REAL LIFE NEWS: PIRACY AND HACKING COMBINE
by Hazed
Pirates, the old-fashioned kind, have taken to hacking in order to facilitate their attacks.
A global shipping company that had been the victim of high-seas piracy recently called in Verison’s RISK security response team to investigate whether the pirates had hacked their network.
Usually piracy on the ocean involves criminals making money by capturing the crew and cargo and then seeking a ransom. But this company had been suffering a series of hit-and-run attacks where the pirates not only knew which ships had valuable cargo, but also went straight to the shipping containers where it was stashed.
According to a report recently released by Verizon, “It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved. They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate – and that crate only – and then depart the vessel without further incident.”
The way these attacks were targeted made it obvious that the pirates had some kind of inside knowledge. Investigation showed how they were getting that info: the company was using a “homegrown” content management system to manage their bills of lading, running on a web server, and the pirates had compromised this, uploading a script via a software vulnerability, which gave them access to the server. They could then download the bills of lading which told them exactly which ships, and which crates, to target.
While this sounds very ingenious, the crooks made a number of mistakes in their hacking by not covering their tracks. This allowed the response team to figure out exactly what they were doing. “We were ultimately able to capture every command the threat actors issued, which painted a very clear picture,” the RISK team wrote. “These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed that (they) constantly struggled to interact with the compromised servers.”
The shipping company shut down the server and fixed the vulnerability. They were also able to identify the IP address the hackers were using and block it.
I assume they weren’t able to actually identify the pirates and make them walk the plank!
