Roaming sea pirates traditionally use hostage situations, guns and violence to aid their hunt for valuable cargo. However, a recent incident involving a global shipping organisation suggests that hacking tactics are now being deployed to help boost profits on the high seas.
The case in question was revealed in a March 2016 report from US tech firm Verizon that showcases a collection of security incidents it has managed over the past three years. The report outlines how a group of pirates successfully breached a content management system (CMS) in order to attack shipping vessels in an extremely 'targeted and timely' fashion.
"[The pirates] would board a shipping vessel, force the crew into one area and within a short amount of time they would depart. When crews eventually left their safe rooms hours later, it was to find that the pirates had headed straight for certain cargo containers," the report explained.
To the research team employed to investigate the incident, it quickly became apparent the criminals had inside knowledge. They would board a ship, locate the sought-after items with a barcode reader and make off with the valuable contents. As the report described it: "Fast, clean and easy."
As it turns out, the pirates were working with a hacker. Upon analysis, the cyber-researchers found the mysterious cybercriminal had breached the shipping firm's CMS and had full access to network traffic, shipping routes, inventories and a slew of financial information.
"We discovered that a malicious web shell had been uploaded onto the server," the report said. "Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands. It allowed the threat actors to pull down bills of lading for future shipments and identify sought-after crates and the vessels scheduled to carry them."
Mistakes were made
Yet fortunately for the researchers, the hacker made several mistakes – including failing to properly cover their tracks. The cybercriminal failed to enable SSL on the web shell which left all commands sent over the internet in plain text format.
"This allowed us to write code to extract these commands from the full packet capture (FPC) data," revealed Verizon. "We were ultimately able to recover every command the threat actors issued, which painted a very clear picture.
"These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed that the threat actors constantly struggled to interact with the compromised servers."
The hacker also failed, despite numerous attempts, to spread across the network. "The threat actors were unable to move laterally. This attempt was blocked by a network security appliance. They spent considerable time attempting to do so and, although armed with freshly dumped passwords, were unable to succeed. The threat actors also showed a lack of concern for their own operational security by failing to use a proxy and connecting directly from their home system," the report stated.
In the end, the investigators were able to help the shipping company block the hacker's IP address, remove the source of the breach and update the CMS. However, the incident clearly shows that hacking and cybercrime is now being adopted by every type of criminal – no matter what they are attempting to plunder.