Maritime Hacking

The national maritime transportation services provide millions of Americans with employment at ports and port related industries every year and contributes Trillions of dollars to the United States economy. A cyber-attack on just one shipping vessel could result in millions of dollars of damage, loss of life, and a disruption in the supply chain of food, supplies, and materials needed for everyday life in the U.S. A majority of shipping vessel’s still use Windows XP and Windows NT for their on board monitoring systems, which discontinued their security updates and technical support in 2004 for Windows NT and 2014 for Windows XP, leaving the vessel’s systems vulnerable. A vessel having so much connectivity with such out of date firmware opens itself up to attacks that require a low level of skill and understanding. Security Researcher Pen Test Partners described some of these possible vulnerabilities by displaying several proofs of concept exploits in a Maritime Cyber Security Report .  

Vulnerabilities

Many of the potential attacks rely on “bridging the gap” of a ship’s Internet Protocol (IP) network and serial network and manipulating a system. One of these systems are the ship’s Electronic Chart Display and Information System (ECDIS) which is needed for navigating, and is connected to the autopilot, misconfiguring the ECDIS can lead to throwing a ship off courses and/or crashing the ship.

Gaining access to serial IP converter may allow an attacker to gain access to control systems like the ballast control systems, which provide monitoring and operation from the “bridge”, for the ballast tanks. The ballast tanks are the compartments on a ship that holds water to provide stability and buoyancy. Exploiting this system could potentially sink or capsize a ship by pumping water to one side of a ship at one time.

Satcom hacking reveals vulnerabilities and potential for attacks by just searching the Internet. Using the online service Shodan, an individual can search for popular brands of maritime satcoms and find out vital information about a target. Searching through some of the brands on Shodan you can find logistical information such as the GPS coordinates of a ship along with software and hardware information. A large percentage of the satellite communication and internet equipment on ships have default credentials allow an attacker to perform a variety of phishing and social engineering attacks.

Impact

The impact of any of these types of attacks can result in the loss of life of the crew that is on board the ship and/or the people involved in a possible collision with a “hacked” ship. Another impact is the disruption in the supply chain of goods and materials both on an economic and humanitarian level. A hacker could potentially sink or divert a ship in route to national disaster recovery area with medical supplies.   

Mitigations       

• Segregation of vessel networks
• All passwords changed from the default on all devices.
• Enable encryption and authentication for all communications
• All software kept up-to-date and patched

Sources

• Seals, T., & Seals, T. (2019, February 20). Researcher: Not Hard for a Hacker to Capsize a Ship at Sea. Retrieved from https://threatpost.com/hacker-capsize-ship-sea/142077/.

• Munro, K. (2018, June 4). Hacking, tracking, stealing and sinking ships. Retrieved from https://www.pentestpartners.com/security-blog/hacking-tracking-stealing-and-sinking-ships/.

• Munro, K. (2017, October 13). OSINT from ship satcoms. Retrieved from https://www.pentestpartners.com/security-blog/osint-from-ship-satcoms/.