Hackers target shipping employee personal devices
Criminals are getting their hands on the codes needed to release boxes from container terminals and delivery instruction passwords through employees’ personal devices, where cybersecurity controls are usually lax, according to the TT Club.
In other cases, apparent burglaries provide cover for the installation of spyware on office IT systems, the specialist marine mutual added.
The warning comes after KPMG claimed that shipping is decades behind other sectors on cyber security questions, and claimed to have evidence that at least one major shipping company had been victim of apparent hacking by a business rival.
The issue is rapidly climbing the industry agenda, with the Security Association for the Maritime Industry – a body usually associated with the fight against physical piracy –earlier this month hosting a forum on the question at its London headquarters.
The TT Club said that while advances in IT have undoubtedly offered opportunities for carriers, transport operators and cargo handling facilities to cut theft and fraud, criminals are also able to take advantage.
Companies sometimes become vulnerable through employees’ personal devices, where security measures tend not to be as stringent as is the case with office-based systems.
Hackers make use of social networks to follow operational personnel who travel extensively, and truck drivers to ascertain routing and overnight parking patterns.
“We see incidents which at first appear to be a petty break-in at office facilities.
"The damage appears minimal and nothing is physically removed,” said TT Club claims handler Mike Yarwood.
“More thorough post-incident investigations, however, reveal that the thieves were actually installing spyware within the operator’s IT network.”
The type of information extracted includes release codes for containers from terminal facilities or passwords to discover delivery instructions.
“There has been an apparent focus on specific individual containers in attempts to track the units through the supply chain to the destination port,” said Mr Yarwood.
Systematic tracking is coupled with compromising the terminal’s IT systems to gain access to, or generate release codes for, specific containers. In the main, this is done to facilitate narcotics smuggling, although the technique can also be applied to high-value cargo thefts and human trafficking.
The TT Club is advising operators to be vigilant. Simply identifying the value of the data held by an organisation or individual is a starting point when assessing exposure to cyber crime.
“Education of employees across all disciplines of the organisation is crucial, making them aware of robust risk management policies designed to defend the organisation from cyber crime,” Mr Yarwood added.
“Often the level of threat is dependent on an organisation’s own culture.”
Are our ports in safe hands?
The Australian Competition Consumer Commission (ACCC) warns that privatisation of state government assets will have adverse effects.
Lloyd's List Australia reported last week “Competition in shipping draws ACCC attention” referring to ACCC chairman Rod Sims’ fears that the privatisation of Australia’s east coast container ports will cramp competition and lead to unwarranted price increases.
Our experience as port users is that his concern is so far not justified.
The new private port operators on the Australian east coast have begun actively competing for freight where their markets have geographical overlap.
They have also been working with other operators to provide effective intermodal operations using truck and rail for staged movements of trade aimed at boosting total port volumes.
I must admit to being one that had significant reservations about a short-term grab for profit to justify the high prices paid for the 99-year leases on the ports - $5bn in the case of the sale of Port Botany and Port Kembla.
The reality is that the private sector owners’ aims of maximising returns for shareholders make for far more consistent management of the ports than the revolving door of port ministers each with differing interests and strategies – particularly noticeable during the NSW Labor years.
It is important to note that the majority of private consortia revenue will be from fees based on container volume throughput.
This is not a new business model, but the same revenue previously collected by the state based port corporations.
In NSW, Freight & Trade Alliance (FTA) received assurances from Mike Baird, when he was the NSW treasurer, that there would be additional assurances to inform the relevant minister of price increases and to justify them.
Furthermore the minister has the ability to refer proposed price increases to the Independent Pricing and Regulatory Tribunal (IPART) and the National Competition Council.
To date these powers have not been needed.
The consortia are clearly focused on immediate returns, but they also have longer-term strategies for their 99-year leases.
The plan is to boost growth in container volumes rather than pushing up unit prices.
FTA has also received assurances from NSW minister for roads and ports Duncan Gay that funds received from the privatisation are being used for infrastructure projects including an immediate injection of $252m for the WestConnex project to improve road connections to and from Port Botany.
This is a welcome outcome.
The other area needing attention is the rail interface to the port, an issue clearly recognised by the NSW government as outlined in the Review of NSW Rail Access Regime and Freight and Ports Strategy.
Source: Lloyds List – Paul Zalai
Chain of Responsibility Fees to be introduced at DP World Brisbane
DP World Australia will implement a Chain of Responsibility Fee effective from July 7.
As part of Chain of Responsibility Legislation compliance, DP World Brisbane will commence weigh in motion for all import full containers.
“The new Chain of Responsibility Fee is the first of its type nationally, and this additional surcharge may be extended to other terminals and other states in due course,” Australian Container Freight Services (ACFS) port logistics managing director Arthur Tzaneros said in a notice to customers.
The load measurement devices are intended to ensure compliance with axle-loading requirements for vehicles using public roads.
The fees will include a Chain of Responsibility Fee of $5.10 plus GST per full import container delivered by road, and a Chain of Responsibility Overweight Fee of $100 plus GST per container removed from a vehicle.
“A Chain of Responsibility Overweight Fee will be payable when a vehicle departing the terminal via the weigh-in-motion facility receives a red light, does not have current permits and is refused exit from the terminal and DP World are required to remove one or more containers from the trailer,” Mr Tzaneros said.
The Chain of Responsibility Fee will be charged direct to transport companies when booking a VBS slot via 1-stop for the collection of an import full container.
The Chain of Responsibilities Overweight Fee will also be charged direct to transport companies via a further invoice.
ACFS will pass on the fees at cost, despite being required to pay the terminal on strictly seven-day terms.
High cube 40ft containers to dominate global fleet in coming years
According to the recently published Container Census report by London-based shipping consultant Drewry, 40-ft high-cubes will soon overtake conventional 40-ft designs to become the global market leader.
At the end of last year, 40-ft high-cube containers represented just under half of the box fleet after growing 7% in 2013.
This was significantly higher than the growth of the global container fleet, where growth was limited to 4.3% during the 12-month period.
Andrew Foxcroft, editor of Drewry’s Container Census report, said that the gains made in the maritime standard fleet came largely at the expense of traditional 40-ft equipment.
However, he also noted that the 20-ft share remained relatively stable attributing to around a third of the total fleet.
“These long-term changes in the fleet composition are predicted to continue through 2014-2017,” said Mr Foxcroft.
“Drewry is forecasting that the global box fleet will grow by around 5% a year through 2014-2017, with growth in the leased fleet set to continue to outpace that of the owned fleet.”
He continued: “Leasing firms remain better placed to invest in box equipment than shipping lines, many of which are still short of capital and so continue to be reliant on rental support.”
Drewry does not expect global box production to increase significantly in the short term, with annual growth continuing at much the same rate that it has over the last decade at around three million teu.
Beware big box rip-offs
Shipping containers have been the target of thieves since they first started circling the globe with many shipping lines conceding through gritted teeth that an amount of ‘natural wastage’ or ‘mysterious disappearance’ is an inevitable part of doing business in certain areas of the world.
The very nature of a freight container may make it prone to attention by criminals, not just because of what can be hidden inside, but also because it can be useful in other ways.
Predominantly uniform in size and shape, with little to differentiate one from another aside from the colour of the paint and the CSC plate, both of which it is possible to change. In fact the CSC plate, markings or container number may be irrelevant if the box is no longer to be used as a conventional freight container, whether it be for local storage, housing or scrap.
The TT Club StopLoss Bulletin on Container Loss looks into this further and while small scale theft is difficult to eradicate, the problem is more serious when both the quantum and complexity of the theft escalates.
In recent times there have been a number of higher profile examples when theft morphs into organised and large scale fraud, when the quantum moves away from being a thousand dollars for a ten-year-old teu, to a six figure sum for multiple and potentially high value unit losses.
Alert to recent theft
Attention by criminals has been sporadic around the globe, but a recent example arising in Kuwait highlighting the potential pitfalls affecting multiple shipping lines, draws a timely reminder of some of the steps that need to be taken in managing this risk, which affects both lines and agents at the point of arranging the booking.
In this instance, a first time shipper requested a number of units from a range of different lines (totalling over 200 teu) using fraudulent bookings and licenses.
When the containers were not returned laden after a number of days and no bookings had been formalised, one shipping line became suspicious and looked to make contact with the proposed shipper.
It transpired that the purported shipper had disappeared, leaving no trace of the containers and no physical assets to target.
While the case is still under investigation, initial findings have indicated that on receipt of the containers, the shipper in all probability had them transported to another country and sold to a third party intended primarily for scrap.
Typically, where the units can be located, the party in possession of them may assert rightful ownership and entitlement to scrap or trade the containers.
The TT Club, working with its members and using a local lawyer, as well as its network of experienced claims handlers, is seeking to recover the containers from the scrap yard while at the same time requesting the authorities and courts to prevent the yard operator from painting, damaging or selling on the units until the dispute is resolved.
Review your container booking procedures
While recovering the containers is currently the primary goal of the TT Club and lines, prevention is always better than cure.
The purpose, therefore, of this article is to provide an alert for this particular occurrence as well as highlight the steps that lines, booking departments and agents can take to prevent these situations.
Protecting themselves from such fraudulent acts will not only avoid loss of units but also the time and cost of recovery, which can be significant and increasingly difficult in some jurisdictions.
Where you are working with a shipper for the first time or you find that an existing shipper significantly changes their operating patterns, immediately be on the alert and exercise an increased level of due diligence.
Be particularly vigilant where the request is for a significant number of units – it may sound like an attractive vein of business, but could equally be too good to be true.
Questions worth asking
Why do they need fifty units in one go or why do they need a second batch of units before returning the first?
Has the new customer been visited to verify they actually exist?
Is the haulier appointed to pick up the units known?
Requests for a number of high-value units, specifically reefer or tank containers, should be treated with suspicion.
Have free-time extensions been requested up to unusual or unacceptable levels?
It may be time for you to review your warning thresholds.
It must be remembered that the only dependable protection when units are given to a shipper is the due diligence already carried out and the financial security received.
While financial security is a significant and additional step that the shipper may feel is unwarranted, inconvenient and costly, security in the form of a cash deposit or bank guarantee can be relied on whereas a promise, letter of indemnity or cheque are likely to be worthless if it comes from a shipper who chooses to abscond.
These aspects of the risk management process in knowing your customer and receiving adequate security are recommended forms of defence against being targeted and losing out to fraudsters.
While much attention is rightly given by lines to cargo management – seeking to ensure that cargo entered into the supply chain is correctly declared, packed and placarded – lines can little afford not to attend to tight stock controls.
And the essential ‘know your customer’ checks are the same for both elements.
