Cyber-Security Concerns for the Shipping Industry
October 20, 2017 in CyberFor several years, security experts have warned that outdated technological systems could lead to increased risks to shipping vessels. In recent months, the warnings have grown louder. Most computer based shipping technologies, developed in the 1990s, were initially designed as isolated systems. Over time, the industry has moved increasingly online. The change has opened the industry to more threats from outside actors. As technology and users become more sophisticated, the shipping industry has struggled to keep up to speed with the latest changes, leaving older systems vulnerable to targeting.
Two key risks are the hacking or spoofing of marine traffic. Hacking refers to the unauthorized access to data in a system. A hacker could gain entry into the internal systems of a company and access private information, such as cargo documents, or the personal details of crew members aboard a vessel. A hacker could also install malware into the system, allowing them access to sensitive material such as e-mail transmissions. In the past year, hackers have changed the banking information on email invoices going to shipping companies, redirecting millions of dollars before the issue was identified. In June, the NotPetya ransomware-attack targeted several large businesses, including shipping giant Maersk. The virus wormed through the company’s global network, forcing a stoppage at 76 port terminals globally, and costing the company nearly $300 million.
Spoofing, on the other hand, is a process of falsifying the origin or location of something in order to mislead a user. In terms of the shipping industry, it can be used to alter the coordinates of a vessel, or make the vessel simply disappear from tracking systems. Spoofing attempts are often spotted quickly, however sophisticated actors continue to construct ways to outsmart the systems, causing spoofing to remain a point of concern.
Aboard a vessel, security issues can be amplified. For example, the AIS system uses satellites and marine radar to pinpoint the location of a vessel. This information, often publicly available, can be used to track the location of vessels around the globe, and can be used by pirates as a sort of “shopping list”. Using spoofing, a malevolent actor can theoretically alter the location of a vessel, causing a ship to redirect its course into unknown waters. With hacking, they can access a cargo list, obtain the information about the content of specific crates, and if they successfully board a vessel, they target only the crates with goods they find valuable.
While there are numerous entry points for a hacker to target, aboard a vessel, perhaps the weakest point is maritime satellite communication (satcom) system. Satcom boxes are nearly always connected to the internet, and often do not have updated technology. They are often poorly secured, and can easily allow access to “protected” data and entry into a company’s larger systems.
Governments and corporations have long struggled to keep up with the changes in technology. Because of the rapid rate of sophistication, legacy systems often do not have the features or capacity to protect shipping companies from such attacks. Awareness is growing as cyber-security becomes a more prominent global concern. Experts have called for changes in the industry, including secure firmware, password complexity, penetration testing, and other preventative measures to ensure that vessels, cargo, and crew remain safe.
The International Chamber of Shipping has recently launched guidelines designed to help ship owners protect themselves from hackers. More information can be found here: http://www.ics-shipping.org/docs/default-source/resources/safety-security-and-operations/guidelines-on-cyber-security-onboard-ships.pdf?sfvrsn=16
An Unconventional Warfare – Cyber bombs
April 18, 2016 in Cyber
A conflict which has lasted over five years; dismounted the infrastructures of a country set the entire surviving population to seek asylum in neighbors’ states: the Syrian civil-war. The perfect stage to allow terrorists and extremists to enforce their plans and gain territories. Syria is not the only battlefield of this unbalanced amorphous and revised war on terror. North Iraq, Southeastern Turkey and on a broader spectrum the whole of Europe remains a potential target. A conflict where superpowers as the US and Russia played a major role leading to a ceasefire and alleged peace talks in Ginevra; a conflict where actors, structures and outcomes are yet to be fully unveiled.
This conflict is another historical landmark for many foreign policies; it reshaped the approach to terrorism and justice; showed the world a climate of desperation and fear; cruelty and loss of lives have filled the daily newspapers. Europe has worked on resolving the collateral effect of migrations and has faced attacks within its capitals; other players have tried to eradicate ISIS. No winners; only an apparent and fragile ceasefire.
From any “problem solving” point of view the first step of the analysis is to acknowledge the problem; identify the causes beginning by minimizing the effects. Who is ISIS?
Before describing the organization we should consider the so widely used term “Terrorism”. Historically the term refers to the unlawful use of violence towards civilian’s targets in a desperate attempt to enforce political goals. The rise of ISIS, the Islamic State of Iraq and Syria or Islamic State of Iraq and al-Sham began in 2004 as al Qaeda in Iraq (AQI). It was initially an ally of Osama bin Laden’s al Qaeda and both were radical anti-Western militant groups devoted to establishing an independent Islamic state in the region. AQI was weakened in Iraq in 2007 as a result of what is known as the Sunni Awakening, when a large alliance of Iraqi Sunni tribes, supported by the US, fought against the jihadist group. AQI saw an opportunity to regain its power and expand its ranks in the Syrian conflict that started in 2011, moving into Syria from Iraq. By 2013, al-Baghdadi had spread his group’s influence back into Iraq and changed the group’s name to ISIS. It disowned the group in early 2014 proving to be more brutal and more effective at controlling seized territories.
While ISIL has not been able to seize ground in the past several months, that hasn’t precluded them from conducting terrorist attacks, and it hasn’t precluded them from conducting operations that are more akin to guerrilla operations than the conventional operations that we saw when they were seizing territory. The organization understood the value of pushing out content, specifically videos of atrocities, into the world. Therefore, they could recruit very brutal young men to come and join their struggle. As the organization evolved, it made media very central to its ideology and strategy. ISIS had harnessed the power of the “information arena” to propagate its ideology, recruit, move money and coordinate activities. The question arise naturally: “What can be done?”
A top Pentagon official reported that the US is hitting ISIS with “cyber bombs” as part of its new arsenal of tactics being deployed against the terrorist group. The cyber effort is focused primarily on ISIS terrorists in Syria and that the goal is to overload their network so that they cannot function. An attack of this magnitude can interrupt the group’s ability to command and control forces. Similar principle was applied over the power and water disruptions in the middle of a two-week truce between government forces and certain militant groups. Disruption of critical infrastructure was used in order to gain an advantage over the group. Moreover the Islamic State is clearly frightened by the outflow of refugees. A lot of media have been created excoriating those who flee from these territories. By taking advantage of those refugees a powerful tool could be created in order to tell their stories to the world.
The humanitarian issues, the fallout, the civil war, the core issues have not been addressed yet. So far the military intervention and the coalition of multiple air strikes, carried out by Russia and US, have diminished the capabilities of the group; however there is so much more to do and the future remains uncertain. It is highly likely that ISIS will not cease to exist in the near-medium term; their strategy, tactics and objectives are likely to remain unaffected. The struggle in the region and the level of threat to Europe are still primary concerns and subjects of ongoing discussions.
Twitter, YouTube of US Central Command hacked by ISIS supporters
January 13, 2015 in ISIS, United States13 January – US Central Command’s (CENTCOM) official Twitter feed and the YouTube page were hacked on Monday. CENTCOM uses its Twitter feed post regular updates on the coalition airstrikes against Islamic State in Iraq and Syria. The social media accounts were compromised for approximately 30 minutes, after which CENTCOM regained control and suspended the accounts. The feeds were resumed hours later.
The hackers left a series of threatening messages, the longest of which stated: “In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate under the auspices of ISIS continues its CyberJihad. While the US and its satellites kill our brothers in Syria, Iraq and Afghanistan we broke into your networks and personal devices and know everything about you,” the message reads. “You’ll see no mercy infidels. ISIS is already here, we are in your PCs, in each military base. We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!”
The messages also stated, “ISIS is already here, we are in your PCs, in each military base.” They added that that they had affected CENTCOM’s computers, and warned, “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS. CyberCaliphate.”
In the short time the hackers had control of the Twitter feed, they proceeded to tweet a roster of military personnel names and contact information, and then released what they claimed to be “confidential data” obtained from mobile devices. The US Army confirmed that some of the documents were from password protected sites. However, other documents appear to have been publicly available on the Pentagon website. The majority of the documents are dated 2005, with the most recent being 2008. Two other tweets called “China Scenario” and “North Korea Scenario” delivered files which appeared to displayed US surveillance or war scenarios for China and North Korea. The data within those files include PowerPoint slides that appear to have been taken from military presentations, including one entitled: Army Force Management Model. It is possible that some of the password protected information released by the group was also available publicly. CENTCOM is investigating any potential security breaches.
The missive has caused many to believe that the hackers are members or affiliates of ISIS, the terrorist organisation that has swept through Iraq and Syria over the past year. However, certain indicators suggest that the hack may have come from a person or persons who claimed to be ISIS but are not operating within the organisation. For example, the term “ISIS” itself is most commonly used in the West. The group itself changed their name to “Islamic State” (Dawla il Islamiya) in June of 2014. Further, the organisation has focused predominantly on the gain of territory and natural resources; if found to be the work of ISIS, this cyber-attack would be their first. Finally, the released documents featuring far Asian countries is not in line with the Middle Eastern focus of ISIS. It is likely that the hackers are supporters of the group but not officially affiliated with ISIS. Twitter has identified and deleted an account using the handle of CyberCaliphate, a term that appeared in some of the missives that were posted.