Sea pirates and cyber attacks: Information security breaches in the maritime industry

The Maritime Trade Information Sharing Center, Gulf of Guinea (MTISC-GoG) has denied that it has suffered a data breach that could result in sea pirates knowing details about ships in the region, including their position.

“MTISC – GoG is aware of the currently unsubstantiated allegations contained within the ISPS Statement issued by Danish Coastguard regarding information security at the Centre in Accra, Ghana. Despite urgent requests for further information, nothing has been provided by the Danish authorities.”

The Danish Coastguard issued the statement on February 23, and this prompted The Standard Club, a specialist marine and energy insurer to issue an alert about it this Monday.

“Members should be aware that there have recently been reports of a security breach in the Maritime Trade Information Sharing Centre, Gulf of Guinea (MTISC-GoG), resulting in information being leaked to individuals with the intent and capability to launch hijackings in the area,” they warned. “While this breach has not yet been formally confirmed, it is strongly advised that vessels should use caution when reporting to MTISC GoG.”

The Baltic and International Maritime Council (BIMCO) has in the meantime issued a recommendation that “vessels entering the vessel reporting area for West Africa should continue to register with MTISC GoG in order to receive incident reports, but limit the provision of any information which would allow vessels to be identified or tracked. This will allow continuity of shipping security in the region.”

MTISC – GoG said that the information handled by the them is “unlikely to be of sufficient detail to be used by pirates to plan and execute attacks,” but that they are continually reviewing information security procedures and processes to ensure that they are both comprehensive and observed.

“Information security is of the very highest importance to MTISC-GoG and any suggestion that the standards have not been maintained are investigated,” they noted. They are trying to get more details about the alleged breach from the Danish authorities, and it’s still unclear whether they believe that the organization has been breached from the outside or by a malicious insider.

Interestingly enough, a Data Breach Digest released by Verizon this week at RSA Conference includes information about a cyber attack that compromised a shipping company’s systems. The attackers, believed to be associated with maritime pirates, were after information about the company’s vessels and the cargo they were carrying.

As it turned out, the company used a homegrown CMS to manage shipping inventories and bills of lading, and the team discovered that a malicious web shell had been uploaded onto the server, which allowed the attackers to download information from it.

The attackers exploited a vulnerability in the CMS to breach the server, but were unable to move laterally within the network. They also didn’t bother to hide the IP address from which they executed the attack.

The digest is compiled from the experiences of Verizon’s RISK Team, and provides a glimpse into the investigations the investigations it conducts. It describes the nearly 20 on the most common data breach scenarios.

RSA Conference 2016