Drug smugglers planted an extraordinary array of ingeniously-disguised remote access devices as part of a major hacking attack on the Belgian port of Antwerp’s logistics systems, Europol has revealed.
Announced by police in May this year, it is only now that the remarkable scale of the attacks and their unusual methods – which bear an uncanny resemblance to the recent KVM attacks on UK banks - are becoming clear.
In an interview with the BBC, a Europol official put on display the devices used to give criminals remote access to the port’s systems and the precious ID codes that allowed containers to be collected by authorised firms.
These included miniature PCs hidden inside electrical power strips, external hard drives, as well as keyloggers disguised as USB keyboard port converters. Although some of this equipment was designed simply to steal login credentials, the hackers appear to have used wireless cards to study and possibly control the logistics systems in real time.
The modus operandi was simple. The smugglers would hide drugs inside legitimate shipments of other goods from South America, stealing the release codes from the computer system in order to pick up the container before its real owner turned up at the port. On at least one occasion where this proved impossible to pull off, the criminals simply hijacked the trucks carrying the containers after they left the port.
Police now believe the cyberattack on two firms with access to the logistics system started in June 2011 and went undetected until this year.
Police arrested 15 people as well as seizing large amounts of drugs and cash. The volume of drugs smuggled using the hack hasn’t been estimated but could have a street value of hundreds of millions of euros.
“[This] is an example of how organised crime is becoming more enterprising, especially online," Europol director Rob Wainwright told the BBC. “We have effectively a service-orientated industry where organised crime groups are paying for specialist hacking skills that they can acquire online," he said.
The drug gang involved appeared to have hired a separate group with hacking knowledge to carry out the audacious attacks on its behalf, Europol said.
Intriguingly, the attacks bear a striking resemblance to two attempted Keyboard-Video-Mouse (KVM) on UK banks publicised by police in September. Those were seen as one-offs but it now looks as if the idea of planting remote devices in order to control systems goes back a lot further than 2013. One incident was a curiosity, two an interesting coincidence, but three now looks like a trend that will be followed by new incidents.