Organised crime is becoming increasingly entwined with hacking, creating a “service-orientated industry” and making the internet “the single most important” factor facilitating major organised crime and drug trafficking, according to the head of Europol.
Speaking to the BBC, Europol director Rob Wainwright highlighted a case from this summer where a gang of drug smugglers were found to have hacked into computer systems at shipping companies operating out of Antwerp, one of Europe’s busiest ports with upwards of 20,000 containers passing through each day.
First using social engineering to trick staff into installing malware which compromised container management systems, and later, when that scheme was blocked, breaking into port premises to install hardware snooping devices, the crooks were able to access data on the whereabouts of shipments and the security codes needed to pick them up.
Now it seems like they can just cut out the middle man and get the information they need direct from the port computers.
The Antwerp scheme was thought to have been running for two years before it was finally shut down, with a tonne each of cocaine and heroin seized, along with weapons and €1.3 million (around £1.1 million, $1.75 million) in cash.
It seems like a pretty safe bet that similar techniques have been used at other ports around the world, doubtless with at least occasional success.
Port companies in Antwerp claim to have improved their IT security, and hopefully other port operators will have paid attention to the warning given by their experiences, but we can be pretty sure that similar blags will keep being tried, with ever more sophisticated malware, social engineering and digital intrusion techniques. So let’s hope their security measures can keep up.
It sounds like some more effort may need to be made on physical security too, ensuring that simply knowing where a container is sitting is not enough to let gangs stroll in and pick it up.
In line with this week’s National Cyber Security Awareness Month theme of hiring cyber-security savvy staff, they might also do well to spend some time training up their people, to help them avoid being tricked into opening up their systems to the bad guys.
Europol boss Wainwright’s warnings suggest hacking techniques are being leveraged in other criminal areas too, with subcontractor hacking collectives being leveraged to assist with all manner of crimes.
To combat this, he recommends police forces should “change the way they operate, to become much more tech-savvy”, and also advocates more input from parliaments, making sure laws keep up with the ways criminals are exploiting the internet.
Those of you lucky enough to have access to the BBC’s iPlayer service can hear the full interview with Wainright on the Today programme, for the time being at least – starting at about the 2h 20m mark.