The threat of net-centric piracy
With cyber tools at their disposal, tomorrow’s pirates will not need to be anywhere near a ship to make money with a great degree of anonymity.
Mention piracy to non-maritime people and they invariably don fake eye patches, slap their thigh and make some swash-buckling commentary to aid their mock sword fight. They do not load a pretend rifle and threaten the lives of those around them; nor do they sit at a computer to access dark web chatrooms.

The general public’s view of piracy is resolutely stuck in the past. Yet gun-toting, often violent pirates that take commercial ships by stealth and brute force are a reality and one that the industry is trying hard to expunge. But there is a deeper piracy threat lurking: net-centric piracy.
The US Center for International Maritime Security – a non-partisan non-profit think-tank formed in 2012 – is keen to raise awareness of this threat through its global community of professionals, academics, and forward thinkers. It wants to get the word out that the technological advances of the 21st Century have provided potential pirates “transformational means, methods and opportunities” far beyond those experienced in the past.
“The question becomes not whether net-centric piracy will occur but when”
In an effort to hammer home the threat that net-centric piracy poses to the industry, the Center has published the following scenario to demonstrate how pirates could leverage today’s technology. It make sobering reading for anyone involved in the shipping industry.
Moscow, Russia – 17JUL15 0126D
After a series of all-nighters over the last week, a Russian hacker has gained access to a crewmember’s computer onboard the Pacific Treader. Using this access he maps the shipboard network. Discovering a diagnostic and maintenance laptop used for the ship’s automation and control system on the network, he quickly exploits the laptop’s outdated and unpatched operating system to install a tool on the automation and control system. The tool enables a remote user to either trigger or disable a continual reboot condition. Once installed, the hacker posts the access information for the tool’s front end user interface in a private dark web chatroom.
Prague, Czech Republic – 16JUL15 2348A
Sitting in his Prague apartment, a pirate receives a message on his cellphone via a private dark web chatroom. The message is from one of several hackers he contracted to gain access to control or navigation systems onboard vessels operated by the Trans-Pacific Shipping Line. With the posted access information, he logs onto his laptop and tests his access into the Pacific Treader automation and control system. After successfully establishing a connection he closes out of the tool and electronically transfers half of a contracted payment due to his hired hacker. Next using a commercial AIS website providing real-time track data from coastal and satellite receivers, he determines that Pacific Treader is likely headed into port in Hong Kong. Posting a message in a different private dark web chatroom, the pirate provides the identifying information for Pacific Treader.
Hong Kong, China – 19JUL15 0306H
On a rooftop in Hong Kong, a young college student pulls an aerial drone out of her backpack. She bought it online and it is reportedly one of the quietest drones on the market. She also pulls three box-shaped objects out of her backpack. Hooking one of the objects to the drone, she launches it and flies it across Hong Kong harbour in the direction of a ship she identified during the day as the Pacific Treader. Using the cover of darkness she lands the drone on the top of the pilot house and releases the object. Repeating this process twice more, she places the box shaped objects on other inconspicuous locations on the ship. After bagging up her drone, she posts a message to a dark web chatroom simply stating that her task is complete. Almost immediately afterwards she receives a notification that a deposit was made into her online bank account.
Prague, Czech Republic – 25JUL15 1732A
After eating a home-cooked meal, the pirate sits down at his laptop and checks the position of Pacific Treader via the commercial AIS website he subscribes to. Observing that the Pacific Treader is relatively isolated in the middle of the Pacific Ocean, he opens the remote tool that provides him access to the ship’s automation and control system. He sends a text message and then clicks to activate the tool.
Two-thousand ninety-three nautical miles north east of Hong Kong – 26JUL15 0332K
Onboard Pacific Treader an explosion engulfs the bow of the ships sending flames into the dark air. Immediately, the ship’s engines roll to a stop as the navigation and ship’s control system computers go into a reboot cycle. The lone watchstander on the bridge is paralysed to inaction by the surprise and violence of the events unfolding around him. The Master immediately comes to the bridge, completely confused by the events occurring onboard his ship.
Prague, Czech Republic – 25JUL15 1736A
The pirate confirms via his remote tool that the ship’s automation and control system is in a continuous reboot cycle, then he re-checks the commercial AIS website and confirms that Pacific Treader is dead in the water. He immediately sends an email to the Trans-Pacific Shipping Line demanding a ransom, stating Pacific Treader will remain dead in the water and more explosive devices will be activated until he is paid.
Fundamental shift
This scenario illustrates how the evolution of technology and the increased connectivity of systems and people have the ability to enable a fundamental shift in the nature of piracy, says the Center.
For tomorrow’s pirates the Internet is the “key enabler”. It serves as a command and control network as well as the means for disseminating intelligence information, such as vessel location or the presence of physical security measures.
“The attractiveness of net-centric piracy is the low barrier to entry, both in risk and cost,” says the Center. “The anonymity of the Internet also allows potential net-centric pirates to meet, organise, co-ordinate and transfer monetary funds with a great degree of anonymity. As a result, the risks of arrest or capture are significantly reduced, especially since a net-centric pirate may not be able to identify any of their co-conspirators. The monetary gain from the successful capture of a vessel compared to the low cost and risk currently associated with net-centric piracy make it an attractive criminal enterprise.”
Countering net-centric piracy is problematic, as international cyber law is in its infancy and extensive international co-ordination, co-operation and information sharing will be needed to identify, locate, and apprehend those involved in net-centric piracy.
“Net-centric piracy represents an opportunity to generate revenue without requiring the physical risks of traditional piracy,” says the Center. “The anonymity and distributed nature of the cyber domain also creates new counter-piracy challenges. Add to this the low cost and availability of unmanned system components coupled with the low barrier of entry for cyber, and the question becomes not whether net-centric piracy will occur but when.”
For more information on the Center for International Maritime Security go to www.cimsec.org.