Russian Court Seizes Control of Four Tugs Owned by Maersk’s Svitzer

Published May 10, 2023 1:43 PM by The Maritime Executive

A Russian arbitration court in late April seized control of four tugs owned by Maersk’s Svitzer towage company and operating under a long-term contract to provide services at the Sakhalin-II oil and gas project in eastern Russia. Maersk had been seeking to end the services since the company announced plans two years ago to withdraw all operations from Russia in protest over the invasion of Ukraine.

Svitzer built four Robert Allan designed heavy-duty ice-class tugs in 2007 which were operating under charter to a Russian subsidiary Svitzer Sakhalin which in turn had an agreement with the operators of the oil and gas project to provide marine services. The contract was extended in early 2020 going into effect in November 2020 and running for an additional 10 years. At the time, Svitzer said it supported the mooring of more than 1,800 gas carriers with the four tugs and two mooring boats. Svitzer said it had 58 Russian crewmembers and nine onshore staff.

The Russian government took control of the Sakhalin-II project in August 2022 from the operating company that had been formed by Gazprom in partnership with minority investors Shell, Mitsui, and Mitsubishi. Svitzer’s service contract was transferred to the new Russian operator of the oil and gas project.

According to Russian media reports, Svitzer announced plans to transfer the four tugs out of Russia and re-registered them away from the Russian flag with Svitzer Sakhalin attempting to invoke a force majeure on April 17 to suspend the service contract. The Russian operator of the oil and gas project took Svitzer to court arguing that the loss of the four tugs could jeopardize production activities at the facilities.

Russian media outlet Kommersant reports on April 24 the court temporarily arrested the four tugs and gave control of them to a third-party company. They granted the right to continue to operate the tugs in Prigorodnoye. The stories indicate that Svitzer has the right to file an appeal till May 18 seeking to regain control of the tugs and end the service contract.

In a brief statement, Maersk said “We believe the situation regarding the tugs is untenable and efforts to resolve the matter are ongoing.” Maersk reports that all of Svitzer’s employees in Russia have resigned.

The tugs were one of Maersk’s final assets in Russia. In 2020, the company took a more than $700 million write-down on its Russian assets. It sold its interest in a terminal operator and its cold storage warehouse in Saint Petersburg and inland terminal in Novorossiysk. They had indicated that they were also looking to sell the four tugboats.

https://maritime-executive.com/article/russian-court-seizes-control-of-four-tugs-owned-by-maersk-s-svitzer

Hackers Could Use ChatGPT to Infiltrate Vessels

Published May 7, 2023 9:29 PM by Jessie Hamill-Stewart, Dmitry Mikhaylov and Andrew Sallay (ed.)

Most documented cyberattacks against individual vessels have historically been executed by jamming and spoofing navigation signals. However, vessels are increasingly threatened by a wider range of attacks, to include ransomware. Recently, 1000 shipping vessels were affected when DNV’s ShipManager software system was hit by a cyberattack. Luckily many vessels maintained their offline functionalities which reduced disruption, but this attack demonstrated the potential widespread reach of cyberattacks against vessels. In addition, there are potentially large financial gains to be made from attacks against vessels. Following the blockage of the Suez Canal by a 400-meter-long containership in 2021 and the ensuing disruption to global trade and financial markets, criminal hackers discovered that they could take advantage of the stock market changes associated with a grounded vessel to profit. Therefore, there are potential benefits for attackers of attacking a vessel.

One way of compromising a vessel is through phishing emails. Phishing emails are a form of social engineering which encourage crewmembers to click on insecure links and unknowingly download harmful content onto their computer. The emails appear legitimate and links are disguised as secure and genuine. They may well be personalized to that particular crew or ship, using information derived from open sources, such as social media. Phishing emails play a key role for many types of maritime cyberattacks, which rely on placing malicious software on target computers, including ransomware attacks.

ChatGPT is a novel tool developed by OpenAI with many linguistic skills, including explaining quantum physics and writing poetry on command. ChatGPT was not designed for criminals, and in fact has internal barriers to prevent it from creating malicious material when directly ordered to. However, attackers have found a way around this. AI can be a force multiplier for attackers, especially when using social engineering techniques. In particular, the AI chatbot produces persuasive phishing emails when prompted.

There are many benefits for attackers who utilise ChatGPT. For instance, it writes in good American English, helping attackers to disguise any typical differentiators between legitimate and illegitimate emails, such as typos or unique formats. Indeed, it has many different ways of responding to a single prompt, making emails individual and authentic looking.

ChatGPT can create a convincing and emotionally manipulative phishing email, according to prompts provided by the user:

ChatGPT will also happily include a malicious link as an attachment:

Before the latest version of ChatGPT was released, one research paper revealed analysis of over 50,000 emails sent to users in over 100 countries as part of its phishing training workflow. Professional red teamers had a 4.2 percent click rate, compared to ChatGPT’s 2.9 percent. In some countries, including Sweden, the AI chatbot’s click rate was higher. Furthermore, a survey of 1,500 IT decision makers across North America, UK and Australia revealed that 53 percent are concerned specifically by the threat of more believable phishing emails and 51 percent expect a ChatGPT supported cyber attack within the next year. Darktrace also commissioned a survey, with Censuswide, reporting that 73 percent of UK employees are concerned by hackers’ use of generative AI to create indistinguishable scam emails. Further research reveals that ChatGPT is already manipulating people to bypass security requirements, after an AI successfully asked a TaskRabbit worker to solve a captcha for them, due to a vision impairment.

The threat of phishing emails is further indicated by a recent study by Darktrace, which revealed a 135 percent increase in “novel social engineering attacks,” including increased text volume, punctuation, and sentence length with no links or attachments, in 2023 in correspondence with the spread of ChatGPT. It also revealed that the overall volume of malicious email campaigns has dropped and been replaced with more linguistically complex emails.

The threat posed to maritime by ChatGPT is substantial, especially because the rewards could be significant for the hacker. Shipping is a global industry, and disruption could be deeply costly. Vessels with networks that have been taken down due to a cyberattack cannot deliver essential commodities on which industries rely, like raw materials. A hacking event could even result in a grounding on a main trade route, with wider financial implications. As a result, increased security measures - like staff training - are required in order to raise awareness of the threats posed by clicking on malicious links.

More:

https://maritime-executive.com/editorials/hackers-could-use-chatgpt-to-infiltrate-vessels

>>18828579

You should, that's the dress rehearsal, the US is next