Hackers Turn to Cargo Crime

By Megan Gates

In 2011, drug traffickers hacked the computers of two major Belgian container terminals to gain access to the location and movement of containers. They first used spear phishing attacks through employee e-mail, but they were discovered and firewalls were installed to keep the hackers out. However, the hackers gained access to the building and were able to install keystroke loggers attached to USB drives that logged activity on the machines and took screen shots, according to a statement by the public prosecutor of Antwerp. Once in the system, the hackers manipulated data about containers, making it seem that their cargo was inconspicuous and held items such as bananas and timber. This allowed the containers to pass through the system and into the port without notice. The drug traffickers then stole the containers from the port.

A joint investigation by the Belgian and Dutch police was launched in 2013 after employees at the port in Antwerp began noticing that entire containers allegedly full of bananas and timber were disappearing. After inspecting containers, Belgian authorities found a total of 1,044 kilos of cocaine and 1,099 pounds of heroin. An investigation into the groups responsible is ongoing.

While events like this might seem more appropriate for primetime television than real life, they are likely occurring more frequently than law enforcement or companies realize. According to the United Nations Office on Drugs and Crime, only 2 percent, or approximately 8.4 million, of the 420 million cargo containers shipped annually are inspected in the course of their travel around the world. This creates immense opportunities for organized crime organizations to ship drugs, guns, and other nefarious items to new markets with little chance of being caught by the authorities.

Traditionally, organized crime tried to smuggle drugs and other shipments inside innocent cargo, but now they don’t have to bother. Container data logs have moved online and companies use electronic files, allowing criminals to hack into the system and change the data to make the shipment appear normal. This is a big win for organized crime, says Peter Cassidy, director of Corporate Intelligence Practice in Boston.

“In 1972, how would guys move dope? They had to expose themselves. They had to either own the freight forwarder, or corrupt the freight forwarder, or be the freight forwarder,” Cassidy explains. “Now, if you can hack into the computer, create an order, and use the authority of the computer to approve the order…you’ve got everything…you’re done without exposing yourself to law enforcement or detection. That’s an enormous advantage. That’s magic.”

Criminals’ chances of being apprehended by the authorities also go down when they engage in cyberattacks as opposed to physically breaking into a business and robbing it, says Eric Strom, unit chief of the FBI’s Cyber Initiative and Resource Fusion Unit in Pittsburgh, Pennsylvania.

And cargo container ships are becoming increasingly vulnerable to these kinds of attacks. Trend Micro released a white paper identifying flaws in the Automatic Identification System (AIS) vessel tracking system that’s mandatory for all commercial ships over 300 metric tons, including all passenger ships regardless of size and weight. The paper was written by Trend Micro’s Forward Looking Threat Research Team, the company’s “cyber ninjas” who are looking at the future of “cybercrime and nation state activity” to help customers and law enforcement partners determine where to prioritize their efforts.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.