Extract from a BBC report (so it must be true, ha, ha) last month.
Seizing the controls
Crucial navigation systems such as the Electronic Chart Display (Ecdis) have also been hit. One such incident is recalled by Brendan Saunders, maritime technical lead at cyber-security firm NCC Group.
This also concerned a ship at an Asian port, but this time it was a large tanker weighing 80,000 tonnes.
One of the crew had brought a USB stick on board with some paperwork that needed to be printed. That was how the malware got into the ship’s computers in the first instance. But it was when a second crew member went to update the ship’s charts before sailing, also via USB, that the navigation systems were infected.
Departure was consequently delayed and an investigation launched.
“Ecdis systems pretty much never have anti-virus,” says Mr Saunders, pointing out the vulnerability. "I don’t think I’ve ever encountered a merchant ship Ecdis unit that had anti-virus on it."
These incidents are hugely disruptive to maritime businesses, but truly catastrophic scenarios might involve a hacker attempting to sabotage or even destroy a ship itself, through targeted manipulation of its systems.
Could that happen? Could, for example, a determined and well-resourced attacker alter a vessel’s systems to provoke a collision?
“It’s perfectly feasible,” says Mr Saunders. "We’ve demonstrated proof-of-concept that that could happen."
And the experts are finding new ways into ships’ systems remotely. One independent cyber-security researcher, who goes by the pseudonym of x0rz, recently used an app called Ship Tracker to find open satellite communication systems, VSat, on board vessels.
In x0rz’s case, the VSat on an actual ship in South American waters had default credentials - the username “admin” and password “1234” - and so was easy to access.
It would be possible, x0rz believes, to change the software on the VSat to manipulate it.
I’ve yet to see anyone hack a paper chart although I have seen some truly dreadful corrections done; how about a Second Mate pasting successive tracings on top of each other? Some of the charts were nearly 1/2 an inch thick!