The Triton


Secure at Sea: VSAT attacks, crypto-jacking expand hackers’ arsenal


Secure at Sea: by Corey Ranslem

“The British are coming! The British are coming!” was the famous cry of Paul Revere on his midnight ride to alert the American colonial militia of the approaching British forces in April 1775.  That was the extent of the early warning system during that era. Today, the early warning system we have when it comes to cyber security isn’t much better.

In last month’s column, we discussed different potential attack vectors within the maritime industry. ​There are some amazing technological advances taking place in our industry, such as the digital bridge of the future, shipboard IoT, increased satellite bandwidth, improved delivery of risk and threat information, ​and the integration of new technologies like blockchain, artificial intelligence (AI) ​and the use of virtual reality (VR) in training.​​

We have entered the fourth industrial revolution, which now requires us to take a harder look at cyber security. There are a few additional attacks that are important for our industry to understand that I didn’t mention last month – first, the attack of the vessel’s VSAT system; and second, a type of attack called “crypto-jacking.”

It doesn’t take long in an internet search to find several real-world attacks that hackers have conducted on VSAT systems. There are a couple of popular attack vectors here. One is to gain control of the system through the admin control password. There are numerous examples of people hacking baby monitors, thereby putting a literal listening device in someone’s house.

Hackers also use information from a website called “Shodan,” originally set up to scan the internet for IoT-connected devices, to then gain access to those devices. Shodan now has a ship-tracking link on its website that tracks vessels around the world via their VSAT antennas. Hackers can then use this information to gain access to the VSAT system on board and beyond.

Ransomware attacks have become popular and involve hackers gaining access to important information, then demanding payment for the release of that information, typically through cryptocurrencies like Bitcoin. Now, with the rise in popularity of these cryptocurrencies and digital mining operations, crypto-jacking has become almost as popular as ransomware attacks.  A crypto-jacking attack occurs when someone gains control of a device to help them “mine” cryptocurrency.

There was an attack in late 2017 in which devices that were connected to the Starbucks Wi-Fi in Brazil were used by hackers to mine cryptocurrencies. Malware was loaded onto the unsuspecting computer once it connected to the network, and then the hackers used that device for mining. There are a limited number of Bitcoins that can be mined. As more coins are mined, it becomes harder for computers to mine additional coins and it takes a lot more computing power, so hackers are looking for any computer or IoT device to expand their mining operations.

So, how do we protect ourselves from these various attacks? There are some commonsense procedures to put in place to protect our vessel and shoreside systems. First, always change all the administrative passwords for every device you have connected to a network often. The passwords should be long and difficult, containing letters, numbers, and characters.

Second, networks on board a vessel should be separated into a guest network and an internal control network. They should be set up in such a way to make it almost impossible for you to gain access to one network from the other. You should consider working with a trusted outside IT consulting firm, even if you have a solid internal IT team. Trusted outside companies can help find issues within your system before the hackers do.

Finally, always remember to never open an email attachment from someone you don’t know or something that looks suspicious. Unfortunately, this is just the beginning of these issues as the world becomes more connected.

Corey Ranslem, CEO at International Maritime Security Associates (, has more than 24 years of combined Coast Guard and maritime industry experience. Comments are welcome below.

Related Articles

Wärtsilä autodocking system tested on 272-foot ferry

Wärtsilä autodocking system tested on 272-foot ferry

Global marine and energy technology group Wärtsilä has successfully tested what it calls “a world first” installation of autodocking technology on a ferry. The tests were carried out on the …

Couple found dead in St. Maarten

The bodies of Michael and Thelma King were found in their condominium in St. Maarten on September 21. A suspect in the killings was arrested by St. Maarten police on Sept. 23. According to …

Register for crew lounge at Monaco show

Register for crew lounge at Monaco show

Netherlands-based ACREW, a provider of professional development to superyacht captains and crew, has opened registration for its facility at La Rascasse during the Monaco Yacht Show. The venue …

Latest in the brokerage fleet: Hunter, Tyr sell; H, Revelry listed

Latest in the brokerage fleet: Hunter, Tyr sell; H, Revelry listed

Yachts sold M/Y Hunter, a 161-foot (49m) Trinity launched in 2006, by brokers Kurt Bosshardt and Patrick Hopkins of Denison Yacht Sales. M/Y Tyr (ex-T6), a 159-foot (48m) vessel built by …

Palma yard reducing pollution

STP Shipyard in Palma has registered for the Carbon Footprint environmental certification, which takes a baseline measurement of fuel and electricity consumption and then follows a plan to reduce …

Aid the sick but protect yourself

I have found that most people are willing to help someone when they require medical assistance. There are, however, concerns that we have when thinking about saving another person’s life. One of …


Leave a comment

Your email address will not be published. Required fields are marked *

Please answer the question below to leave a comment. * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.