Vessel Protection

Drug smugglers ‘hacking’ could deliberately capsize the enormous vessels

Criminals are hacking into computers that control worldwide shipping to smuggle drugs and weapons on a vast scale, security experts have warned.

The gangs gain remote access when a widely used system is poorly protected to alter container ship manifests, making their contraband shipment appear innocent and thereby avoiding detection.

And by hacking into the system, modern-day pirates can board ships knowing exactly where their targeted cargo is located, thanks to the digital loading plan.

Experts fear the shocking vulnerability of the technology could even open it to the risk of terrorists causing a disaster by deliberately capsizing one of the enormous vessels.

Owners of the world’s largest ships – some displacing more than 200,000 tons – use a system known as BAPLIE to tell port authorities where to put each of the vessel’s thousands of containers.

BAPLIE is regularly updated by its makers, but the problems arise when customers fail to make use of the latest version.

Thanks to the criminal hackers, information passed to customs authorities will obscure a containers’ true contents, its real weight and even its point of origin.

Law-enforcement agencies cannot examine every piece of cargo, instead of targeting shipments from high- risk countries. A hacker can change this to ‘confuse the system’ and make a high-risk container appear irrelevant to investigators.

Meanwhile, the system has already been abused by global pirates, who use its information to find out exactly what is being carried on a ship – and exactly where any goods they want to steal are loaded.

Security consultant Ken Munro, of renowned experts Pen Test Partners, warned the system is ‘ripe for attack’ and that ‘the consequences are financial, environmental, and possibly even fatal’.

He said many high-profile ports have instituted data security measures but attacks can easily be launched from ports in the developing world which are ‘the point of least resistance’.

He added: ‘There is evidence ship and terminal messaging systems have been exploited in the past for routing drugs and theft of valuables.’

Just a few minutes spent altering messages on BAPLIE could also allow explosive shipments to be treated like normal freight and result in a catastrophic accident.

The loading software is also used to make sure the ship does not capsize or lose stability. Heavier containers are placed low in the hold, while lighter ones are placed on top.

When these delicate calculations go wrong, cargo ships can capsize and sink, with the loss of millions of pounds of cargo and possibly lives. Hackers would be able to achieve this with ease, according to Munro.

In 2015, MV Hoegh Osaka ran aground in the Solent after almost capsizing due to the incorrectly reported weight of its cargo.

There is no suspicion that the ship’s loading plans were altered or hacked.

Mr Munro said: ‘I strongly encourage all operators, ports, and terminals to carry out a thorough review of their systems. Already there is evidence of theft from containers in port, potentially through insider access to load information.’