Where's Zero Cool when you need him? Loose chips sink ships: How hackers could wreck container vessels Poorly maintained IT systems on container ships are leaving the vessels open to cyber-attack and catastrophe, it is claimed. This is according to folks this week at security house Pen Test Partners, who found that in some cases, connected maritime devices dating back to the early 1990s are being left open to the public …
What little I remember of Sneakers makes me rather doubt the "real hacker movie" claim. Ooh, magic technology that breaks all decryption. Ooh, US ATC is accessible over the public Internet, just encrypted. Ooh, I'm going to wear a suit that prevents me from radiating any body heat. And I'm doing it to get past a security system which relies on infrared detection of body heat rather than the inexpensive, widely-available ultrasonic motion detectors that everyone actually uses, because the hacks in Hollywood haven't come up with a magic way to avoid those.
A "real hacker movie" would be pretty damn dull, because real hacking mostly involves 1) thinking, 2) doing research, and 3) patiently trying things out on a computer.
For this reason, and that shipping containers can contain valuable cargo, isn't there a case for fitting them with GPS trackers? A box with accelerometer (to detect the fall and splash, and turn the rest of the kit on), GPS, and a transmitter. Essentially it would be a PLB, but with a bigger battery, and would have to be triggered automatically but somehow not be susceptible to false alarms.
Is this possible without adding too much cost per container (i.e. costing less than 1. writing off the cargo that could otherwise survive a fall + immersion and 2. repair costs for ships that accidentally find the floating containers)?
There's something like 20 million containers worldwide, and I'm sure some of them are fitted with trackers, but several things make it tricky to roll out to all containers.
GPS signals don't go through water, and containers tend to 'float' with only about 1% of their body above the water. You can't have the antenna sticking out far, because it would get smashed during loading, so instead you've have to have multiple ones around the container so that at least one would be close enough to the surface to receive.
Then you need some kind of transmitter, and you'll have similar problems with the antenna for that, plus transmitting is going to use a whole lot more power than receiving GPS signals.
At the end of the day, containers are treated as only being semi-recyclable, sooner or later they get a bit too rusty and get dumped, or sold on for a hipster to build a restaurant in one or something.
I think quite a few sensitive containers already have GPS trackers. The only issue is probably the requirement for said container to have a power hookup to keep it charged and how a container buried under twenty others is going to get a satellite fix.
Never mind sinking a ship (rat's arse) -- how about overriding the controls near docking and driving into the port facilities at a rate of knots.
Do that with 3 or 4 vessels (they're "vessels", btw, not "ships" -- fastest way to annoy a freight guy is to call them ships) in succession into different parts of the port, and you've pretty much disabled every bit of traffic in/out of that port for a year or more.
You wanna bring a country to its knees in a hurry? Cripple the ports. There really aren't that many of them, either...
Oh, and never mind little container vessels. eHijack 150,000 tons of iron ore or coal on your standard Capesize, or hell, grab some of the big boys: 400,000 tons.
Even Panamax casually takes 50,000 tons, the Neopanamax are 120,000, and they're everywhere.
Even if you can only get it up to 3 or 4 knots once you take it off the tug in the roads or the harbour, that's going to get a long way inland before it stops. Take it through the cranes, and that's that harbour out of action for container un/loading for a long time. Which eliminates virtually all food import/export, and all spare parts, and in fact all "normal" (non-bulk-ores/coal) goods. So all military supplies, in the case of an in-progress war, would essentially dry up immediately. For example.
True, in case you haven't seen the video of someone having a bad day in Barcelona
Heh. But on a more serious note:
England nearly lost WWII in 1939-early1940 due to mines being laid IN their ports & roads, never mind normal routes. The pilots later got the glory for the Battle of Britain re a tactical attack, but the minesweepers were digging out truly startling quantities of explosives out of the ports for a year prior : a strategic attack. The Battle of the Atlantic was actually more important than the Battle of Britain, in terms of the war. Reason: supplies.
Relatedly: Can you think of any sovereign nation which has been aggressively building military capability and extending territorial positioning, has been exponentially increasing aggression, has a recent (10-20yrs) history of exponentially increasing hacking/cracking for Nation State purposes, has a ~3,000yr history of pretending social/diplomatic niceties then conducting surprise attacks, and has a strong recent history of conducting NationState-crippling passive-aggressive attacks by eliminating trade/supplies?
In answering that question, you might note something rather startling that happened just yesterday, re the last item in that list.
9/11 & kamikazes (and "ogging") demonstrated conclusively that often the weapon-delivery system is more dangerous than the weapons, so long as you don't care about the people in it. And even ordinary vehicles are actually lethal (cf. trucks & cars used by terrorists the last few years). It just takes someone/some group to decide to DO it.
I was a 'freight guy' for 10 years and everybody on board called them ships.
I've never sailed with anyone who called them vessels in every day speech.
'Vessel' is reserved for logs or other official documents.
Sometimes (shock horror) we even called them boats as in box boats or gas boats.
> "'Vessel' is reserved for logs or other official documents."
Hmm, good point. I was thinking from the point of view of the people hiring & directing & making/losing money from the vessels, rather than that of the people actually ON them.
(So your iron ore trader/marketer finds, negotiates, and closes on a 12mth contract for 25,000 tons a month, then throws that to the freight traders, who find, negotiate, close on, then monitor/manage a 25,000 ton compartment and/or vessel to pick up from that port FOB & deliver CIF, while the traffic management boys have the day-on-day job of managing all the logistics drama of getting it from minehead to port & thru all the assaying and stockpiling and so on from to FOB status.)
My apologies. We're both right, but in different frameworks.
I don't know any details (I was AF), but I am aware that CB instaport capabilities are a strategic asset. I don't know how far it goes, but for the US, at least, we can make a sizable port (or three) very rapidly.
But it really all depends on what route you want to take. Consider a 10MT nuke in the shallows, or a 5OMT a bit further out. I know that our major ports are actively searching for those.
I would also assume that when things get hot enough, that the PAs will get aggressive about requiring tugs and even "safeing" engines once a ship gets close enough--imagine a coal ship shearing a bunch of piers.
I remember reading, what, thirty years ago? about computer controlled pumping systems on oil tankers. Trivial to overload the center and crack it up.
I have no doubt the vulnerabilities noted exist, however, the connection between an XP terminal and the actual ship's controls and systems is far less clear to me.
The XP based PCs are no doubt used for communications, shipping orders, paperwork, entertainment and whatnot but that is a far cry from steering, ballast control and so forth.
And given the age of the PCs, it seems highly unlikely that the ships are networked such that such control capability is even possible.
Mischief, in this case, is largely a command and control type interference such as was seen with NotPetya damage.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
