Maritime cyber threats: drug trafficking and supply chain security

By Sylvie Truong, The Readable
April 10, 2024 7:00PM GMT+9

On April 5, South Korean President Yoon Suk-yeol inaugurated a new automated terminal at Busan New Port, signaling a significant leap forward in the modernization of port infrastructure. However, this promising advancement is shadowed by the growing concern of evolving cyber threats targeting maritime gateways. This situation underscores the critical need for global initiatives to bolster cybersecurity in maritime ports.

This growing concern was highlighted in late February when U.S. President Joe Biden signed an Executive Order to strengthen the cybersecurity of maritime ports. The order underscores the vital role of these gateways in maintaining global trade and economic stability, acknowledging the complex threats posed by maritime hackers and other malicious entities. Although the Executive Order does not specifically mention drug trafficking, it acknowledges the broad spectrum of threats in the maritime domain.

Maritime hackers in drug trafficking

The interconnected nature of cybersecurity threats is exemplified by instances where drug traffickers have employed hackers to tamper with maritime port operations. A striking case was highlighted in a 2013 Europol report, which uncovered that drug traffickers had gained control over Antwerp, Europe’s second-largest container port. By hiring hackers to breach the port’s computer systems, they manipulated container supply data. This manipulation allowed the traffickers to monitor and dictate the movements of cargo, enabling them to retrieve drug-laden containers at their preferred times and locations.

The hackers initially managed to penetrate the port’s defenses by dispatching malicious software through email to the staff at the Port of Antwerp, thereby gaining remote access to crucial logistics information. When the breach was discovered and a firewall was installed by the port staff as a countermeasure, the hackers escalated their efforts. They physically broke into company offices and covertly embedded data interception devices within commonplace items, such as cables and hard drives. This sophisticated criminal operation went undetected for two years until law enforcement agencies intervened and made arrests.

In a separate incident in 2020, Dutch law enforcement apprehended a 41-year-old hacker accused of breaching the IT systems of major ports in the Netherlands and Belgium. In this breach, the malicious actor allegedly sold sensitive information to cocaine traffickers as well as provided them with advice on which shipping containers were most suitable for smuggling narcotics.

These incidents highlight the complex nature of cybersecurity threats that transcend traditional cyberattacks on critical infrastructure by state actors. They reveal how criminal organizations also engage hackers to seize control of vital infrastructure, posing substantial risks to national security and compromising public safety.

Expansion of drug markets and global implications

Recent disclosures from Americas Quarterly shed light on Latin American drug cartels’ efforts to expand into new markets in Asia, underscoring the global importance of maritime cybersecurity. These revelations serve as a stark reminder that maritime cybersecurity measures are crucial not only for addressing traditional security concerns but also play a vital role in combating transnational organized crime and protecting international trade routes.

The article pinpoints South Korea, China, and India as key targets for notorious Latin American drug cartels aiming to broaden their operations. It particularly notes the port of Busan as a crucial conduit for transporting cocaine from Latin America into Asia and Oceania. This observation is consistent with findings from the Global Organized Crime Index, which lists South Korea and China as the top destinations for the cocaine trade in East Asia in 2023. Despite the relatively low prevalence of cocaine consumption within South Korea, local criminal syndicates are leveraging the country’s strategic location as a transit point for narcotics originating from Latin America.

Cyberattacks against australian and japanese ports

In July 2023, the Port of Nagoya in Japan was targeted by a ransomware cyberattack, representing a significant escalation compared to previous cyber incidents encountered by the Nagoya Port Authority. This particular attack had a profound impact, leading to the halt of all container loading and unloading activities at the port. As a result, the port incurred considerable financial losses, and the movement of goods to and from Japan faced serious interruptions.

In November 2023, DP World Australia, a major port operator responsible for handling nearly 40% of the country’s trade volume, was struck by a crippling cyberattack. This incident caused a substantial cargo backlog and led to the port being offline for three days, leading to widespread disruptions in trade and commerce throughout Australia.

The cyberattacks on the Port of Nagoya and DP World Australia underscore the tangible consequences of vulnerabilities in maritime cybersecurity. These incidents disrupt supply chains and have broad economic impacts, highlighting the critical need for strong cybersecurity defenses to protect maritime operations.

In conclusion, the collaborative push towards modernizing port infrastructure and bolstering cybersecurity, highlighted by initiatives from global leaders, signals a determined stance against the multifaceted cyber threats facing our maritime domain. This collective endeavor, responding to both cyberattacks and illicit activities like drug trafficking, underscores the vital importance of international cooperation and innovation in ensuring the security and efficiency of the world’s trade lifelines.

sylvie@thereadable.co

The cover image of this article was designed by Areum Hwang. This article was reviewed by Dain Oh and copyedited by Arthur Gregory Willers.


Sylvie Truong is a regular contributor to The Readable. Her interest in cybersecurity began in 2015, while working as a biomedical research assistant at Columbia University’s Irving Medical Center. She worked in the Molecular Imaging and Neuropathology Division, analyzing data using various software programs. Due to her experience there, she developed an interest in cybersecurity and implementing better practices to protect personal data, valuable research information, and more. Sylvie holds a master’s degree in neuroscience and education from Columbia University.