Kijun Times

Kijun Times 는 교내 영어잡지,신문 동아리 다양한 주제에 관한 이슈로 원고를 작성하며 영어 잡지를 만드는 동아리입니다.

매년 잡지 출판뿐만 아니라 자신의 진로와 관련된 개인기사, 모둠기사를 작성함으로써 영어 실력향상은 물론 주제에 제한이 없기 때문에 다양한 진로에 접목 가능합니다.


We are looking for a new journalist for The KIJUN TIMES.

Anyone can be a journalist for The KIJUN TIMES.


How hackers are targeting the shipping industry

이름 윤소연 등록일 17.09.15 조회수 613

How hackers are targeting the shipping industry

A laptop being used in a mock cyber attackImage copyrightFIDRA CYBER SECURITY
Image captionBreaking into a shipping firm's computer systems could allow attackers to access all kinds of sensitive information

When staff at CyberKeel investigated email activity at a medium-sized shipping firm, they made a shocking discovery.

"Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department."

Whenever one of the firm's fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number.

"Several million dollars," says Mr Jensen, were transferred to the hackers before the company cottoned on.

After the NotPetya cyber-attack in June, major firms including shipping giant Maersk were badly affected.

In fact, Maersk revealed this week that the incident could cost it as much as $300 million (£155 million) in profits.

But Mr Jensen has long believed that that the shipping industry needs to protect itself better against hackers - the fraud case dealt with by CyberKeel was just another example.

The firm was launched more than three years ago after Mr Jensen teamed up with business partner Morten Schenk, a former lieutenant in the Danish military who Jensen describes as "one of those guys who could hack almost anything".

They wanted to offer penetration testing - investigative tests of security - to shipping companies. The initial response they got, however, was far from rosy.

Maersk shipImage copyrightGETTY IMAGES
Image captionShipping giant Maersk was a target of the Petya cyber attack

"I got pretty consistent feedback from people I spoke to and that was, 'Don't waste your time, we're pretty safe, there's no need'," he recalls.

Today, that sentiment is becoming rarer.

The consequences of suffering from the NotPetya cyber-attack for Maersk included the shutting down of some port terminals managed by its subsidiary APM.

The industry is now painfully aware that physical shipping operations are vulnerable to digital disruption.

Breaking into a shipping firm's computer systems can allow attackers to access sensitive information. One of the most serious cases that has been made public concerns a global shipping conglomerate that was hacked by pirates.

They wanted to find out which vessels were transporting the particular cargo they planned to seize.

A report on the case by the cyber-security team at telecoms company Verizon describes the precision of the operation.

"They'd board a vessel, locate by barcode specific sought-after crates containing valuables, steal the contents of that crate - and that crate only - and then depart the vessel without further incident," it states.

Control room of shipImage copyrightGETTY IMAGES
Image captionThe control systems on ships are often connected to the internet

But ships themselves, increasingly computerised, are vulnerable too. And for many, that's the greatest worry.

Malware, including NotPetya and many other strains, is often designed to spread from computer to computer on a network. That means that connected devices on board ships are also potentially vulnerable.

"We know a cargo container, for example, where the switchboard shut down after ransomware found its way on the vessel," says Patrick Rossi who works within the ethical hacking group at independent advisory organisation DNV GL.

He explains that the switchboard manages power supply to the propeller and other machinery on board. The ship in question, moored at a port in Asia, was rendered inoperable for some time, adds Mr Rossi.

Seizing the controls

Crucial navigation systems such as the Electronic Chart Display (Ecdis) have also been hit. One such incident is recalled by Brendan Saunders, maritime technical lead at cyber-security firm NCC Group.

This also concerned a ship at an Asian port, but this time it was a large tanker weighing 80,000 tonnes.

One of the crew had brought a USB stick on board with some paperwork that needed to be printed. That was how the malware got into the ship's computers in the first instance. But it was when a second crew member went to update the ship's charts before sailing, also via USB, that the navigation systems were infected.

Departure was consequently delayed and an investigation launched.


이전글 Ransomware 'here to stay', warns Google study
다음글 Catching the hackers in the act