Ships Infected With Ransomware, USB Malware, Worms (zdnet.com) 132
An anonymous reader writes: IT systems on boats aren't as air-gapped as people think and are falling victims to all sorts of cyber-security incidents, such as ransomware, worms, viruses, and other malware -- usually carried on board via USB sticks. These cyber-security incidents have been kept secret until now, and have only been recently revealed as past examples of what could go wrong, in a new "cyber-security guideline" released by 21 international shipping associations and industry groups. One of the many incidents: "A new-build dry bulk ship was delayed from sailing for several days because its ECDIS was infected by a virus. The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship's master and officers. A producer technician was required to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus. The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case are unknown. The delay in sailing and costs in repairs totaled in the hundreds of thousands of dollars (U.S.)." The document also highlights an incident involving ransomware. "For example, a shipowner reported not one, but two ransomware infections, both occurring due to partners, and not necessarily because of the ship's crew," reports ZDNet. Another ransomware incident occurred because the ship failed to set up proper (RDP) passwords: A ransomware infection on the main application server of the ship caused complete disruption of the IT infrastructure. The ransomware encrypted every critical file on the server and as a result, sensitive data were lost, and applications needed for ship's administrative operations were unusable. The incident was reoccurring even after complete restoration of the application server. The root cause of the infection was poor password policy that allowed attackers to brute force remote management services successfully. The company's IT department deactivated the undocumented user and enforced a strong password policy on the ship's systems to remediate the incident.
Windows, right? (Score:5, Insightful)
Don't run ships on Windows, for obvious reasons.
Also, not carrying ANY paper charts as a backup? Dumb, dumb, DUMB.
Re: (Score:3)
No paper charts, that's a different story. WTF do they do after a lightning strike?
oh, by the way, I own a boat, and have paper charts.
Re: (Score:2)
"Running windows? Wrong, they don't, they have at least that much of a clue.
No paper charts, that's a different story."
Given that knowing where are you in the middle of the sea has been a most important matter for seamen for thousands of years ans still they do such a dumb thing as not having paper charts, what makes you think there remains anything of a clue with them?
Then, what other systems but Windows do you think use Remote Desktop for an access protocol?
Re: Windows, right? (Score:1)
I used to work for a company making radar and ECDIS, they do run on Windows and in some cases really quite old versions of Windows. We made equipment for big ships, not boats.
Re: Windows, right? (Score:2, Interesting)
I can confirm this. I've personally been on 3 large ships in the last couple years and I remember being shocked at the Windows XP screens.
Re: Windows, right? (Score:1)
Real people do not care about computers but about what can be done with computers. Real People do not care or want to waste time learning about tools more than it is strictly necessary, because Real People have better things to do with their time, lime family, friends and social events. Life, in other words. Only nerds are obsessed with computers because they have no life. No family except their ling-suffering parents, no friends and no social life. One day they find out they're in their mid-forties with no
Re: (Score:2)
Real people do not care about computers but about what can be done with computers.
Your statement is moronic at best and poor trolling at worst. Only a simpleton would make a statement like you did.
I'm a real person and I care about my computer(s). I don't want then to get infected or fail, so I do my best to take care of them.
It's no different than changing the oil in your car or making sure your dog/cat/horse/whatever is healthy and properly cared for.
Re: Windows, right? (Score:3)
Re: (Score:3)
> Most major corporations are still so technically inept that they still run Windows
Yes, so sad, as this is the year of Linux on the Desktop, ofcourse! A Linux desktop won't present any issues at all - large ships can be easily patched mid-sea with a new kernel should a security issue occur! And as everyone knows only Windows is hackable, Linux is completely hackerproof. the X desktop is very well suited for day to day work, users just love its window composition, choice of available software and design.
Re: Windows, right? (Score:1)
Re: (Score:2)
None of these issues apply in the real world to how these systems would be used if they were sensibly designed. It doesn't matter how much software is available to systems which should never run any software they didn't ship with. You don't patch, you replace the whole image while you're in port — preferably from physical media, not OTA. There's few enough ships to where this remains reasonable. If you want to do some accounting or play games you use a wholly different system, preferably one air-gappe
Re: (Score:2)
https://www.marinemec.com/news... [marinemec.com]
Shipowners should update their onboard computer systems to the latest Windows operating system, if they are on Windows XP for instance, to avoid viral disruptions. They should also consider upgrading satellite communications with VSAT and a smart communications module, such as Speedcast's Sigma Gateway.
Navios group IT director Katerina Raptaki explai
Re: (Score:2)
Running windows? Wrong, they don't, they have at least that much of a clue.
You sure about that? Hell, I remember when they announced that *nuclear submarines* would be running on *Windows NT*.
So much for "military grade security".
Re: (Score:2)
Remember Windows for Warships [wired.com]? One app divided by zero and crashed the entire network. First time we lost a navy ship to a zero [palmflying.com] since WWII.
Re: (Score:2)
nothing to do with the OS
Real multitasking OSs don't crash (and take the network with them) when one application crashes.
most ships have COTS systems (Score:2)
often COTS run windows, the navigation/sensors tends to be seperate network. Like all systems you need management and maintenance of those systems just like the engine etc
The problem comes when no one takes responsibility
Re: (Score:2)
"Don't run ships on Windows"
I saw the header and I thought: is this about "IT systems on boats" or "Windows on boats"? Then I saw the part about RDP passwords and it became clear. This is, again, about Windows.
Yeah, someone will come here to tell, once more, "oh, if other systems were as popular as Windows, then they would be equally cracked", but somehow, it is still Windows, Windows, Windows.
Even if it only were a bit of "security through obscurity" and it were only to work for a few years, choosing "wha
Re: (Score:2)
Remember Windows for Warships [wikipedia.org]?
Windows isn't the problem though. As the summary pointed out, it was due to weak passwords leading to remote management services being brute forced. Running Linux doesn't make the IT department magically more competent, in fact it can have the opposite effect as they turn to Stack Overflow for help with an unfamiliar system.
Re: Windows, right? (Score:2)
Re: (Score:2)
Windows doesn't have undocumented users there at install time.
It must have been someone installing it for easy maintenance. Probably an admin user set up specifically for RDP.
Re: Windows, right? (Score:2)
Re: (Score:2)
If it was an undocumented account that existed at install time it would have been widely publicised by now, not least in this report on ship cybersecurity. Obviously no-one can prove a negative, but unless you have evidence of this extraordinary claim then the probability of it being true is extremely low.
Considering the amount of scrutiny that Windows is under I find it hard to believe that an entire user account which could be logged in to remotely could exist and not be discovered. It would have to be hi
Re: Windows, right? (Score:2)
Re: (Score:2)
Interesting the actual report doesn't even mention the OS, so it could have been Linux or anything else.
Re: Windows, right? (Score:2)
Re: (Score:2)
Neither "Windows" nor "RDP" appear in the actual report: http://www.ics-shipping.org/do... [ics-shipping.org]
You fell for the article's fake news, because you aren't smart enough to check sources.
Re: Windows, right? (Score:1)
Re: (Score:2)
Now this deserves a +5 Insightful, but ofcourse the trolls are too busy bashing the most widely used OS on the planet.
Re: (Score:2)
what's also dumb is no backups and a weak security configuration.
Re: (Score:2)
Also, not carrying ANY paper charts as a backup? Dumb, dumb, DUMB.
Shouldn't this be, like, illegal? Nobody should be piloting that much metal around the planet without knowing what they are doing with it.
Re: (Score:2)
Shouldn't this be, like, illegal? Nobody should be piloting that much metal around the planet without knowing what they are doing with it.
Interesting point.
I don't know if it's illegal or not, but honestly, it's mind-boggling to me that a ship of any size would head out to sea without paper backup charts. The captain must be a genuine dumbfuck not to think ahead about the possibility of some sort of computer failure occurring, whatever the cause.
I mean, who the hell is that confident in their computer systems? A briefcase of "emergency" charts would have made this a non-story that we probably never would have even have heard of.
Re: (Score:2)
Heh I used to always make sure I brought a paper map on offroad rallies as a backup to the tablet-based navigation system. These days it's not so important as I now have the exact same setup on my phone, but I haven't bothered to take the folded paper map out of the navigator's clipboard...
Closest I came to needing it is when the tablet's microSD card spontaneously ejected into a field somewhere, good thing I had that backed up and the map files were in onboard storage...haven't put a microSD back in it sin
Re: (Score:2)
In critical applications you should be using embedded hardware that doesn't have usb unless absolutely required...
And even if you do have usb ports, you should be using an embedded os that only contains drivers for the specific usb devices its required to interface with.
Re: USB scoffs at your airgap (Score:2)
Re: (Score:2)
usually carried on board via USB sticks.
Well the USB and other similar external connectors should always be hard-disabled in mission critical applications.
Firstly, that's not going to help when your "mission critical" system is running Windows. Sooner or later the outside world is going to be reachable and if you're stupid enough to be running Windows then your system is going to be hosed.
What sort of drooling imbecile walks a USB device into the facility and plugs it into a system like that? Have we learnt nothing whatsoever from all the other cases since years where that was the attack vector for an airgapped system?
Yeah, unlike a facility on land, on a ship the crew might be away for weeks and might just want to bring things with them on a USB stick. Having security that relies on the user not being human is stupid. If you're going to shut away humans for weeks at a time you must be
Re: (Score:2)
This is a problem because management will not force control systems to be air gapped. And I don't mean from the Internet I mean from other computers at the same location.
The way such a system should be designed is that any system having to to do with ship control should be on it's own network. This network should only be accessible for update/file download from a secure station onboard the ship and only accessible to a technician while in port.
All personal/administrative computer should be a a different net
LOL @ terminology (Score:3)
Re: (Score:2)
I think that's rather the point of this article. However, some of this is just plain stupid--critical systems should be kept pretty strictly locked down, very possibly with either no ability to communicate or only able to receive messages for the humans aboard to access. (If you want to be really paranoid, lock that down to plaintext only.)
And, y'know, never ever ever be so moronic as to not have non-computer backups. Especially for your navigation. Maybe they were sailing under flags chosen in part bec
Re: LOL @ terminology (Score:2)
Being airgapped isn't the problem. They should look into watergapping. I bet that's how those pesky viruses got on the ship. (water == conductor. It's elementary!)
Re: (Score:2)
Re: LOL @ terminology (Score:2)
Re: (Score:2)
If it's airgapped no updates will ever be needed. And file transfers would be strictly forbidden as well.
Re: LOL @ terminology (Score:1)
I'm the captain now (Score:1)
My dinghy runs on BeOS.
Air-Gapped. (Score:2)
Air gaping in network terms means no connection possible. More in fluid flow terms, a semi abuse of language from a time of solely wired connections. Air gapped really means no connections allowed, wired or unwired. Ships by their very nature can not be air gapped, communications need to be maintained.
The ships system should be locked down though only capable of taking input from wired connections, never ever wireless and that USB port should be locked behind a safe in the Captains cabin. Flexible == to in
Re: (Score:2)
As to your other. You don't understand shipping, and they're clueless. Need to be educated.
Re: Air-Gapped. (Score:2)
Re: (Score:2)
Right they should be air gapped.
Why aren't they?
Because if you air gap them then the manufacturer of the software and control systems can't monitor their performance, provide bug fixes, and record data on their customers.
Yeah for the same reason other systems aren't air gapped. Its good for the corporation who made the systems and bad for the customer. Just like for all the other systems that use computer software.
Why is Windows used instead of Linux or a proprietary system?
For the same reason Windows is us
Worms? (Score:3)
Once it was the wood-eating teredo worm that sank ships, now it's data-eating worms!
No paper charts? (Score:2)
Not foreseeing malware problems can be kinda forgiven if you're ignorant of IT. But not having paper charts on board? That's utter stupidity. You're going to risk the ship and the life of everyone on board because you don't want to pay about $100 for a set of waterproof charts? Never mind malware. What happens if
Re: (Score:2)
I think you can get maps for free at a Texaco station - but perhaps I am dating myself.
It's almost inconceivable to go out into the middle of the ocean with *no charts*. If nothing else, put the charts on a backup iPad or something at least good enough to find a safe port.
Re: (Score:2)
Well of course not! (Score:2, Funny)
Ships are not air-gapped, they are water-gapped!
And everyone knows that salt water conducts.
What? No backup systems? (Score:5, Insightful)
Re: (Score:2)
If a 30y lifespan is necessary on both hardware and software, why would you go with Windows at all? How easy is it to run Windows 2.x and MsDOS 3 on modern hardware?
Now how easy is it to run and compile simple software under any version of Linux, even if it came from something arcane like SunOS or SCO Unix.
Re: (Score:2)
Windows is fine for some things, but the networks need to be segregated and external comms to critical systems should be proxied for status only and not control.
It sounds like the networks are even less robust than an automotive network, and they need to be more like an airplane.
Re: (Score:2)
Re: (Score:1)
Given the recent collisions my guess is that seamanship isn't the US Navy's strong suit at the moment.
Re: (Score:2)
Sequel (Score:1)
"I'm the Nigerian Prince of the world!"
Re: (Score:3)
Someone doesn't know what "air gapped" means (Score:2)
Re: (Score:2)
Re: (Score:2)
NOT air gapped (Score:2)
Some even fast enough connection to watch movies.
Air gap means NO outside connection.
Ships are NOT air gapped.
Autorun should be banned from the planet (Score:2)
There is absolutely no good reason to keep Autorun on USB devices as a thing. People just need to learn to open Windows Explorer, and browse to an .exe to run if they need to install something. If it is drivers they are worried about, then provide simple steps on the device in print for where to download drivers. That is it, end-stop-goodbye.
Were the ransome peeps ... (Score:2)
... shadowing the goddam ship's starboard aft and hopping a WiFi that was just a LAN?
The root cause of the infection was poor password policy that allowed attackers ...
Or did they land an Internet-connected drone on the deck and snake an Ethernet cable down to the server to "attack," it? What is "air gap" again?
Malware file discovered (Score:2)
Learn How Things Work (Score:2)
When they remotely infected that ship,
was the wek password 16309, or 123456?