Hackers Turn to Cargo Crime
Print Issue: March 2014
In 2011, drug traffickers hacked the computers of two major Belgian container terminals to gain access to the location and movement of containers. They first used spear phishing attacks through employee e-mail, but they were discovered and firewalls were installed to keep the hackers out. However, the hackers gained access to the building and were able to install keystroke loggers attached to USB drives that logged activity on the machines and took screen shots, according to a statement by the public prosecutor of Antwerp. Once in the system, the hackers manipulated data about containers, making it seem that their cargo was inconspicuous and held items such as bananas and timber. This allowed the containers to pass through the system and into the port without notice. The drug traffickers then stole the containers from the port.
A joint investigation by the Belgian and Dutch police was launched in 2013 after employees at the port in Antwerp began noticing that entire containers allegedly full of bananas and timber were disappearing. After inspecting containers, Belgian authorities found a total of 1,044 kilos of cocaine and 1,099 pounds of heroin. An investigation into the groups responsible is ongoing.
While events like this might seem more appropriate for primetime television than real life, they are likely occurring more frequently than law enforcement or companies realize. According to the United Nations Office on Drugs and Crime, only 2 percent, or approximately 8.4 million, of the 420 million cargo containers shipped annually are inspected in the course of their travel around the world. This creates immense opportunities for organized crime organizations to ship drugs, guns, and other nefarious items to new markets with little chance of being caught by the authorities.
Traditionally, organized crime tried to smuggle drugs and other shipments inside innocent cargo, but now they don’t have to bother. Container data logs have moved online and companies use electronic files, allowing criminals to hack into the system and change the data to make the shipment appear normal. This is a big win for organized crime, says Peter Cassidy, director of Corporate Intelligence Practice in Boston.
“In 1972, how would guys move dope? They had to expose themselves. They had to either own the freight forwarder, or corrupt the freight forwarder, or be the freight forwarder,” Cassidy explains. “Now, if you can hack into the computer, create an order, and use the authority of the computer to approve the order…you’ve got everything…you’re done without exposing yourself to law enforcement or detection. That’s an enormous advantage. That’s magic.”
Criminals’ chances of being apprehended by the authorities also go down when they engage in cyberattacks as opposed to physically breaking into a business and robbing it, says Eric Strom, unit chief of the FBI’s Cyber Initiative and Resource Fusion Unit in Pittsburgh, Pennsylvania.
And cargo container ships are becoming increasingly vulnerable to these kinds of attacks. Trend Micro released a white paper identifying flaws in the Automatic Identification System (AIS) vessel tracking system that’s mandatory for all commercial ships over 300 metric tons, including all passenger ships regardless of size and weight. The paper was written by Trend Micro’s Forward Looking Threat Research Team, the company’s “cyber ninjas” who are looking at the future of “cybercrime and nation state activity” to help customers and law enforcement partners determine where to prioritize their efforts.
Through its research, the team discovered that AIS contains flaws that make it an easy target for hackers wanting to “hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts, and even permanently disable AIS on any vessel.” Attackers can tamper with valid AIS data and inject invalid AIS data to modify ship details, such as position, course, cargo, flagged country, speed, name, and Mobile Maritime Service Identity status, allowing them to create fake vessels with the same details as real vessels, or to falsify data for existing ships.
Attackers can accomplish these actions because the AIS system was “designed with seemingly zero security considerations,” the white paper says, with a lack of validity checks to make sure that ships are where they say they are, no timing checks because messages sent through the system lack time stamps, lack of authentication as there’s no authentication check built into the system’s protocol, and missing integrity checks as all AIS messages are sent unencrypted and in an unsigned form.
EUROPOL’s EU Serious and Organized Crime Threat Assessment for 2013 expressed concern that the Internet has provided new opportunities for organized crime to target victims, recruit members, distribute products, and launder money in new markets.
EUROPOL Director Rob Wainwright further explained the organization’s findings in a statement, saying that EUROPOL’s estimates indicate that there are 3,600 organized crime groups active in Europe and that many of them are much more international in scale then ever before.
In another 2013 report, Threat Assessment: Italian Organized Crime, published in June, EUROPOL said that it anticipates the Italian organized crime associations to venture into cybercrime, if they aren’t already using it. “Easy profits, low regulatory scrutiny, and possibilities to operate anonymously are an inevitable attraction to Italian Organized Crime groups who, though the nature and scale of the threat is not yet clear, are likely to increase their engagement in [cybercrime] in the near future.” according to the report.
Luz Nagle, a law professor at Stetson University and former Colombian judge who was evacuated from the country after assassination attempts and death threats, tells Security Management that the United States has a false sense of security when operating in cyberspace. “They see the drug cartels in Mexico killing people and doing a lot of damage; they see the blood. In cybercrime, you don’t see the blood yet.”