When Real Life Pirates Get Tech Savvy

04 Mar
Industry, News

Imagine being a pirate on the high seas, sailing around the world, hoping to land a gold mine – that one ship that was loaded with exactly what you’ve been searching for. Now imagine how much easier it would be if there was a way to hack into shipping companies’ databases and figure out not only which ships, but the exact shipping containers that hold exactly what you’re looking for. No need to envision further, as that exact scenario has become a reality.

Traditional piracy has given way to cyber hacking techniques that allow pirates to effectively raid ships of their most valuable cargo according to the 2015 Verizon Data Breach Investigations Report. Pirates no longer need to hold a crew hostage as they go through each and every container. They are now hacking into shipping companies’ management systems that allows them to know future shipments and routes.

One company in particular, after a series of pirate attacks on their ships, sought help from Verizon’s RISK security response team. Within the Data Breach report Verizon states that: “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate – and that crate only – and then depart the vessel without further incident.”

Untitled
[i]Image retrieved from Paul Jarvie

After Verizon gained access to the company’s systems, they discovered a vulnerability in its networks. The company had a custom platform for managing stock and cargo data, a content management system (CMS). This system opened the door for the cyber attackers to upload a malicious shell script, granting the pirates access to the server, and ultimately their cargo records.

However, this was far from a sophisticated attack. The hackers failed to enable SSL on the web shell, and all commands were sent over the internet in plain text, making it easy for the Verizon researchers to locate the CMS vulnerability. They also showed either a lack of knowledge or concern regarding their operational security as they failed to use a proxy and connected directly from their home system, according to Verizon.

While there is an element to humor – as it’s very hard not to conjure a rogue looking Jack Sparrow using technology to search for his pirate’s booty – this case demonstrates that with limited knowledge or effort, an attacker can cause serious damage to a company.

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.

 

[i] Image retrieved from Paul Jarvie’s Flickr