How hackers can “hack” ships, and what ChatGPT is for

What could happen to the economy if cybercriminals use ChatGPT and gain access to container ships?

Generative artificial intelligence is already changing the world, and not only for the better. And if a student writes a thesis with the help of AI, it is one thing, but when a container ship with thousands of goods falls into the hands of cybercriminals, the scale of the problem is completely different.

For the most part, documented cyberattacks on individual ships were carried out by jamming and falsifying navigation signals. In recent years, ships have been increasingly threatened by more sophisticated attacks, including ransomware.

Recently, 1,000 vessels were affected by a cyber attack on DNV’s ShipManager software system. Fortunately, many ships have retained their autonomous functions, which has reduced disruptions, but the situation has highlighted the threat of widespread cyberattacks on ships, The Maritime Executive reports.

How can hackers make money from cyberattacks on ships?

At the very least, after attacking any freight transport and blocking its operation, hackers can contact the owner and demand a ransom from him in exchange for unlocking the operation of the transport or returning important data.

In addition, the services of hackers may be used by competitors of a certain carrier to disable its ships/aircraft and degrade performance, cause losses, reduce investor confidence, etc.

But there is a trickier way. Attacks on ships can potentially bring big financial gains to hackers, and it’s not about royalties from competing companies or buyouts from the victimized owner.

Сoming back Ever Given 

On March 23, 2021, the 400-meter container ship Ever Given completely blocked the Suez Canal, through which 12% of world trade passes – about $10 billion per day. As of March 28, at least 369 ships were waiting in line to pass through the canal. The next day, the container ship was removed from the ground, but the incident “hit” the world economy.

The idling of ships affected, in particular, demurrage and the cost of shipping by sea. And with oil tankers queuing up, the Ever Given accident pushed up oil prices, which in turn drove up the prices of everyday goods. So, the situation with Ever Given attracted the attention of not only businesses, but also ordinary people, who realized that blocking the shipping lane could at least increase the waiting time for their goods delivered by container ships to the ports, and at most – cause an increase in prices.

But the “case” of Ever Given also interested potential (or active) criminals-hackers. The Ever Given incident was not caused by a cyber attack, but it showed potential attackers the consequences for global trade and financial markets that a stoppage on a globally important shipping route could have.

Shortly after the incident, discussions began to appear on the darknet, in which some users discussed ideas on how to take advantage of such a situation and make money from it.

Hackers can buy certain stocks in the market before carrying out a cyberattack on, for example, a container ship on an important shipping “artery”, such as the aforementioned Suez Canal. A ship is remotely disabled or impaired in its navigation, as a result of which it blocks the route for other ships. After some time, the attackers receive a profit from the purchased shares, because they know the further development of events in the sensitive stock market. You can also invest in certain companies, whose services or products will become relevant in a crisis situation.

Over the past few years, hackers have penetrated the computer servers of PRNewswire Association LLC, Marketwired and Business Wire, a division of Berkshire Hathaway Inc. They used early access to 150,000 news about mergers, acquisitions and financial results of various companies before the information became public.

Is it really easy to commit a cyberattack on a vessel? 

Digitization has helped transform processes on merchant ships by automating many processes that were previously done manually. However, digitalization not only simplifies the work of ships, but also increases the risks of cyber attacks and increases the scale of potential damage.

Many on-board systems have been installed on ships since their construction, 25-30 years ago, and have not been changed since then. Therefore, many commercial vessels use outdated and unsupported software, making it easier for hackers to gain access to the vessels.

So what does ChatGPT have to do with it?

One way to carry out a cyber attack on a ship is through phishing emails. These are emails whose authors encourage the recipient to click on and navigate to a dangerous link, which allows a crew member to unwittingly download malicious content to their computer. Emails appear legitimate or official, and links are disguised as safe and authentic. They can be addressed to a specific crew or vessel using information obtained from open sources, such as social networks.

Phishing emails play a key role in many types of maritime cyberattacks designed to plant malware on target computers, including ransomware attacks.

Typically, scammers wrote such emails by hand. However, the recently released ChatGPT is a game changer.

ChatGPT is an artificial intelligence chatbot developed by OpenAI, which is a large language model. With its help, you can write books, poems, research papers (if you have post-editing skills), content plans, etc. Or – phishing emails. ChatGPT’s developers anticipated that the chatbot’s services could be used by malicious actors, so they created “barriers” to prevent malicious content from being created on direct instruction. However, hackers have found a way around this too.

With the help of indirect prompts, the chatbot can create a well-written corporate letter, or a letter written by an official department, repeating its tone of voice.

Prior to the release of the latest version of ChatGPT, a research paper demonstrated how users in over 100 countries responded to over 50,000 emails sent as part of a phishing training process.

Real authors had 4.2% clicks on their emails, compared to 2.9% for emails from ChatGPT. In some countries, notably Sweden, the click-through rate for AI-written texts was higher.

The threat of phishing emails is also indicated by a recent study by Darktrace, which found a 135% increase in “new social engineering attacks” in 2023, using emails generated by ChatGPT.

ChatGPT has an almost encyclopedic knowledge that can easily be used to find useful “maritime” information, such as ship names or IMO rules, to make emails more persuasive.

To prevent cyberattacks on ships that can affect the global economy, shipowners need to take care to strengthen computer security measures. But the most important thing is staff training, regular cyber literacy training, so that the crew can protect themselves and their finances and personal data, and not harm the company and, possibly, the whole world. 

Olga Horbenko.