1. A container shipping company does not store the bar code of crates/packages. I've easily read 100s of booking details and never seen this. At most you maybe find one booking where the customer gave too much info and the customer service person copy/pasted too much. Anyway, either the article is talking about the container number or the hacked company is a logistics company.
2. If it is a logistics company, they wouldn't know exactly where the container is on the vessel. You can ask "above/below deck", but exact details aren't normally shared. You'd need to hack two companies if the pirates behaved like the article suggests.
3. Boarding a container ship isn't that easy as a lot of them are huge.
4. A container might just be reachable. Hint: For some commodities special care is taken to ensure that the vessel crew can still reach it. It's much easier to target a container after it has left a terminal and is e.g. on a truck. Note that even with full access it is better to somehow takeover a truck than to pick it up yourself; they check and your identification (passport/drivers license) when you pick up.
At most this might be about some logistics company that uses small vessels. E.g. intra Asia trade. Any big company I would be surprised if the hackers would make sense of all the systems :-P
That said, every so often you do see news articles whereby someone within either customs or a shipping company sells the details to others. Those others then steal the goods. But not by boarding vessels though, they takeover the truck.
Quoting:
"They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident."
No, I'm saying the details aren't correct. I never implied fabricated, so unsure why you're suggesting this.
From reading the report it seems they confused container numbers with crate bar codes.
This bit:
"They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident."
When you board a vessel with container numbers, you don't see crates. However, you can find the container then search through the container and determine the crate. But the crate bar code? That's incorrect. A bill of lading will show the crate contents as well as its container number. It does NOT contain a bar code.
The PDF is obviously a marketing piece; it is not surprising some details are incorrect.
If you ignore the bar code part, then yeah, if the target was a shipping company then you could determine the contents of containers within reach and what is in them. Still need to go through the container though.
They may have just confused "crate" shipping (some small-scale local deal) with container shipping. It's hard to tell; the link to the claimed source goes nowhere, and a look at the current version of the named report (rp_data-breach-investigation-report-2015_en_xg.pdf, free download) says nothing about shipping piracy.
Those containers seem to be packed pretty tight. Even if you know which one had high value contents, is it even possible to access it within the stacks?
This sort of stuff does happen. I knew of one company whose insurance limits them to something like 20 containers per vessel. During the Han lunar new year they the would place as many as 35 onto a single ship. One of these would be bound to be on top, especially if you can somehow determine when they entered the loading dock relative to other containers on the vessel. They'd probably get zero coverage once the insurer found out they'd overloaded too.
"Hacking" might not be an appropriate term here though. Most shipping website security is beyond awful. I've used Selenium to pull stuff off of shipping sites before as APIs are almost non-existent. When they do exist, they return fixed length text that you have to decode or you're using something archaic like automated email replies when you email a container number to them. (I have sent thousands of emails in a five minute period to a single VOCC to figure out if they were actually the ones shipping something and where the cargo is.) Lastly I've actually sent emails to website support on tracking sites telling them they weren't sanitizing inputs at all. Zero interest or chest pounding brush off reply.
Now all you need are pirates with a Russian Mil Mi-26 to dig for the buried treasure on the vessel while at sea (like in William Gibson's Spook Country)
I'm no expert on the subject, but the term 'air freight' does exist, as well as many articles discussing the pros and cons of transporting cargo by air vs by sea. Google it.
'Freight' generally implies the bulk transportation of large quantities of goods. When you said 'small stuff', I didn't realize you meant small quantities of stuff.
iPhones and iPads aren't really great examples in this space, because they're often sold before they even come off the assembly line. Apple chooses air freight for (many of) its products simply because that's the most efficient way to operate its particular supply chain.
Love how you're giving "hint" on how capture goods in service; either you have: (1) done this, which brings into question why in the world you publicly mention this; (2) done or read about it, which if so, why not provide your sources; (3) done logistics related security, which should be stated; (4) a theorists. What exactly is your experience in the real world on the topic?
Aside from that though, I wonder if we'll be seeing increasing criminal activity like this or if it'll stay as an occasional source of funny headlines.
On the one hand the resources and knowledge of how to compromise a server are more accessible all the time.
On the other, exploited vulnerabilities are patched and the walls stay a bit higher than the cheap ladders. This will pretty much ensure that there is almost always at least a non-trivial amount of learning that needs to be done in order to profitably compromise equipment for practical purposes.
I'm thinking that the prevalence of basic technical savvy (roughly "has strong google-fu in the service of troubleshooting" or better) is going to be the largest influence on whether hacking-augmented crime increases or not.
My logic here is that it would happen more if more criminals knew how to go about learning how to hack since that gap between pre-built tools and practical application is always going to be there, but it's certainly bridgeable with some curiosity.
More technically savvy population, more cybercrime. It makes sense, but it can also be used as a kind of fluency metric. I thereby propose the frequency of computer-aided criminal activity as a fraction of all criminal activity to be a target metric for US technology education, higher is better.
Hackers (err, "crackers") can sell their services to others. A small group of tech savvy people can enable a lot of tech illiterate people to commit cybercrime. This messes up your math.
We already live in a world where you don't need to own a botnet to DDoS somebody. You just rent someone else's botnet by the minute. The pirates in the story are amateurs now, but soon somebody might rise among their ranks as the go-to guy for computer stuff. Just pay him a few ringgits and you don't even need to know about Google. The only thing you need to know is who to call.
All depends on who you define as a pirate, hacker, etc. if you consider social engineering hacking and stealing goods in transit, then using the two together is as good as written history.
Sound like it could have been a lot more devastating if the attackers had more (mad) skill(z). I am curious, though, why law enforcement didn't become more involved and track them down rather than just block them.
I assume this was off Indonesia. Indonesia is very corrupt. Having visited major cities in Sumatra such as Medan, there is not a lot of wealth. Add that to vanishing forests and a growing population, with little education, and lots of people are willing to take risks. In addition, I've read allegations previously that there is evidence that the Indonesian military supports the pirates, ie. they are actually working for corrupt military/political officials.
If you ever do ever visit Medan, check out the taxidermy museum, it's not the sort of thing I'd normally support but it's the most awesome such museum on the planet by a long shot (even better than Walter Rothschild's legacy at Tring in the UK).
Incidentally in the last few days they just had a major earthquake a hundred clicks offshore to the south of Sumatra, and reports of tsunami waves. The northern tip, Banda Aceh, was one of the worst affected locations in the huge tsunami a few years back. It's enough to make you head to the northern coast and try your luck as a pirate.
They could have been in a place like Somalia, where there really isn't a force to send after them. The same reason they don't just have a Somalian Navy that anchors outside these villages on the coast the pirates launch from to stop them, or sits in the villages with police
My thinking exactly. It seems like it would have been a much better solution to get law enforcement involved, since there was a decent chance of getting the pirates to attack whatever ship you wanted by planting (bogus) info about valuable cargo on it. The "solution" they used instead seems like it will last about as long as it takes to get a new IP address.
There is that. You're likely to get the same IP for a long time on residential broadband though.
it did say
> connecting directly from their home system
> [blocking] ending the targeted attacks
But then again, maybe it was a proxy through a compromised system.
All said, though, this could just be a nonsense fluff piece promoting Verizon, ars just links to their PR page when it implies you will get a detailed report.
> "These threat actors, while given points for creativity, were clearly not highly skilled..."
Wait so a few script kiddies were able to pwn a sophisticated company's "in house CMS" (as if that was ever a good idea), and these guys are smug about the fact that the Pirates made a few typos?!
1. A container shipping company does not store the bar code of crates/packages. I've easily read 100s of booking details and never seen this. At most you maybe find one booking where the customer gave too much info and the customer service person copy/pasted too much. Anyway, either the article is talking about the container number or the hacked company is a logistics company.
2. If it is a logistics company, they wouldn't know exactly where the container is on the vessel. You can ask "above/below deck", but exact details aren't normally shared. You'd need to hack two companies if the pirates behaved like the article suggests.
3. Boarding a container ship isn't that easy as a lot of them are huge.
4. A container might just be reachable. Hint: For some commodities special care is taken to ensure that the vessel crew can still reach it. It's much easier to target a container after it has left a terminal and is e.g. on a truck. Note that even with full access it is better to somehow takeover a truck than to pick it up yourself; they check and your identification (passport/drivers license) when you pick up.
At most this might be about some logistics company that uses small vessels. E.g. intra Asia trade. Any big company I would be surprised if the hackers would make sense of all the systems :-P
That said, every so often you do see news articles whereby someone within either customs or a shipping company sells the details to others. Those others then steal the goods. But not by boarding vessels though, they takeover the truck.