[2024]Digital Global Overview Report 2024 Meltwater.pdf
Cyberattacks on a marine context (NATO Congress 2011)
1. A.P.T.
Cyberattacks
on a marine context
Gutiérrez A.
Corredera L.E.
2. Goal of the talk
Identification of potential security flaws on a
marine context using the most recent asset-
oriented hacking techniques.
Potential scenarios pirates could pursue targeting a vessel:
1- Compromised communications.
2- Malfunctioning/Sabotage of PLC systems
3- GPS precise fleet position discovering
3. Key concept
A.P.T. (Advanced Persistant Threat): Refers to a group with
both the capability and the intent to persistently and effectively target a
specific entity.
Advanced: Intelligence-gathering techniques
Persistent: Not opportunistic
Threat: Capability and Intent
4. Are sea pirates an A.P.T.?
Persistent: Hijacking from early 90s.
Threat: 53 ships on 2010
But...could they become
Advanced?
5. Are sea pirates an A.P.T.?
Persistent: Hijacking from early 90s.
Threat: 53 ships on 2010
But...could they become
Advanced?
6. Are sea pirates an A.P.T.?
Persistent: Hijacking from early 90s.
Threat: 53 ships on 2010
But...could they become
Advanced?
7. Cyberattacks makes them Advanced
Intelligence-gathering: Information Systems Intrusion
Communications interception: Fake base station techniques
Satellite Imaging: Google Maps, Bing...
8. Classic Cyberattacks: IP oriented
Every device connected to the Internet has an IP address
Basic steps of a “classical” Hacker (Not Persistent)
IP ranges scan for listening services
Target Characterization
Investigate vulnerabilities and exploits
9. New Cyberattacks: Asset oriented
Asset oriented search engine.
Basic steps of a “Persistent” Hacker (Addressed to a certain target)
Search for a concrete target in Shodan: e.g. Router Model
Find exploit in Shodan
So much faster and straightforward technique!
10. DEMO: Quick hacking session
Search for USAL assets: hostname:usal.es
Find vulnerable ones. (But be nice to them :)
http://www.shodanhq.com
19. Communications interception
By Tsaitgaist [see http://commons.wikimedia.org/wiki/File
%3AGsm_structures.svg for license], via Wikimedia Commons
20. Communications interception
By Tsaitgaist [see http://commons.wikimedia.org/wiki/File
%3AGsm_structures.svg for license], via Wikimedia Commons
21. Communications interception
By Tsaitgaist [see http://commons.wikimedia.org/wiki/File
%3AGsm_structures.svg for license], via Wikimedia Commons
22. Communications interception
A5/x No real time. Look up tables
Needs saved CUDA/GPUs Very costly
Cryptoanalysis transmission.
Fake base Micro BTS
Close to the target Freq.inhibitor for 3G Less than 10k€
station openBSC, openBTS
Cellphone Close to the target Motorola C123,155
baseband No GPRS by now
OsMoComBB Less than 13$!!!
modification Experimental
30. Sabotage
Stuxnet Very sophisticated. 4 Zero-days
Deeply targeted at vulnerabilities. Extremely
(Infects PLCs PLCs. 2 stolen digital expensive
from FieldPGs) Spionage certificates.
Needs a infection
ScadaTrojans pathway to install a
Inspired by Stuxnet
(Infects PLCs but “Low cost”
client side modified Cheaper
from SCADAs) file.
3 Zero-days.
40. Intelligence gathering
Internet connection.
Depends on
Asset oriented Computer.
manufacturer’s
Classic hacking Extremely cheap
hacking security
tools.
41. DEMO: Quick assets oriented search session
Membrane Biological Reactor, Merchant Vessels, Worldwide
Control system solution comprises: Siemens S7-300 PLC with MP
HMI and S7-200 PLC based control systems and networking for the
water treatment systems.
Search for Maritime related assets:
Zynetix MaritimeGSM, S7-300, advantech
http://www.shodanhq.com
42. Conclusions
Pirates should be considered an APT.
They could virtually use Cyberattacks to hijack vessels
more easily.
Complex Cyberattacks are more and more affordable.
A ship may become practically speaking an Internet
node with all its risks (should be managed).
Let’s be in the look out!