Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Customer Data / How Verizon Shut Down Real Pirates
How Verizon Shut Down Real-Life Pirates on the High Seas
How Verizon Shut Down Real-Life Pirates on the High Seas
By Dan Heilman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
02
2016
Software piracy is a problem in the world of technology, but what about real-life piracy? In a recent cybersecurity report, Verizon said that it helped save a shipping company from actual pirates hacking into its content management system and gaining access to confidential information on schedules and cargo aboard various ships.

The pirates took a modern approach to plundering its victim's vessels, according to Verizon’s Data Breach Digest. Instead of holding ships and their crews hostage while they went through cargo in search of something valuable, these pirates began to attack shipping vessels in more targeted ways.

After boarding a vessel, the pirates would force the crew into one area of the ship, but the pirates would be gone shortly thereafter. During their investigation, crew members would find that the pirates had headed directly for certain cargo containers. "It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved," according to the report.

Directory Access

How did they know where to go? It turned out that the shipping company used a homegrown content management system (CMS) to manage shipping inventories, specifically the various bills of lading associated with each of their vessels. Verizon studied the network traffic surrounding the CMS that was managing shipping routes and found that a malicious Web shell had been uploaded onto the server.

The pirates used an insecure upload script to upload the Web shell and gain access to the directories on a ship’s computer directories, which were accessible via the Web. That allowed the pirates to interact with the Web server and perform such actions as uploading and downloading data and running various commands. It also let them pull down bills of lading for future shipments and identify valuable crates and the dates they were scheduled to be on board.

Rookie Mistakes

Although the scam worked a few times, the pirates weren’t especially skilled hackers. They failed to enable SSL on the Web shell, meaning all their commands were sent over the Internet in the form of plain text. That allowed Verizon, during its investigation, to write code that could extract these commands from the full packet capture data.

The hackers also sent several mistyped commands. In addition, they didn’t use a proxy, instead connecting directly from a home computer system. Verizon was able to build a timeline of actions, compromised Web hosts and at-risk data. The shipping company shut down the compromised servers, which it was able to do because the servers weren’t immediately critical to its business operations.

After blocking the pirates’ IP address, Verizon reset all the compromised passwords and rebuilt the affected servers. They also started regular vulnerability scans of their Web applications and implemented a more formal patch management process.

This account was part of a series of reports of unusual data breach scenarios uncovered by Verizon’s RISK Team, which performs cyber investigations for commercial enterprises and government agencies annually all over the world.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.