The port of Antwerp is one of Europe’s largest docks and also one of the biggest in the world. It stretches miles, from the inland flats of Belgium to the cold waters of the North Sea and last year alone over 14,500 ships docked there, unloading 184 million tons of cargo. With about 4 million containers shipped through the port every year and potential threats from organised crime and terrorism security is pretty tight.
In June this year police seized about a ton of heroin and cocaine after shippers who manage the movement of containers through the port discovered their systems had been hacked. However, it’s only in the past few days that the extent and audacity of the attack has been revealed. It had been going on for two years.
The computer system in the port allocates each container a reference number so it can be tracked as it enters the port, its location established while it’s waiting to be picked up, and when it is due to be picked up.
Criminals, in order to safeguard their ‘investments’ hired hackers by using the deep web, to break into the port’s computer systems. The gang had hidden cocaine in containers from South America containing bananas and timber. The hackers breached the ports systems, identified the precise location of the relevant containers within the port and then changed the location and delivery times of the containers. The gang then sent in their own drivers to collect the containers ahead of the scheduled pick up.
Breaking into the port’s security system
The hackers accessed the system by using spear phishing and malware attacks that targeted port authority workers and shipping companies. These attacks contained key stroke logging software that allowed the hackers to gain access to the system.
When the containers had been picked up the hackers wiped the containers details from the system, so when the legitimate drivers turned up there was a lot head scratching and puzzlement. The containers had ‘disappeared.’ It was this ‘vanishing’ of these huge metal boxes that alerted the port authorities to the fact that something was amiss.
Interestingly, the Antwerp hackers and criminals probably never met. According to investigators the criminals most likely hired their services. Hackers advertise these services on the deep web and are paid in Bitcoins, a virtual currency. These services can range from new top-of-the-range computer equipment at half price to destroying someone’s life, the sale of PayPal accounts with $10,000 plus in them, credit/debit card details in bulk and hacking into systems. Of course, the common denominator is that the ‘services’ are all related to computer-based crimes.
Other victims of internet security hacking
Last month alone, Paul Gascoigne the former England footballer said hackers stole £50,000 from his bank account in 23 withdrawals, eight men were arrested for stealing £1.3 million from Barclays after taking control of a computer and in the US it was revealed that an identity theft service that sells social security numbers, birth records, credit and background records on millions of Americans had infiltrated computers at some of the country’s largest business and data aggregators.
Also R.T. Jones Capital Equities Management, an investment company, had to tell 2,000 of its clients that their personal identity information may have been compromised following a web site hack, while a rival, Windhaven Investment Management had to do the same thing. Unique Vintage, a clothing website also had to inform an undisclosed number of customers that their personal information, including names, email addresses, phone numbers and credit card numbers, may have been exposed following a sophisticated malware breach.
As these events and the Antwerp hack revealed, system hacking is happening on a regular and industrial scale. So if you think that hacking and identity theft protection is not something that will affect you, you need to think again.
Posted by Steve Bell