Old fashioned sea pirates still exist but up until now they have not used hacking as part of their arsenal. According to this week’s Verizon Data Breach Digest, in 2015 sea pirates hacked the servers of a shipping company to identify high-value cargo. The pirates were able to infiltrate the company’s servers and identify ships and containers with the most valuable goods. The pirates then attacked the ships in question, unlawfully boarding the vessels and finding the target crates using bar codes. They would only steal the most valuable crate(s) and depart without incident, like a well-orchestrated heist from a movie. 

Typical pirate heists involve holding the boat and crew hostage for hours if not days as the pirates rummage through cargo looking for valuable goods to steal. In this series of high sea robberies the pirates forced “the crew into one area and within a short amount of time they would depart.” When the crews examined the ship only the most valuable cargo was missing. It was clear that the pirate’s held insider knowledge. 

The shipping company hired Verizon’s RISK Team to investigate the content management system used to manage shipping routes. They discovered that a hacker had exploited a vulnerability in the system and was able to upload malicious code to the server allowing them to download shipping data. Most importantly, they were able to unlawfully download bills of lading for future shipments, documents which provide an inventory of a ship’s merchandise.

After the investigation, the shipping company was able to patch their compromised servers and to block the malicious actors from accessing them. This story illustrates the old fashioned crime of criminal violence and robbery at sea intersecting with contemporary technology. Today’s pirates don’t have wooden legs or parrots on their shoulders, but they might be reading a Hacking for Dummies book.