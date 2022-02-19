Poorly maintained IT systems on container ships are leaving the vessels open to cyber-attack and catastrophe, it is claimed.

This is according to folks this week at security house Pen Test Partners, who found that in some cases, connected maritime devices dating back to the early 1990s are being left open to the public internet for miscreants to play with. Many devices also have hardcoded and easily discoverable passwords.

This may all seem like some kind of fantasy based on the plot of the hit 1990s movie Hackers, in which heroes Acid Burn and Zero Cool and their cyber-pals race to stop malware sinking a bunch of oil tankers. However, UK-based Pen Test Partners (PTP) have dug up legit vulnerabilities before, so forgive us if we give them the benefit of the doubt here.

"If one was suitably motivated, perhaps by a nation state or a crime syndicate, one could bring about the sinking of a ship," explained PTP consultant Ken Munro. "Maybe one wanted to delay an LNG shipment in winter to a country running out of gas, affecting spot prices."

And how exactly would the theoretical hacker go about sinking or waylaying the ship? Munro says that wreaking havoc on your average container ship would be as simple as messing with its ballast tanks, shifting the distribution of the weight from one part of the vessel to another and causing it to tip.