Did anyone see this coming? Somali pirates as cyber-sleuths? Rag-tag savages with makeshift boats doing electronic targeting via data analytics? A pirate band successfully hacked into a shipping company’s IT to fine-tune their thefts. They were able to direct their attention to specific ships, and specific containers on that ship. Full article below.
Legacy pirate procedure (gee, I never thought I’d type a phrase like that) is to take a ship, hold the crew hostage, and manually ransack containers to find something of value; or, hold the ship and crew for ransom. These pirates leveraged technology to re-engineer their business model (another odd phrase to type). They would board specific ships at specific times, contain the crew, and identify specific cargo containers by their bar code and only loot those. Significant decrease in their time and cost, significant increase in efficiency and yield. Hooray for technology!
The detective work around these attacks was also non-traditional with regard to piracy but very much mainstream cyber-detective work. The Verizon team doing the investigation didn’t focus on surveillance of the pirates or tracking goods stolen – they conducted network traffic analysis and discovered unsecured upload scripts and compromised Web shells.
The article has the detail, but several observations need to be made:
ARSC is happy to continue the conversation with you!
Legacy pirate procedure (gee, I never thought I’d type a phrase like that) is to take a ship, hold the crew hostage, and manually ransack containers to find something of value; or, hold the ship and crew for ransom. These pirates leveraged technology to re-engineer their business model (another odd phrase to type). They would board specific ships at specific times, contain the crew, and identify specific cargo containers by their bar code and only loot those. Significant decrease in their time and cost, significant increase in efficiency and yield. Hooray for technology!
The detective work around these attacks was also non-traditional with regard to piracy but very much mainstream cyber-detective work. The Verizon team doing the investigation didn’t focus on surveillance of the pirates or tracking goods stolen – they conducted network traffic analysis and discovered unsecured upload scripts and compromised Web shells.
The article has the detail, but several observations need to be made:
- Cyber will play a much broader role in criminal or lawless activity. It’s not merely about fraudulent e-commerce, ransom-ware or identity theft. Look for an increased cyber dimension to anything that can go wrong or impact your company: cargo hijacking, extortion, counterfeiting, kidnapping. The merging of physical crime and cyber-crime will be one of the “Next Big Things” over the next decade… and possibly a very under-reported one
- For companies, this is a wake-up call that every part of your business has a cyber dimension to it. Shipping goods via truck? Assess the network and systems vulnerabilities of your logistics systems and on-board truck tracking, everything. Manufacturing? Protect your intellectual property, your plant process systems, your SCADA, everything. High-profile company? Ensure the confidentiality of your employee data, business plans, phone information, everything. Wouldn’t it be nice for a criminal to know where your CEO is at every step of his business trip by accessing his travel itinerary, schedule of road shows, admin’s emails or mobile phone presence?
- This opens up a big question of where Somali pirates obtained the technical expertise, know-how and capability to conduct such a sophisticated operation. Are there under-the-radar alliances between the low-tech thugs and the high-tech criminals? Are organized threat actors collaborating with pirates? Terrorists? What about state-sponsored actors and their relationships with on-the-ground criminals? Is there a scenario where [insert-bad-country-here] will ally with the Mexican cartels to cripple American DEA or DHS capabilities to that the cartels can move product? What about the Cyber-Mafia or Anonymous helping ISIS to continue infiltrating the US via fraudulent identities or hacking visa or entry systems?
- Most importantly, have a plan for Incident Response, Crisis Management, and Contingency Plans. Integrate them with both your cyber processes and your physical emergency response plans. Exercise them to strengthen both your processes and your people. Drive awareness throughout your enterprise: help your employees to be your first line of defense not your weakest link
ARSC is happy to continue the conversation with you!