1. A container shipping company does not store the bar code of crates/packages. I've easily read 100s of booking details and never seen this. At most you maybe find one booking where the customer gave too much info and the customer service person copy/pasted too much. Anyway, either the article is talking about the container number or the hacked company is a logistics company.
2. If it is a logistics company, they wouldn't know exactly where the container is on the vessel. You can ask "above/below deck", but exact details aren't normally shared. You'd need to hack two companies if the pirates behaved like the article suggests.
3. Boarding a container ship isn't that easy as a lot of them are huge.
4. A container might just be reachable. Hint: For some commodities special care is taken to ensure that the vessel crew can still reach it. It's much easier to target a container after it has left a terminal and is e.g. on a truck. Note that even with full access it is better to somehow takeover a truck than to pick it up yourself; they check and your identification (passport/drivers license) when you pick up.
At most this might be about some logistics company that uses small vessels. E.g. intra Asia trade. Any big company I would be surprised if the hackers would make sense of all the systems :-P
That said, every so often you do see news articles whereby someone within either customs or a shipping company sells the details to others. Those others then steal the goods. But not by boarding vessels though, they takeover the truck.
Quoting:
"They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident."
Those containers seem to be packed pretty tight. Even if you know which one had high value contents, is it even possible to access it within the stacks?
Love how you're giving "hint" on how capture goods in service; either you have: (1) done this, which brings into question why in the world you publicly mention this; (2) done or read about it, which if so, why not provide your sources; (3) done logistics related security, which should be stated; (4) a theorists. What exactly is your experience in the real world on the topic?
Aside from that though, I wonder if we'll be seeing increasing criminal activity like this or if it'll stay as an occasional source of funny headlines.
On the one hand the resources and knowledge of how to compromise a server are more accessible all the time.
On the other, exploited vulnerabilities are patched and the walls stay a bit higher than the cheap ladders. This will pretty much ensure that there is almost always at least a non-trivial amount of learning that needs to be done in order to profitably compromise equipment for practical purposes.
I'm thinking that the prevalence of basic technical savvy (roughly "has strong google-fu in the service of troubleshooting" or better) is going to be the largest influence on whether hacking-augmented crime increases or not.
My logic here is that it would happen more if more criminals knew how to go about learning how to hack since that gap between pre-built tools and practical application is always going to be there, but it's certainly bridgeable with some curiosity.
More technically savvy population, more cybercrime. It makes sense, but it can also be used as a kind of fluency metric. I thereby propose the frequency of computer-aided criminal activity as a fraction of all criminal activity to be a target metric for US technology education, higher is better.
Hackers (err, "crackers") can sell their services to others. A small group of tech savvy people can enable a lot of tech illiterate people to commit cybercrime. This messes up your math.
We already live in a world where you don't need to own a botnet to DDoS somebody. You just rent someone else's botnet by the minute. The pirates in the story are amateurs now, but soon somebody might rise among their ranks as the go-to guy for computer stuff. Just pay him a few ringgits and you don't even need to know about Google. The only thing you need to know is who to call.
All depends on who you define as a pirate, hacker, etc. if you consider social engineering hacking and stealing goods in transit, then using the two together is as good as written history.
Sound like it could have been a lot more devastating if the attackers had more (mad) skill(z). I am curious, though, why law enforcement didn't become more involved and track them down rather than just block them.
I assume this was off Indonesia. Indonesia is very corrupt. Having visited major cities in Sumatra such as Medan, there is not a lot of wealth. Add that to vanishing forests and a growing population, with little education, and lots of people are willing to take risks. In addition, I've read allegations previously that there is evidence that the Indonesian military supports the pirates, ie. they are actually working for corrupt military/political officials.
If you ever do ever visit Medan, check out the taxidermy museum, it's not the sort of thing I'd normally support but it's the most awesome such museum on the planet by a long shot (even better than Walter Rothschild's legacy at Tring in the UK).
Incidentally in the last few days they just had a major earthquake a hundred clicks offshore to the south of Sumatra, and reports of tsunami waves. The northern tip, Banda Aceh, was one of the worst affected locations in the huge tsunami a few years back. It's enough to make you head to the northern coast and try your luck as a pirate.
They could have been in a place like Somalia, where there really isn't a force to send after them. The same reason they don't just have a Somalian Navy that anchors outside these villages on the coast the pirates launch from to stop them, or sits in the villages with police
> "These threat actors, while given points for creativity, were clearly not highly skilled..."
Wait so a few script kiddies were able to pwn a sophisticated company's "in house CMS" (as if that was ever a good idea), and these guys are smug about the fact that the Pirates made a few typos?!
[+] [-] bkor|10 years ago|reply
1. A container shipping company does not store the bar code of crates/packages. I've easily read 100s of booking details and never seen this. At most you maybe find one booking where the customer gave too much info and the customer service person copy/pasted too much. Anyway, either the article is talking about the container number or the hacked company is a logistics company.
2. If it is a logistics company, they wouldn't know exactly where the container is on the vessel. You can ask "above/below deck", but exact details aren't normally shared. You'd need to hack two companies if the pirates behaved like the article suggests.
3. Boarding a container ship isn't that easy as a lot of them are huge.
4. A container might just be reachable. Hint: For some commodities special care is taken to ensure that the vessel crew can still reach it. It's much easier to target a container after it has left a terminal and is e.g. on a truck. Note that even with full access it is better to somehow takeover a truck than to pick it up yourself; they check and your identification (passport/drivers license) when you pick up.
At most this might be about some logistics company that uses small vessels. E.g. intra Asia trade. Any big company I would be surprised if the hackers would make sense of all the systems :-P
That said, every so often you do see news articles whereby someone within either customs or a shipping company sells the details to others. Those others then steal the goods. But not by boarding vessels though, they takeover the truck.
[+] [-] chockablock|10 years ago|reply
Quoting: "They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident."
You can download the Verizon report (that is the source for this article) here: http://www.verizonenterprise.com/resources/reports/rp_data-b...
[+] [-] 8ig8|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] woah|10 years ago|reply
[+] [-] nxzero|10 years ago|reply
[+] [-] BWStearns|10 years ago|reply
Aside from that though, I wonder if we'll be seeing increasing criminal activity like this or if it'll stay as an occasional source of funny headlines.
On the one hand the resources and knowledge of how to compromise a server are more accessible all the time.
On the other, exploited vulnerabilities are patched and the walls stay a bit higher than the cheap ladders. This will pretty much ensure that there is almost always at least a non-trivial amount of learning that needs to be done in order to profitably compromise equipment for practical purposes.
I'm thinking that the prevalence of basic technical savvy (roughly "has strong google-fu in the service of troubleshooting" or better) is going to be the largest influence on whether hacking-augmented crime increases or not.
My logic here is that it would happen more if more criminals knew how to go about learning how to hack since that gap between pre-built tools and practical application is always going to be there, but it's certainly bridgeable with some curiosity.
More technically savvy population, more cybercrime. It makes sense, but it can also be used as a kind of fluency metric. I thereby propose the frequency of computer-aided criminal activity as a fraction of all criminal activity to be a target metric for US technology education, higher is better.
[+] [-] kijin|10 years ago|reply
We already live in a world where you don't need to own a botnet to DDoS somebody. You just rent someone else's botnet by the minute. The pirates in the story are amateurs now, but soon somebody might rise among their ranks as the go-to guy for computer stuff. Just pay him a few ringgits and you don't even need to know about Google. The only thing you need to know is who to call.
[+] [-] nxzero|10 years ago|reply
[+] [-] yeukhon|10 years ago|reply
[+] [-] ConroyBumpus|10 years ago|reply
[+] [-] rwmj|10 years ago|reply
[+] [-] dredmorbius|10 years ago|reply
Or: start a shipping services company and "lose" the odd lot.
[+] [-] germerconsult|10 years ago|reply
[+] [-] dates|10 years ago|reply
[+] [-] SixSigma|10 years ago|reply
[+] [-] contingencies|10 years ago|reply
If you ever do ever visit Medan, check out the taxidermy museum, it's not the sort of thing I'd normally support but it's the most awesome such museum on the planet by a long shot (even better than Walter Rothschild's legacy at Tring in the UK).
Incidentally in the last few days they just had a major earthquake a hundred clicks offshore to the south of Sumatra, and reports of tsunami waves. The northern tip, Banda Aceh, was one of the worst affected locations in the huge tsunami a few years back. It's enough to make you head to the northern coast and try your luck as a pirate.
[+] [-] ChinoAntrax|10 years ago|reply
[+] [-] xigency|10 years ago|reply
[+] [-] gadders|10 years ago|reply
http://www.goodreads.com/book/show/18849590-black-flag
Entertaining if you like reading modern special forces fiction.
[+] [-] codeisawesome|10 years ago|reply
Wait so a few script kiddies were able to pwn a sophisticated company's "in house CMS" (as if that was ever a good idea), and these guys are smug about the fact that the Pirates made a few typos?!
[+] [-] jkot|10 years ago|reply
[+] [-] bitwize|10 years ago|reply
[+] [-] bsder|10 years ago|reply
And then realized that simply closing the security hole gains them the same amount of profit.
[+] [-] Joof|10 years ago|reply
[+] [-] kartika-|10 years ago|reply