A group of cunning tech-savvy pirates hacked a shipping company’s systems, enabling them to carefully target cargo on the firm’s vessels.
A curious case reported by Verizon's RISK (Research, Investigations, Solutions and Knowledge) Team shows that even those lowly sea pirates chasing after cargo ships with old Kalashnikovs in worn-out dingies are resorting to hacking to boost up their profits.
The shipping company experienced a series of hit-and-run attacks by pirates who, instead of seeking a ransom for the crew and cargo, went after specific shipping containers and made off with high-value cargo, says Verizon Data Breach Digest report.
The unnamed company found there was something strange and hired the RISK Team to track down the source of a possible leak, which they suspected to be either an undiscovered data breach or an insider activating from within the company's headquarters.
The pirates uploaded a shoddy shell to the shipping routers server, and while that gave them the needed access, it was also easy to for them to identify and shutter.
This allowed them to track the vessels that were carrying the most valuable cargo and where to take it from. The shipping company said that the pirates had known where the most valuable items were on several occasions over the course of months.
Verizon says that the attacker used a Web shell that didn't support SSL, meaning that all executed commands were recorded in the Web server's log.
The RISK Team was able to recreate a historic timeline of all the hacker's actions and identify exactly what he looked at and where he sent the files.
"We were ultimately able to recover every command the threat actors issued, which painted a very clear picture. These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed that the threat actors constantly struggled to interact with the compromised servers," says Verizon.
The report did not reveal the location of the incidents or when they happened, although there been frequent attacks by Somali pirates on commercial shipping off Africa’s east coast in recent years.
When the terms "pirate" and "hacker" are used in the same sentence, usually it's a reference to someone breaking digital rights management on software. But But that wasn't the case any more. If pirates practice their hacking skills, then cargo ships be warned.
