Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Crime Security Transportation IT

Pirates Hacked Shipping Firm's CMS To Plan Attacks, Find Valuable Cargo (softpedia.com) 104

Posted by timothy from the they-learned-nothing-from-the-wire dept.
An anonymous reader writes: Verizon's most recent Data Breach Digest includes a curious hacking case. Apparently a group of sea pirates have hired a hacker who uploaded a Web shell to a shipping company's CMS that allowed them to download cargo inventories and ship routes. They then used this information to attack ships, equipped with a barcode reader (and weapons of course), searching specific crates, emptying all the high-value cargo, and making off with the loot within minutes of launching their attacks.
This discussion has been archived. No new comments can be posted.

Pirates Hacked Shipping Firm's CMS To Plan Attacks, Find Valuable Cargo More

Pirates Hacked Shipping Firm's CMS To Plan Attacks, Find Valuable Cargo

Comments Filter:

  • Are they still called pirates? (Score:3)

    by sims 2 ( 994794 ) on Thursday March 03, 2016 @01:36AM (#51626993)

    Now that we are referring to netflix subscribers by the same name we may need to come up with another name for people who steal at sea. What should we call them? Searates? Picaroons? Thieves?

    • Re: (Score:1)

      by Anonymous Coward

      It depends if they have good lawyers or not. For safety I would suggest Unlicensed Goods Removals and Relocations Corporations. You never know when somebody might sue.

    • In French, "hackers/crackers" are called "pirates" (not just those that copy movies, but those that hack into servers. And that word was already used in the nineties). Quite appropriate word in this case...

    • Re: (Score:3)

      by tlhIngan ( 30335 )

      Now that we are referring to netflix subscribers by the same name we may need to come up with another name for people who steal at sea. What should we call them? Searates? Picaroons? Thieves?

      Well, the nautical version has been around a long time, and the copyright version has been around since the 17th century or so when copyright was first established.

      Though I have to admit, this is one of the few times where the two worlds collide...

      Maybe we can do what the Navy does - where "pilot" is an overloaded term

    • Re: (Score:2)

      by Alumoi ( 1321661 )

      Politicians?

  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Thursday March 03, 2016 @01:39AM (#51626999)
    Comment removed based on user account deletion

    • The idea has definitely been discussed. It would seem very irresponsible to travel unarmed in pirate-infested waters such as near Somalia. However, it's not clear where this attack took place. It should be relatively safe to ship through the north Pacific or north Atlantic. I'd also expect the Southern Ocean is pretty safe because there isn't too much down there.

      There's an article from the Christian Science Monitor [csmonitor.com] that does a really good job of explaining the issues with protecting ships. It says that if c

      • Re: (Score:2)

        by jafiwam ( 310805 )

        The idea has definitely been discussed. It would seem very irresponsible to travel unarmed in pirate-infested waters such as near Somalia. However, it's not clear where this attack took place. It should be relatively safe to ship through the north Pacific or north Atlantic. I'd also expect the Southern Ocean is pretty safe because there isn't too much down there.

        There's an article from the Christian Science Monitor [csmonitor.com] that does a really good job of explaining the issues with protecting ships. It says that if crews are armed, pirates may retaliate if fired upon, injuring the crew or damaging the ship. Similarly, they believe that having specific armed security on ships will result in pirates getting more powerful weapons and firing from a distance. In short, they don't want to create an arms race with the pirates. There are other measures to protect ships, though they're somewhat expensive. I'd guess that shipping companies don't want to spend the money to protect ships traveling in areas where pirates aren't common.

        Well then follow up with a drone strike of the base camps they use and a torpedo for the mother ship.

        If that doesn't work, I am sure a B1-B or two can carry a payload to fix the problem. Just one of those can carry enough land mines and sea mines to fuck up their areas of deployment real well.

        Sounds like "we don't actually want to solve the problem, just whine about it" to me. Typical pussy generation. Maybe try handing out trophies to all the pirates or something. I am sure that would work.

        The decidi

    • Re:Unarmed ships are helpless. (Score:4, Insightful)

      by excelsior_gr ( 969383 ) on Thursday March 03, 2016 @02:58AM (#51627131)

      Get Gatling guns on one ship, the next pirate crew will show up with an RPG. If I was a sailor on one of those ships, there would be no chance in frozen hell I would fire back on a pirate to protect some rich dude's shit on board that's probably insured anyway. You can be as gun-ho about this as you want from your armchair, I'm throwing my hands in the air and letting the pirates go with the cargo.

      • Get Gatling guns on one ship, the next pirate crew will show up with an RPG.

        Next?

        http://i.telegraph.co.uk/multi... [telegraph.co.uk]

        They've already been doing that for years.

        You can be as gun-ho about this as you want from your armchair

        The crew of the ship where that picture was taken faced off the RPG wielder with molotov cocktails.

      • Get Gatling guns on one ship, the next pirate crew will show up with an RPG. If I was a sailor on one of those ships, there would be no chance in frozen hell I would fire back on a pirate to protect some rich dude's shit on board that's probably insured anyway. You can be as gun-ho about this as you want from your armchair, I'm throwing my hands in the air and letting the pirates go with the cargo.

        Except the pirates, the Somali ones, want you. They want to take you hostage and get a ransom for you. If they don't get ransom your ass is toast.

        Now do you want to defend yourself?

    • Re: (Score:3)

      by AHuxley ( 892839 )
      That could have been fixed under the Rome Convention, 2005 Protocol but it seems all the big powers only want their own nations mil with big flags flying or a push for ever more UN powers.
      The inherent right of individual or collective self defense seems to have been totally blocked by the big powerful nations who could have allowed more protections at any time in the past decades but ensured nothing was useful was done.
      All they did was update the forbidden cargo lists to contain nations doing bad exports

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      It's fucking ludicrous that a vessel carrying a billion dollars worth of cargo isn't protected by at least a pair of .50 caliber Gatling guns. These pirates should be getting turned into a red mist at 500 yards.

      Well, the BIG problem is firearms and every country has a ton of laws around it. It's been debated, and most shipping companies are averse to it because the permits and paperwork involved would basically halt the industry. Especially if you're transiting waters.

      It's why they typically use water canno

    • Re: (Score:2)

      by swb ( 14022 )

      The usual pirate scenario seems to be a fairly small fishing type boat attacking a large ocean going ship. The former is usually wooden and the latter a multi-story sized hunk of steel.

      I'm not sure why even a .50 cal semi-auto sniper-style rifle wouldn't be more than a match for pirates in a small wooden boat. The effective range of RPGs is only a few hundred meters and the ability to fire it accurately from a small boat in the ocean seems pretty limited. It's slow to fire repeated rounds and the effect

      • The usual pirate scenario seems to be a fairly small fishing type boat attacking a large ocean going ship. The former is usually wooden and the latter a multi-story sized hunk of steel.

        I'm not sure why even a .50 cal semi-auto sniper-style rifle wouldn't be more than a match for pirates in a small wooden boat. The effective range of RPGs is only a few hundred meters and the ability to fire it accurately from a small boat in the ocean seems pretty limited. It's slow to fire repeated rounds and the effect is likely to be limited against a large, steel ocean going freighter.

        The .50 round is effective at much longer ranges, a large ship would provide a much more stable and accurate firing platform in addition to being able to fire multiple rounds quickly. One guy with a .50 sniper rifle could probably do serious damage to a wooden fishing boat, with nowhere safe to hide for its crew and way outside the effective range of a RPG.

        And by "serious damage" you mean "sink it".

        • Re: (Score:2)

          by swb ( 14022 )

          Depending on the nature of the vessel and shot placement, it may just damage it in some non-critical way or it may actually do enough damage to remove propulsion or actually sink it. There's a lot of variables, from pirate vessel materials, construction, shot placement, and the ability of the boat to handle a leak of some kind.

          Decent bilge pumps may be able to keep it from sinking long enough to make it back to port if the hull is only punctured once or above the average waterline. A steel hulled vessel m

    • Civilian ships are not allowed to carry guns. There are legal limits to sailing armed ships through the waters (200 mile limit) of other countries. This is the excuse China uses to complain about American warships sailing past their fabricated islands in the South China Sea.

      • Easy. Get a bunch of guns to defend the ship as it sails thru the pirate waters. When it approaches a country where guns are not legal,
        throw them overboard (or melt them). The cost, compared to the alternative, is trivial.

        • Re: (Score:1)

          by dave420 ( 699308 )

          Or just do what they currently do, and have security services aboard the ships in dangerous waters. It may shock you to discover, but the shipping companies have already thought about this a lot more than you have.

    • I agree the vessels should have better defence, but pouring money into arming cargo ships to save a few TVs is hardly worth it.

      Instead use that money to:

      -Add GPS tracking to the valuable cargo
      -Improve insurance policies, which they probably already have
      -Maybe start by using a more secure CMS
      -Lock down the cargo better, so plasma cutter etc would be required to open
      -Encrypt cargo labeling, where decryption key is not onboard

      These are just some 5 second ideas which may not stop pirates but should at least slo

    • Re: (Score:2)

      by dave420 ( 699308 )

      Seeing as the ships have to travel internationally and dock in different countries, that is a terrible idea, as it will instantly limit the ports said ship can sail to.

      My cousins work protection on cargo ships - they are delivered to the ship (with weapons), and stay with it when at sea. When they approach territorial waters, they leave the ship. This is the only sensible, non-knee-jerky way to deal with the security of cargo vessels. Just sticking guns to everything might seem like quite a sensible solu

  • "hacker who uploaded a Web shell to a shipping company's CMS"

    What was the name of this CMS and who originally installed it?

    • Although interesting on the surface, that softpedia piece reads like it was written by Verizon PR. No surprise, since the "article" is basically a regurgitation of the Verizon "whitepaper" most likely regurgitated by someone who has none to a basic understanding of pen testing and web security:

      "With all this information in hand, Verizon helped the company block the hacker's IP, remove the Web shell, take down its server, reset passwords for all compromised accounts, and upgrade the CMS."

      And the world was gr

      • Re: (Score:2)

        by Bert64 ( 520050 )

        How do they know that was their home ip address and not just another compromised host?
        And even if it was their ip, were they in a jurisdiction where they don't care about exposing it?

    • What was the name of this CMS and who originally installed it?

      Don't expect such info from this article, if you find gems such as the following:

      Fortunately, the hacker wasn't that skilled. Verizon says that the attacker used a Web shell that didn't support SSL, meaning that all executed commands were recorded in the Web server's log.

      A newspaper that isn't skilled enough to know the difference between SSL and POST (if that's what they meant...) certainly wouldn't know the difference between Joomla, Drupal or Wordpress either.

    • Verizon's team said it was a custom-built CMS

  • Apparently a group of sea pirates have hired a hacker who uploaded a Web shell to a shipping company's CMS that allowed them to download cargo inventories and ship routes. They then used this information to attack ships,

    That sounds like a lot of work. Haven't these pirates heard of torrents?

    • That sounds like a lot of work. Haven't these pirates heard of torrents?

      Have you heard of any big ships with valuable cargo that travel on torrents?

  • Sounds like something straight from a William Gibson or Neal Stephenson novel. Crafty little beggars, you have to give them that.

  • upon boarding the ship, the lead pirate announced, "Me scurvy dogs and me be after yer booty so we're scannin all yer baaarrrcodes."

  • Must be the laid off Disney IT workers....

  • Way To Much Effort (Score:2, Insightful)

    by Anonymous Coward

    Apparently a group of sea pirates have hired a hacker who uploaded a Web shell to a shipping company's CMS that allowed them to download cargo inventories and ship routes. They then used this information to attack ships, equipped with a barcode reader (and weapons of course), searching specific crates

    if you've got that much access, why not just reassign valuable packages/containers deliveries to addresses or shipping companies you control in,and just drive the goods away. Who looks inside a shipping contain

    • The reconsignment process would potentially draw attention to what was happening, as it's a fairly high-profile thing to do to a shipment.

  • I've worked in the Supply Chain / Shipping world for over 10 years now and have seen incidents like this multiple times.

    One of the more memorable ones was where someone in the container yard in China was breaking into the containers and skimming product from the cartons inside the containers. In order to try and go undetected they were peeling off the carton labels that were printed out from our tracking system and reprinting the labels from a local device to reflect the new unit counts after they stole se

  • It's not piracy... it's infringement of copyright! Piracy is... oh wait, never mind, yep, it's totally piracy. Sorry about that.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close