virus? (Score:3, Interesting)
I doesn't sound like a virus to me -- a virus has to be self-replicating. This sounds more like an implant.
Re: (Score:3)
It really doesn't matter and it still highlights that segmenting your network is a good idea.
Different parts of the business shall be isolated from each other and avoid central servers. Using well-defined interfaces between the different business areas and closing all the traffic between the segments from all non-essential traffic is also important.
Theft or redirection? (Score:3, Interesting)
Not even mad, bro (Score:3)
When government outlaws regexes, only outlaws will have regexes.
Container ships are amazing vessels... (Score:2)
There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.
In related news, autonomous ships will soon become a reality. More targets for hackers.
Re: (Score:3)
There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.
In related news, autonomous ships will soon become a reality. More targets for hackers.
http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here [ieee.org]
They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook. An autonomous sailing ship could get rid of those people.
Re: (Score:2)
There's a book on my reading list that I haven't read yet (pay attention, trolls), about the history of shipping containers: "Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate" [amzn.to] by Rose George. The New York Times gave it a good review [nytimes.com] when it first came out, mentioning that the author traveled on a Maersk ship to research the book.
In related news, autonomous ships will soon become a reality. More targets for hackers.
http://spectrum.ieee.org/transportation/marine/forget-autonomous-cars-autonomous-ships-are-almost-here [ieee.org]
They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook. An autonomous sailing ship could get rid of those people.
An autonomous sailing ship could get rid of ONE those people
Re: (Score:2)
TV Dinners [youtube.com].
Re: (Score:2)
Is this how a US Navy ship ran into a cargo ship? Cargo ship was in auto pilot and didn't yield? Although, my understanding is the Navy ship should have yielded in any case.
From the reports that I've read, the destroyer made a series of sudden course changes in a crowded channel before being t-bone by the freighter. The Navy had recently announced that they were disciplining everyone who was on duty at the time of the accident.
Re: (Score:2)
hmm.. first, I would have been "t-boned" not "t-bone". Second, being t-boned means a side collision in a middle of the car, usually at 90 degrees. None of this applies in this case since the ship was hit in the font part with an angle.
Also, when you get t-boned, your vehicle looks like a t-bone afterwards.
http://www.businessinsider.com... [businessinsider.com]
Re: (Score:2)
Re: (Score:1)
"They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."
Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...
You must be a programmer to have such a childishly
Re: (Score:2)
"They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."
Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...
You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.
https://www.youtube.com/watch?... [youtube.com]
I get it from people serving on those ships. For shipping companies like Mærsk the rest are in the habors which they run.
Re: (Score:2)
"They are basically autonoumous right now. A half-a-mile long ship carrying a billion dollar worth of goods is typicall manned by three people, the captain, the engineer and the cook."
Where do you get this shit from? There's all kinds of people in the engine room, there's people running around checking for pirates, there's people checking the containers. there's people tightening the cables, people manning the refrigeration systems, the electrical systems...
You must be a programmer to have such a childishly naive view of the real world. Stick to keyboards with your slender fingers.
https://www.youtube.com/watch?... [youtube.com]
I get it from people serving on those ships. For shipping companies like Mærsk the rest are in the habors which they run.
But to be clear that is the minimum crew, and it contains a cook because usually there are more people.
Re: (Score:2)
Interesting. I was thinking the line from the 1947 movie "The Ghost and Mrs. Muir" as Rex Harrison as a crusty old sea captain says something like "typical landlubbers don't know it is ships and men that bring them precious goods from far away lands." And how Europeans particularly England became a global force with transoceanic commerce and warships to dominate countries on the other side of the world. Also debated what if China (Ming Dynasty) maintained their large navies (debate is they were faced with t
Re: (Score:1)
Dude - 0.5 seconds of google work shows this is a cromulent phrase. Chill.
Dumb (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
Key management and encryption standards. Too many people are positioned to make their platform/product THE industry standard (for a small per transaction fee, of course). Rather than getting behind a distributed peer-to-peer solution. And when the industry or government puts together a working group to propose an open solution, the leading providers just send Goober to sit on the committee and mess things up.
Back in the old days, things happened on the Internet before the big players caught on. Now they ha
Re: (Score:2)
Transfer millions to an email account number ? (Score:1)
Crossover (Score:2)
Never trust email 100% (Score:5, Informative)
Large companies often have this problem. At the end of all the financial safeguards, double and triple checks, and hidebound processes for moving money around, the actual way it's done is very dependent on a human recognizing a message is from a trusted source. Billion-dollar companies have a bunch of payroll people literally emailing or EDI-ing unencrypted Excel files to their payroll processor showing who to pay what amount, and the only security on that process is that "I'm the payroll clerk, so I know what's going on." Same goes for invoices -- if something looks legit, and it looks like it came from a vendor, it gets paid.
If a company wants to keep these manual processes in place, they need to ensure the channels these messages run over are totally secure. At least train people to pick up a phone and call if they see something out of the ordinary.
Re: (Score:2)
A small virus? (Score:1)
Good documentary about that. (Score:2)
I saw this documentary in the mid-90s about hackers putting viruses on supertankers to capsize them. But it really wasn't the hacker. The hackers were the good guys trying to stop the executives who were the real villains. I think it was called 'Computer Hackers' or something.
E-Mail??! (Score:2)
They used email as their source of banking account information?! Whoever wrote a policy that said that was okay needs to never work around money ever again. That is too stupid for words.