Выбрать главу

THE HAUNTED PORT: THE STORY BEHIND THE STORY

This was one of Jenny’s ideas. She came up with it after reading an October 16, 2013, BBC story entitled “Police Warning After Drug Traffickers’ Cyber-attack.” It concerned containers that had arrived in the port of Antwerp but somehow disappeared. As it turns out, they didn’t really disappear. They were simply taken out of the port by Dutch drug traffickers who were receiving their drugs from South America hidden in containers shipped to the port of Antwerp. The traffickers in Europe simply had to be told by the South American shippers what container the drugs had been packed in and provide them with the necessary documentation. All they, the Dutch connection, needed to do was pick up the container before the legitimate haulage company hired to fetch the container with the drugs hidden along with other products was able to pick up the container.

The case was finally solved when a legitimate driver picked up a container holding drugs. He was later intercepted by the drug traffickers who were after the same container and shot. The whole scheme was found to involve hacks into the system used to regulate and control the international transportation of goods via containers. As you can see, we really didn’t need to strain our imaginations to come up with this story.

HAROLD COYLE

THE HAUNTED PORT: THE TECHNOLOGY BEHIND THE STORY

Though not a technology, understanding how international trade is conducted can show us how criminals can take advantage of the process to smuggle undocumented goods around the globe or carry out acts of terror. The following is a brief tutorial on the mechanics of international trade as it relates to this case.

Companies or local merchants that wish to purchase products in bulk from a foreign source place an order with that source. When the shipment is ready, if it cannot be sent via the mail or a service like FedEx, the source contracts with a local transportation brokerage firm, which arranges for the product to be picked up, taken to a shipping company in the country of origin, and prepared for shipment.

Services provided by the brokerage firm or local haulage company include preparation of all documentation required by handlers, haulers, and custom officials along the way. Copies of this documentation are then forwarded to everyone who will be handling the container in which the product is packed as well as the company or merchant who purchased the product.

If the product is not enough to fill a container, it is put in a container with other items bound for the same region or city. A small shipment that is not enough to fill a container is classified as a less than truckload, or LTL. Once the haulage company in the country of origin has completed the necessary documents and filled a container with items bound for the same region or city, it hauls the container to a port where it is loaded on a ship. Once the ship arrives at the receiving port, the container is picked up by another haulage company, which then takes it to either a regional distribution center or its own facilities, where the container is emptied and the contents are stored until the company or merchant who purchased the product is notified their shipment has arrived in country. They are then responsible for coming by to pick it up themselves or arrange for another local service to deliver it.

Almost all of the coordination is done via the Internet, with a fair number of people involved in handling the container having access to it and the items being shipped. Few of them ever meet face-to-face. As a result, there are numerous opportunities for mischief. And since items purchased in Asia and bound for the UK can pass through the jurisdiction of several different nations and organizations like the Antwerp Port Authority, finding one agency that is able to conduct a thorough investigation when a shipment goes missing from point of origin to destination is, well, as easy as finding an honest person in Congress.

The Attack

Northumberland Haulage is not that unusual for a small business. A mix of old technology and inexperienced IT staff made it a prime target for organized crime, and the days when they only went after big companies are long gone. There has also been a worrying trend of organized crime not just working to subvert a company’s IT staff but placing their own people inside a target company. Here’s how the attack worked.

Step One

The attacker gains access to the company’s e-mail server with administrator rights. This could have been done either through an external hack or, as in this case, through temporary staff the company hired to cover for sickness or maternity leave who offers to “help” with the IT that has been “playing up” then disappears a month or so later.

The company’s e-mail is now set up to route everything through an e-mail proxy service under the control of the attacker but whose address is remarkably similar to the real service the company had originally signed up to. The majority of routine e-mail is now just forwarded after a copy is taken. However, if the e-mail is going to or coming from certain addresses, it is delayed and the attacker is alerted so he can modify the e-mail. In addition, the proxy also scans for certain keywords such as security, theft, loss, bill of lading, police, or insurance, for example.

The attacker is also smart, so he does protect the company’s e-mail from spam and phishing attacks from everyone else. After all, he doesn’t want anyone else messing up his golden goose!

One of the reasons for the delay is that the e-mail proxy server is actually located in what is referred to as a “bulletproof” hosting provider in Eastern Europe.

Step Two

The attacker now sees a copy of everything coming into and out of the company. He gets copies of all bills of lading, advice of shipment arrivals, details of ferry bookings for the drivers, and invoices.

The attacker gets into a routine. With a copy of the paperwork he knows when loads are being put together, where it’s due to arrive, and when it will be at the port. If he’s really switched on and wants to make sure there are no chance run-ins with the actual driver, as occurred in this story, he even knows which ferry the driver is taking to collect them.

He can let things through, delay things, or even amend documents to show a later collection time if the usual ferry schedules don’t allow him enough time to collect first.

That’s it in a nutshell. At its heart, it’s basically a man-in-the-middle e-mail attack.

JENNIFER ELLIS

THE GIRL WHO HACKED LIBERTY VALANCE

1

The knock on the office door caused Andy and Tommy to look up from what they’d been doing. After staring at it for a second, each took to regarding the other suspiciously, for no one visited the offices of Century Consultants without an invitation. Most of the other companies in the building didn’t even know who they were, beyond an unpretentious listing on the building’s directory in the foyer.

In contrast to their cautious frowns, Spence quickly tapped the save key and leapt to her feet, beaming as she scurried across the room. After sliding the peephole cover to one side and looking out to confirm it was who she’d been waiting for, she threw the door wide.

“You’re late,” Spence admonished with mock severity as she stepped back and allowed Pamela Dutton to enter the room. “I’ll just be a mo. There’s a program I need to finish going through before I can leave.” As she walked back to her desk, she noticed the looks her colleagues were giving her and Pamela. While Andy’s expression was understandably curious, Tommy’s was vintage Tommy as he ogled the tall blond model who possessed legs that, as Tommy later put it when he and Andy were alone, “went up to her armpits.”