Workers at a container terminal in Antwerp began to wonder why entire containers—containing cargo like bananas and timber—were disappearing from the port.
The port of Antwerp. Flickr (Dominic Sommers)
The scheme sounds like a work of near science fiction. But police in the Netherlands and Belgium insist its true, and say they have the evidence to prove it: two tons of cocaine and heroin, a machine gun, a suitcase stuffed with $1.7 million, and hard drive cases turned into hacking devices.
The plot, which began in 2011, reportedly involved a mix of international drug gangs and digital henchmen: drug traffickers recruited hackers to penetrate computers that tracked and controlled the movement and location of shipping containers arriving at Antwerp's port. The simple software and hardware hacks—using USB keyloggers and more sophisticated purpose-built devices—allowed traffickers to send in drivers and gunmen to steal particular containers before the legitimate owner arrived.
The scheme was first noticed last year, when workers at a container terminal in Antwerp began to wonder why entire containers—said to contain cargo like bananas and timber—were disappearing from the port. In January, the plot appeared to culminate in a daring raid in the province of Limburg, near Antwerp. A truck that had left the port and was unwittingly carrying containers stuffed with drugs was attacked by suspects armed with AK-47 assault rifles. According to police, the gang had assumed the driver, who was not killed, was from a rival drug gang.
In June, a joint operation by Belgian and Dutch police resulted in raids on more than 20 homes and businesses, where they seized six firearms, bullet-proof vests, and 1.3m euros in cash inside a suitcase. Fifteen people are now awaiting trial in Belgium and Holland, including two suspected hackers. Police did not say where the containers originated.
"I'm really not surprised at these practices," said Jim Giermanski, a former FBI agent and chairman of Powers International, a transportation security technology company. "The reality is that most shippers don't have a clue as to what to do to secure a container" from tampering by smugglers and terrorists, who, Giermanski warns, could use them to conceal dirty bombs.
Computers at the Port of Antwerp were hacked using clandestine devices like the one on the right, concealed inside a power strip (via BBC)
The cyber attack began with simple social engineering: a spear phishing attack through emails that tricked employees into installing malware. The container companies discovered the initial breach and installed a firewall installed to prevent further attacks. But police say the suspects managed to get onto the physical premises to install key-logging devices directly onto the keyboards of computers, allowing them to gain wireless access to keystrokes typed by staff as well as screen grabs from their monitors.
The gangs also reportedly built their own hardware, concealing small homemade devices inside normal hard drive cases and power strips. These allowed them to access and remotely control data on the shipping companies' computers, and to gain security codes so drivers could pick up particular containers.
Shipping is only one among many infrastructures now subject to hacking. Security holes in the computer systems that manage everything from phone systems to energy facilities are now in high demand, among both criminal gangs and state-sponsored cyber squadrons.
"We have effectively a service-orientated industry where organized crime groups are paying for specialist hacking skills that they can acquire online," the director of Europol, Rob Wainwright, told the BBC. The cyber and real-world attacks are consistent with a "new business model" of organized crime activity, one he expects to "become a more significant feature in future" of drug trafficking. To fight attacks like this, Wainwright urges more "tech-savvy" police, as well as laws that help governments improve their surveillance of the internet.
The drug smuggling enterprise is a font of homemade ingenuity. Mexican gangs have been known to use tunnels and catapults to send drugs over the border. In Columbia, traffickers rely on repurposed Russian submarines. Police inspecting shipping containers have found cocaine stolen away inside frozen sharks. And until the FBI shut it down, the Silk Road—enabled by Tor, a US government project to provide internet anonymity to dissidents and other legitimate users—gave traffickers of all kinds the first international marketplace for drugs and other illegal substances.
Major cocaine flows as of 2009 (via UNODC World Drug Report 2010)
Shipping containers are thought to be integral to large drug smuggling operations. The iconic intermodal freight container was introduced in the 1950s as a way of standardizing the way goods are moved around the world. Rising in parallel with computers, containerization is how ninety percent of our stuff moves around the world everyday. But that scale—some 420 million containers are shipped annually—means that customs officials tend to inspect only around two percent of those shipments per year.
Estimates about the use of containers by smugglers are rough. But a report last year by the Stockholm International Peace Research Institute found that the ships unwittingly involved in the trafficking of drugs, guns and other substances, like those used in building WMD, are primarily commercial lines based in Germany, Greece and the US.
"Containerization provides trafficking and proliferation networks with the same cost- and time-saving transport mechanisms that have allowed the world’s multinational companies to deliver their products quickly and cheaply, penetrate new markets and expand their global customer base," the report concluded.
"This doesn't mean the ship owners, or even the captains, know what they are carrying. But it is relatively easy for traffickers to hide arms and drugs in among legitimate cargos," said Hugh Griffiths, the report's co-author. The problem, he told Motherboard, "is one of the greatest security challenges of the 21st century and so far no solution is anywhere in sight."
A UN video for its Container Control Program, which was started in 2003
After failing to meet a Congressional mandate to scan all shipping containers entering the US for nuclear materials, customs officials last year decided to table the idea because it was too complicated and expensive. Instead, ports in the US are using sophisticated high-energy imaging technology and radiological sensors only in certain cases—for instance, on containers that appear suspicious to inspectors, because of erroneous ship manifests. A more recent federal audit of an initiative by Customs and Border Protection to routinely check foreign ports found that the system has mostly failed.
In one recent demonstration, a group of researchers using cheap radio equipment showed they could hijack a system used to track shipping vessels worldwide, causing fake vessels to appear, real ones to disappear, and to issue false emergency alerts. In another, GPS researchers proved they could hijack a ship's navigation system and actually steer it—a technique they've also used on drones.
Simpler computer exploits of shipping systems have also been discovered. An investigation by Australian authorities last year revealed that drug gangs were able to use public databases to track which shipping containers in port were under inspection by police, allowing them to abandon those shipments.
And the technique used in Belgium isnt't completely new either: in season two of The Wire, a drug gang in Baltimore hires dockworkers to alter the computer records of containers with drugs that have been planted inside.