Shipping’s poor cyber defences have been displayed once again with news two Hong Kong shipping lines had their passwords hacked easily.
Shanghai-based consultant Captain Ozgur Dogan Gunes revealed to Splash it took just five minutes to access each company’s database while “casually” browsing online.
Gunes, a Turkish master mariner, revealed on Sunday on Twitter he had taken full credentials of two shipowners and dropped them a courtesy call to inform them.
“This would definitely damage reputation and operation if discovered by others. Trust they both will take this serious. This flaw is shockingly so common!,” Gunes noted on Twitter, explaining to Splash later that he had carried out the exercise to highlight shipping’s soft cyber resilience, rather than to profit from the hack.
The two companies, both small to medium sized bulk players, have yet to respond to Gunes.
Gunes, who has a software development background, said the flaws at both companies were “quite basic” and both companies had likely outsourced their IT to the same third party company.
“This is a common attack type or known vulnerability but some shipping companies still have not performed any update so that I can get their password easily,” Gunes warned.
Shipping’s weak cyber security has come under the spotlight in the last couple of years with some high profile cyber attacks. Both Maersk and Cosco lost millions of dollars when hacked in the last couple of years.
A survey of nearly 6,000 active seafarers carried out by consultancy Futurenautics in March last year saw 47% of repondents saying that they had sailed on a vessel that had been the target of a cyber attack. Moreover, only 15% of seafarers had received any form of cyber security training. Just as alarming only 33% of seafarers said the company they last worked for had a policy to regularly change passwords onboard and just 18% of those polled said the company they last worked for had a policy to change default equipment passwords onboard.
I’ve taken full credentials (passwords) of two Shipowners and dropped them a courtesy call to inform. This would definitely damage reputation and operation if discovered by others. Trust they both will take this serious. This flaw is shockingly so common! #maritime #shipping pic.twitter.com/exzBGKguti
— Ozgur Dogan GUNES 阳旭 (@ozgurdogangunes) April 1, 2019