An article by Levina
According to a report published by 41% of the cyber-attacks across the world in 2017, originated from China, 3 years later the number has only surged higher. Eleven years after operation Aurora, China prepares for a more aggressive attack at the cyber realm of a completely unexpected territory–the littoral zones. The maritime trade is the most vulnerable to cyber espionage which has the capability to sink a ship. But are we prepared to counter it?
Few days ago, Zee news had reported that China’s cyber espionage unit 61398 was making incessant attacks on India’s defence and research organisations to gain access to sensitive information. While the organisations are fully protected on land, it is the trade via sea which is a sitting duck to cyber-enabled economic espionage.
History of cyber espionages & operation Aurora
Till 2010 cyber attacks were considered to be sporadic attacks on operating systems of organisations, but it was Google’s statement in Jan 2010 which shocked everyone. The attacks were traced back to unit 61398 of People’s liberation Army (PLA). Myriads of organisations were victims of the security breach which included companies from finance, technology, media, and chemical sectors. While Google was attacked with the primary aim to access the email content of the Chinese Human right activists, 34 other organisations, which included–Adobe, Juniper, Rackspace, Symantec, Northrop Grumman, Morgan Stanley, and Yahoo, were attacked in an attempt to steal their intellectual property. This incident was the impetus behind Google quitting it’s operations in China.
When the malware source code of the operation was made into an executable file, the compiler injected its source code folder name, Aurora, from the attackers’ machines. This is why it was called Aurora.
As early as Feb 2020 Mitsubishi electric had announced that it’s systems had come under attack of Black tech and Tick Chinese hackers groups after Mitsubishi’s participation in the bidding of prototype missile production. The stolen information specifications were that of a hypersonic glide missile.
Since 2010, numerous attacks have been made on systems across the world by the Chinese groups.
Read about it here— Japan’s missile design theft—lessons for India
In 2015, Barack Obama and Chinese President Xi had agreed that both the countries will not indulge in state supported theft of intellectual property via cyber espionages. While for the first few weeks the attacks dwindled, it surged soon. Between 2015-2016 there were atleast 13 such attacks in US and plethora of attacks in Russia, and Asia-Pacific. After Xi took over China’s reign in 2012, Chinese military began to implement many long-discussed strategies and concepts for conducting operations in cyberspace. Xi’s much lauded anti-corruption campaign within China was made possible due to higher cyber snooping internally and externally. This is why China reneging on it’s promises to Obama government should not have come as a surprise.
A look out for 5 PLA officers involved in cyber espionage, released by FBI.
Unit 61398– tip of the iceberg
Most of the cyber-attacks carried out by Chinese hackers were linked to unit-61398, stationed in Pudong, Shanghai.
Credit: Belfast Telegraph
The fact that unit has a dedicated 12 storey building to itself, and has about 2000 men working inside it, shows how seriously cyber espionages are taken by the Chinese government. This unit was earlier functioning under 3 PLA (General Staff Department Third Department) but has now have been subordinated under the network system department of the PLASSF, PLA Strategic Support Force, which was raised specifically for electronic warfare (EW). According to reports the recent attacks on Indian defence and industrial organisations were carried out by 3 hackers’ groups and they were using malware like Icebug, Hidden Lynx & APT-12 for cyber and industrial espionage. Their most common tactic is spear-phishing. They prepare scam emails which are sent to a person to make him believe it belongs to someone the receiver is acquainted with. To prepare such emails personal details are extracted from social media.
But unit 61398 is just the tip of the iceberg, another very active cyber espionage group belongs to unit 61486. There are atleast 20 other such cyber-attack groups maintained by PLASSF.
Recently FBI announced that US organisations have spotted a new version of a malware called Taidoor, which is a remote access trojan. With every version such malwares have become more and more sinister.
Why is maritime transport at risk?
Over 90% of the trade is carried out via sea across the world for it is the most effective way to do so. As per the Ministry of Shipping, around 95% of India’s trading by volume and 70% by value is moved through maritime transport. Though our Navies are amply equipped to counter cyber-attacks, the cargo-ships usually have a reactive approach to such issues, investments into cyber security is sporadic and not proactive. To help one gauge how serious a cyber threat can turn out to be, something as simple as a Electronic Chart Display and Information System (ECDIS) which assists in navigating, and is connected to the autopilot, can be easily misconfigured by hackers and can lead to throwing a ship off courses and/or crashing the ship. In 2017, a ship at Russian Black Sea port of Novorossiysk, reported that it’s GPS placed it 32Km inland. An error so large was caused by the hackers.
A cyber-attack on a shipping vessel could cause damage worth millions damage, add to it the disruption in the supply chain of food, supplies, and materials needed for everyday life such attacks are followed with. Possibility of loss of life should not be negated either.
Most prominent cyber-attacks in last 3 years have been
- Maersk, 2017: This shipping behemoth was attacked by Notpeya Malware. The attack costed them $300 million.
- COSCO, 2018: The company had taken precautions after Maersk attack and was ergo able to protect it’s network, yet for 5 days the operations were stuck in a limbo. The attack costed the company a loss between $250 – $300 million.
- Austal 2018: This shipping company from Australia was hit by a cyber attack which breached it’s data management system and the attackers demanded ransom in return of data.
- Deep draft vessel, 2019: United states coast guard released a statement in 2019 which reported a successful malware attack on a deep draft vessel (a big ship). As per the report— “the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted”. But thankfully the crew did not loose complete control over the vessel.
This should be a wake-up call!!!
Lloyd’s of London has already warned that a serious cyber-attack could cost the global economy more than $121 billion.
So why are ships so vulnerable?
- Outdated operating systems: Majority of the ships still use Windows XP and Windows NT for their on-board monitoring systems, GPS receivers or the Voyage Data Recorder (VDR), tend to be easily compromised. Even if they have the latest operating systems most them won’t have updated security patches. The older a ship, the higher are it’s chances to be attacked. As per Ministry of shipping report, almost 40% of the ships in India are at least 20 years old, increasing their vulnerability to cyber-attacks.
- Not updating Antivirus software: Due to the nature of shipping, it is a challenge to update the antivirus software of most of the ships in a company. Adding to shipping woes is the fact that cyber security doesn’t get priority.
- Poor Password & security hygiene: Whilst people on land are trepidatious to share password, it’s a very common practise among the crew of ships. This is difficult to avoid as most of them undergo a crew change very frequently, and user accounts are often shared or re-used, making the passwords susceptible to cyber-attacks. Critical ship control systems, including IP-to-serial converters, rarely have their admin passwords changed.
- Third party access: Other than the ship crew, contractors, service providers among others have access to ships. A breach in security can be expected from such 3rd party access of ships.
- Satellite communication: Whilst the vessels are equipped with gamut of electronic navigation, command-and-control systems interconnected to the global internet via satellite, it is often forgotten that satellite communication terminals are easy to hack by hackers.
With a lacuna in security upgradation, maritime ships are easy prey for the prying eyes of hackers.
Under such circumstances it is vacuous to assume Chinese hackers would not target the ships, when they are easiest to attack, can cause substantial damage to the ship, and loss of revenue. According to a 10-year-old Foreign policy report there were about 50,000 to 100,000 individuals employed in Chinese hacker Army. The numbers would only have surged by 2020.
China loves playing the game of deception, as Sun Tzu’s strategy says—The supreme art of war is to subdue the enemy without fighting. The gist is—whilst Chinese army seem to be amping up their game on the borders be it with India or Taiwan, the real attack can be expected elsewhere–a cyber 9/11 at the sea— which cripples the trade, bringing nations instantly to their knees. To assume this is an exaggeration is perilous, as a tiny virus which originated in Chinese city of Wuhan has now managed to slump the world economy.
An article by Levina
Copying the article or an excerpt without giving due credit to the website and author will be considered an infringement of copyright.
Read more articles on China