Through its research, the team discovered that AIS contains flaws that make it an easy target for hackers wanting to “hijack communications of existing vessels, create fake vessels, trigger false SOS or collision alerts, and even permanently disable AIS on any vessel.” Attackers can tamper with valid AIS data and inject invalid AIS data to modify ship details, such as position, course, cargo, flagged country, speed, name, and Mobile Maritime Service Identity status, allowing them to create fake vessels with the same details as real vessels, or to falsify data for existing ships.
Attackers can accomplish these actions because the AIS system was “designed with seemingly zero security considerations,” the white paper says, with a lack of validity checks to make sure that ships are where they say they are, no timing checks because messages sent through the system lack time stamps, lack of authentication as there’s no authentication check built into the system’s protocol, and missing integrity checks as all AIS messages are sent unencrypted and in an unsigned form.
EUROPOL’s EU Serious and Organized Crime Threat Assessment for 2013 expressed concern that the Internet has provided new opportunities for organized crime to target victims, recruit members, distribute products, and launder money in new markets.
EUROPOL Director Rob Wainwright further explained the organization’s findings in a statement, saying that EUROPOL’s estimates indicate that there are 3,600 organized crime groups active in Europe and that many of them are much more international in scale then ever before.
In another 2013 report, Threat Assessment: Italian Organized Crime, published in June, EUROPOL said that it anticipates the Italian organized crime associations to venture into cybercrime, if they aren’t already using it. “Easy profits, low regulatory scrutiny, and possibilities to operate anonymously are an inevitable attraction to Italian Organized Crime groups who, though the nature and scale of the threat is not yet clear, are likely to increase their engagement in [cybercrime] in the near future.” according to the report.
Luz Nagle, a law professor at Stetson University and former Colombian judge who was evacuated from the country after assassination attempts and death threats, tells Security Management that the United States has a false sense of security when operating in cyberspace. “They see the drug cartels in Mexico killing people and doing a lot of damage; they see the blood. In cybercrime, you don’t see the blood yet.”