Seatrade Maritime is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Antwerp incident highlights maritime IT security risk

Antwerp incident highlights maritime IT security risk
Drug traffickers performed a multi-stage cyber attack over a two year period at the port of Antwerp, which shows the risks shipping IT systems are open to according to maritime security and IT specialists.

Starting by emailing malicious software to staff at the port in June 2011, a criminal group gained access to data remotely which they then used to identify and intercept containers with drugs smuggled onboard.

The compromise was discovered after entire containers disappeared from the port with no apparent explanation.

Once the software had been discovered and neutralised, the attackers then broke into offices at the port, deploying computers concealed in everyday objects to intercept data from systems, including the staff's keyboard inputs and screenshots from their workstations.

The complex and sustained attack has led to warnings from security experts that attacks on shipping and port infrastructure will continue to evolve, and protecting the supply chain is of utmost importance.

Nick Davis, ceo of maritime security company GoAGT (Gulf of Aden Group Transits), said, "supply chain security in the future will be critical especially in the USA and mainland Europe, the sheer volume of mega ships that can carry 14,000+ teu presents the biggest security challenge for any port authority and customs network.

"The moving parts of the supply chain coupled with just in time delivery mean security is a necessary evil and one that is hugely misunderstood. Fusing data and more importantly sharing that data with agencies that can stem, illegal contraband, drugs, weapons and the like is a distant goal far from being achieved," he continued.

Alex Fidgen, director at IT security company MWR InfoSecurity, said, "after the port successfully detected the attack against their computer systems, they failed to map out other attack paths which allowed the attackers to achieve their objectives in this case. This demonstrates how important it is to not only focus on single systems but get a full overview of your organisation and the potential weaknesses in penetration testing exercises."

"This attack played out somewhat like an Advanced Persistent Threat (APT). They were apparently active for around two years, and were able to make use of advanced techniques with seemingly professional execution. However, this is what anyone can now buy on the black market as a service, so far from just being available to a nation state, anyone with money can purchase these services," he added.