Hackeri pracujúci pre gang najskôr infikovali počítače spoločností manažujúcích kontajnery v prístave pomocou škodlivého kódu zaslaného zamestnancom cez email, následne po inštalovaní firewallu zabraňujúceho takémuto spôsobu prístupu prenikli do priestorov kancelárií a umiestnili v nich rozličné zariadenia s diaľkovým prístupom umožňujúce získavať informácie z počítačov.
Medzi týmito zariadeniami boli napríklad USB keyloggery, ktoré sa pripájali medzi klávesnicu a počítač a podľa Europolu zrejme po infikovaní PC bezdrôtovo odosielali okrem informácií napísaných na klávesnici pravidelne aj screenshoty pracovnej plochy počítača.
Sniffer v predlžovačke (foto: BBC / Europol)
Hackeri tiež modifikovali predlžovačku elektrickej siete s ethernetovými zásuvkami a doplnili ju o zariadenie zrejme sniffujúce dátovú prevádzku. Cudzie zariadenie bolo vložené aj do externého USB disku, jeho presná funkčnosť nie je jasná.
Gang takýmto spôsobom fungoval približne dva roky od júna 2011, políciu na podozrivé okolnosti upozornili spoločnosti manažujúce kontajnery potom ako sa viaceré kontajnery celé stratili.
Koľko drog gang za toto obdobie prepašoval nie je zatiaľ známe, len pri záťahu ale polícia zabavila viac ako tonu kokaínu a takmer také isté množstvo heroínu. Rozličný použitý hardvér si je možné pozrieť vo videu BBC
The head of Europe’s crime fighting agency has warned of the growing risk of organised crime groups using cyber-attacks to allow them to traffic drugs.
The director of Europol, Rob Wainwright, says the internet is being used to facilitate the international drug trafficking business.
His comments follow a cyber-attack on the Belgian port of Antwerp.
Drug traffickers recruited hackers to breach IT systems that controlled the movement and location of containers.
Police carried out a series of raids in Belgium and Holland earlier this year, seizing computer-hacking equipment as well as large quantities of cocaine and heroin, guns and a suitcase full of cash.
Fifteen people are currently awaiting trial in the two countries.
Mr Wainwright says the alleged plot demonstrates how the internet is being used as a “freelance marketplace” in which drug trafficking groups recruit hackers to help them carry out cyber-attacks “to order”.
“[The case] is an example of how organised crime is becoming more enterprising, especially online,” he says.
A Europol official tells Tom Bateman how traffickers hacked into the IT system at Antwerp port
“We have effectively a service-orientated industry where organised crime groups are paying for specialist hacking skills that they can acquire online,” he adds.
The attack on the port of Antwerp is thought to have taken place over a two-year period from June 2011.
Prosecutors say a Dutch-based trafficking group hid cocaine and heroin among legitimate cargoes, including timber and bananas shipped in containers from South America.
The organised crime group allegedly used hackers based in Belgium to infiltrate computer networks in at least two companies operating in the port of Antwerp.
The breach allowed hackers to access secure data giving them the location and security details of containers, meaning the traffickers could send in lorry drivers to steal the cargo before the legitimate owner arrived.
Workers were first alerted to the plot when entire containers began to disappear from the port without explanation.
“These criminal organisations always look for a new way to get drugs out of the harbour,” says Danny Decraene who heads the Antwerp organised crime unit of the Belgian Federal Police.
Bag of cash seized by Belgian police
This suitcase, containing 1.3m euros, was seized by Belgian police during raids on drug traffickers
“In this case they hired hackers [who were] very high level, intelligent guys, doing a lot of software work,” he adds.
He says the operation to hack the port companies took place in a number of phases, starting with malicious software being emailed to staff, allowing the organised crime group to access data remotely.
When the initial breach was discovered and a firewall installed to prevent further attacks, hackers broke into the premises and fitted key-logging devices onto computers.
This allowed them to gain wireless access to keystrokes typed by staff as well as screen grabs from their monitors.
Assault rifle attack
Mr Decraene says the total quantity of drugs trafficked by the group is unknown, but in a series of raids earlier this year police seized more than a tonne of cocaine, with a street value of £130m, and a similar amount of heroin.
In January a lorry driver unconnected to the plot was shot at after he had unwittingly driven a container allegedly filled with cocaine from the terminal at Antwerp.
The attack took place in the province of Limburg, where suspects armed with AK-47 assault rifles fired at the driver, who was unharmed.
Following the cyber-attack in Antwerp, a joint operation by Belgian and Dutch police resulted in raids on more than 20 homes and businesses.
Officers seized six firearms including a machine gun and silencer, bullet-proof vests, and 1.3m euros (£1.1m) in cash inside a suitcase.
Mr Wainwright says the IT attack is consistent with a “new business model” of organised crime activity and he says he expects this kind of cyber-security breach to “become a more significant feature in future” of drug trafficking.
“What it means therefore is that the police need to change the way they operate – they have to become much more tech savvy,” he says.
“But also I think governments and parliaments need to help us to make sure therefore that we have the right laws to fight back against this massive exploitation of the internet,” he adds.
Container companies operating out of the port of Antwerp say their IT security has now been improved.