Thursday, March 3, 2016

Pirates turn to hacking on the high-seas

Cunning tech-savvy pirates hacked a shipping company’s systems,
enabling them to carefully target cargo on the firm’s vessels.

From The Next Web by Amanda Connolly (+additional MarketWatch

Piracy these days generally refers to software, but Verizon has unearthed a case of real-life pirates actually conducting the act in order to raid a number of ships.
The group of pirates hacked into a shipping company’s content management system and managed to acquire confidential information on schedules and cargo aboard different vessels.
The report (➤ Data Breach Digest [Verizon]) explains:
Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion. Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart. When crews eventually left their safe rooms hours later, it was to find that the pirates had headed straight for certain cargo containers.
While the situation is worrying for shipping companies, there is a silver lining – the report concluded that the group were indeed creative but not the most skilled hackers.
They failed to enable SSL on the web shell and sent their commands in plain text, which in turn allowed the shipping company to write a code to remove them relatively easily.

The report also states that they discovered numerous mistyped commands.
The shipping company successfully managed to implement a reverse shell and curb any further attempts at hacking by the pirates, which did happen.

The report claims they saw the pirates spending a lot of time trying to get around their newly-secured CMS (Content Management System), which ultimately proved to be unsuccessful.
The pirates also appear to have not used a proxy during these attempts from their home systems, which is just a rookie mistake.
The report reads, “These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed the threat actors constantly struggled with the compromised servers.”
“We then honed in on the network traffic surrounding the CMS managing shipping routes,” said Verizon RISK Team.
“We discovered that a malicious web shell had been uploaded onto the server.”
Web shells can compromise legitimate web apps on a server.
“The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible,” noted Verizon RISK Team.
“Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.”

Chillingly, the hackers were able to pull down documents for future shipments, identify specific crates and the vessels scheduled to carry them.
Verizon RISK Team did not reveal specific details of how it tackled the hackers but said that it capitalized on “several mistakes” made by the high-tech pirates.
The report did not reveal the location of the incidents or when they happened, although there been frequent attacks by Somali pirates on commercial shipping off Africa’s east coast in recent years.
And these modern day pirates seemed to know exactly where to find their loot.
“When crews eventually left their safe rooms hours later, it was to find that the pirates had headed straight for certain cargo containers,” the report added.
“It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved.”

So how did these pirates of the high seas know exactly what ships to invade and where to go once they had gotten onboard and taken the crew hostage?
“They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident,” the report said
 “Fast, clean and easy.”
According to Verizon, the pirates-turned-hackers found a way to see merchandise details in the records carriers release — and to see which vessels were scheduled to carry it.
Verizon described the hack in its annual data breach postmortem released Tuesday.
(For a more technical explanation of their attack, see page 55 of the report.)
So they helped the shipping company shut down severs the pirates had compromised and build a security plan.

While pirates aren’t a new nuisance in the maritime world, this attack shows that they are becoming more and more advanced in their techniques, even if these ones were a little rough around the edges.
Not so long ago, the Ukraine experienced the world’s first blackout caused by hackers after an attack on its regional power authorities left the systems infected with malware.

This is an example of yet another industry that has inadvertently left itself open to hacking.
A pirate that’s armed with both ammunition and hacking skills is not something that all industries are ready to face.

Links :

No comments:

Post a Comment