from the sounds-like-an-angelina-jolie-movie dept.
Poorly maintained IT systems on container ships are leaving the vessels open to cyber-attack and catastrophe, it is claimed.
This is according to folks this week at security house Pen Test Partners, who found that in some cases, connected maritime devices dating back to the early 1990s are being left open to the public internet for miscreants to play with. Many devices also have hardcoded and easily discoverable passwords.
This may all seem like some kind of fantasy based on the plot of the hit 1990s movie Hackers, in which heroes Acid Burn and Zero Cool and their cyber-pals race to stop malware sinking a bunch of oil tankers. However, UK-based Pen Test Partners (PTP) have dug up legit vulnerabilities before, so forgive us if we give them the benefit of the doubt here.
"If one was suitably motivated, perhaps by a nation state or a crime syndicate, one could bring about the sinking of a ship," explained PTP consultant Ken Munro. "Maybe one wanted to delay an LNG shipment in winter to a country running out of gas, affecting spot prices."
And how exactly would the theoretical hacker go about sinking or waylaying the ship? Munro says that wreaking havoc on your average container ship would be as simple as messing with its ballast tanks, shifting the distribution of the weight from one part of the vessel to another and causing it to tip.
(Score: 0) by Anonymous Coward on Saturday February 23 2019, @12:26AM (1 child)
IoT more like internet of the forgotten.
Hold onto your hats kiddos its going to get much worse. But at least my remote control knows my location!
(Score: 3, Funny) by bob_super on Saturday February 23 2019, @12:47AM
Even at its shittiest, IoT wasn't supposed to mean Imminently Out-of-control Tankers ...
(Score: 2) by Snotnose on Saturday February 23 2019, @01:05AM (3 children)
at it's loading/unloading dock. Just think of how that would gum up the works, and what it would cost not only in cleanup, but lost opportunity, what with all the other container ships floating in line that assumed that ship would be out of the way in 24 hours.
I remember way back in the 80s when companies where putting stuff like nuclear power plants, electrical substations, et all on the internet. With security being a default password, learn one learn em all. A bunch of us were "Umm, this is not a good idea", but we were merely software engineers and got ignored.
See also the Risks digest, circa mid 80s.
When the dust settled America realized it was saved by a porn star.
(Score: 3, Insightful) by takyon on Saturday February 23 2019, @01:14AM
That's terrist talk.
20 years in the slammer.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Saturday February 23 2019, @06:53AM (1 child)
Wouldn't it work even better to switch the engines to full power about a mile out, then steer it straight into the dock? You'd probably hold things up for longer than a simple sinking.
(Score: 0) by Anonymous Coward on Saturday February 23 2019, @05:17PM
Jam up the Panama or Suez canal. Plenty of locks on major waterways too.
(Score: 2) by Thexalon on Saturday February 23 2019, @01:25AM (3 children)
Really, this is considerably less dramatic than the scenarios thought up by the readers of Bruce Schneier's blog [schneier.com] a few years ago. I mean, container ships are one thing, but these folks envisioned activities like crashing satellites into major cities, rendering every car in America inoperable, and other much more dramatic effects.
I mean, sure, let's scare the shipping industry into fixing their friggin' security measures, but it's easy to think up scary scenarios, the hard part is spending defensive dollars wisely.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 4, Interesting) by bob_super on Saturday February 23 2019, @01:51AM (1 child)
The simple fact that On-Star hasn't been hacked to suddenly disable every GM car in America is still amazing to me.
Maybe we just don't have that many enemies ... let's make a few more.
(Score: 3, Interesting) by Thexalon on Saturday February 23 2019, @02:16AM
That's just the Evil
AfghanIraqiSyrianVenezuelan Terrorists lulling you into a false sense of security by presenting absolutely no evidence of their existence for many years. And of course, if they don't attack after we pour lots of money into security equipment and private personnel that just happen to be sold by companies that are partially owned by members of the Cabinet, that's because those efforts were so effective.The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by MichaelDavidCrawford on Saturday February 23 2019, @12:35PM
A while back I rang up the United States Secret Service. They are _always_ happy to talk, and IIRC, have a 24-hour Toll Free Number.
After making crystal-clear that "I am here to _help_," I described in Lucid Detail two nightmare scenarios. One such could - reasonably - be prevented, but so far has not been.
I'll let these two sink into the minds of The Gentle Reader.
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Saturday February 23 2019, @01:31AM
Randomize the weight of the freight in the container yard. Let the ships get loaded not-heaviest-first, and there will be too much at the top, causing them to tip over while in port.
These systems are connected by a wire, so they're obviously vulnerable! Woo! sigh.
(Score: 0) by Anonymous Coward on Saturday February 23 2019, @01:47AM (3 children)
...penetrate and ravage delicate public and privately owned computer systems, infecting them with viruses, and stealing materials for their own ends. These people, they are terrorists.
(Score: -1, Troll) by Ethanol-fueled on Saturday February 23 2019, @02:03AM (2 children)
Niggers did this. By God, They will pay!
(Score: -1, Troll) by Anonymous Coward on Saturday February 23 2019, @02:34AM (1 child)
Couldn't've been. Was incels.
(Score: -1, Offtopic) by Anonymous Coward on Saturday February 23 2019, @02:46AM
Sexn't
(Score: 5, Touché) by darkfeline on Saturday February 23 2019, @05:46AM
Finally, it is now possible to commit piracy from the Internet.
Join the SDF Public Access UNIX System today!
(Score: 1) by RedIsNotGreen on Saturday February 23 2019, @07:19AM (1 child)
https://en.wikipedia.org/wiki/Hackers_(film) [wikipedia.org]
(Score: 2) by maxwell demon on Saturday February 23 2019, @10:37AM
I'm pretty sure that's the movie referenced from the Dept. line. Of course I cannot completely exclude the possibility that Angelina Jolie also starred in another movie covering that scenario, which I'm not aware of.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Interesting) by MichaelDavidCrawford on Saturday February 23 2019, @12:31PM
Numerous dead-simple - a _child_ could have fixed Every Last One Of Them - led to a Canadian offshore oil rig to capsize in the North Atlantic, taking with it all those aboard.
They _knew_ well in advance they would all die soon.
The immediate cause of its so-capsizing was that both of its ballast tanks could be pumped out from just one end; _two_ such pumps - one on each end - would have saved them.
That's why we have for example in the US the National Transportation Safety Board; sometimes it takes more than one such disaster to turn up for example the failure mode of a hydraulic piston that turns passenger jet tails.
"more than one".
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by EvilSS on Saturday February 23 2019, @05:09PM
(Score: 2) by crafoo on Saturday February 23 2019, @07:09PM (1 child)
In a world where Demolition Man is on the fast-track to reality, the gods give us Hackers as well. I am for some reason, irrationally pleased. Next up: Robocop. Let's make 80s-90s sci-fi the 2020's reality.
(Score: 0) by Anonymous Coward on Sunday February 24 2019, @07:40AM
whats your boggle?
(Score: 0) by Anonymous Coward on Sunday February 24 2019, @10:40AM
It's everywhere. And our society is getting more computerized by the day so everything is but 0s and 1s and also increasingly networked. It's not only hostile actors we should fear but natural disasters, like cosmic radiation flipping one critical bit somewhere or even a solar storm or sudden rift or weakening of Earth's magnetosphere.
We should design much more robust systems with redundancy, starting from hardware up. Yes, proper design and security are expensive but the stakes are getting higher all the time.