The group found that 18 of 20 container lines were vulnerable to hackers, with methods including so called “click-jacking” – tricking shippers into giving away usernames and passwords by leading them onto a fake website hosting a perfect copy of the carrier’s genuine site. From then on, a hacker can act in the name of the shipper, conducting financial transactions, stealing funds and, ultimately, booking cargoes which could be carrying drugs, weapons or other contraband.
This month, partner firm Clearsky Cyber Security uncovered a “click-jacking” campaign to impersonate websites mainly in the fields of banking and shipping, implicating one New Zealand-based shipping company which had fallen victim to a fake version of its own website.
“Container carriers typically spend significant resources verifying the identity of a shipper before he is allowed to use the full suite of eCommerce tools,” commented CyberKeel’s ceo, Lars Jensen. “This is only natural, as such access typically result in the ability to book cargo, amend shipment information as well as submit information related to Bills of Lading and other freight documentation.
“It is therefore of significant concern to both carriers and shippers that relatively simple types of attack can compromise such access. Unauthorised access can at worst be used to steal detailed shipment information, arrange transportation for illicit cargo, make fraudulent amendments to freight documents as well as steal the cargo itself.”