Secure at Sea: VSAT attacks, Crypto-Jacking Expand Hackers’ Arsenal
By Corey D. Ranslem
**This article originally appeared in The Triton Nautical Newspaper in July of 2018 (https://www.the-triton.com/2018/07/secure-at-sea-vsat-attacks-crypto-jacking-expand-hackers-arsenal/).
“The British are coming! The British are coming!” was the famous cry of Paul Revere on his midnight ride to alert the American colonial militia of the approaching British forces in April 1775. That was the extent of the early warning system during that era. Today, the early warning system we have when it comes to cyber security isn’t much better.
In last month’s column, we discussed different potential attack vectors within the maritime industry. There are some amazing technological advances taking place in our industry, such as the digital bridge of the future, shipboard IoT, increased satellite bandwidth, improved delivery of risk and threat information, and the integration of new technologies like blockchain, artificial intelligence (AI) and the use of virtual reality (VR) in training.
We have entered the fourth industrial revolution, which now requires us to take a harder look at cyber security. There are a few additional attacks that are important for our industry to understand that I didn’t mention last month – first, the attack of the vessel’s VSAT system; and second, a type of attack called “crypto-jacking.”
It doesn’t take long in an internet search to find several real-world attacks that hackers have conducted on VSAT systems. There are a couple of popular attack vectors here. One is to gain control of the system through the admin control password. There are numerous examples of people hacking baby monitors, thereby putting a literal listening device in someone’s house.
Hackers also use information from a website called “Shodan,” originally set up to scan the internet for IoT-connected devices, to then gain access to those devices. Shodan now has a ship-tracking link on its website that tracks vessels around the world via their VSAT antennas. Hackers can then use this information to gain access to the VSAT system on board and beyond.
Ransomware attacks have become popular and involve hackers gaining access to important information, then demanding payment for the release of that information, typically through cryptocurrencies like Bitcoin. Now, with the rise in popularity of these cryptocurrencies and digital mining operations, crypto-jacking has become almost as popular as ransomware attacks. A crypto-jacking attack occurs when someone gains control of a device to help them “mine” cryptocurrency.
There was an attack in late 2017 in which devices that were connected to the Starbucks Wi-Fi in Brazil were used by hackers to mine cryptocurrencies. Malware was loaded onto the unsuspecting computer once it connected to the network, and then the hackers used that device for mining. There are a limited number of Bitcoins that can be mined. As more coins are mined, it becomes harder for computers to mine additional coins and it takes a lot more computing power, so hackers are looking for any computer or IoT device to expand their mining operations.
So, how do we protect ourselves from these various attacks? There are some commonsense procedures to put in place to protect our vessel and shore-side systems. First, always change all the administrative passwords for every device you have connected to a network often. The passwords should be long and difficult, containing letters, numbers, and characters.
Second, networks on board a vessel should be separated into a guest network and an internal control network. They should be set up in such a way to make it almost impossible for you to gain access to one network from the other. You should consider working with a trusted outside IT consulting firm, even if you have a solid internal IT team. Trusted outside companies can help find issues within your system before the hackers do.
Finally, always remember to never open an email attachment from someone you don’t know or something that looks suspicious. Unfortunately, this is just the beginning of these issues as the world becomes more connected.
Corey D. Ranslem is the CEO IMSA and a recognized expert on maritime security. He hosts the companies weekly Maritime Video Blog on You Tube. He has been in maritime security and law enforcement for over 24 years; serving eight years with the U.S. Coast Guard. You can follow him on Twitter.