Tuesday, October 3, 2023

Open Database Leaves Major Chinese ports Exposed to Shipping Chaos

The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping.

The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of data detailing current and historic ship positions that is exposed to the public. Analyzing the data, the team determined that it is highly likely to belong to the Yangtze river ports of Nanjing and Zhangjiagang.

The discovery is especially timely, given the escalation of the geopolitical situation caused by Russia’s recent decision to invade Ukraine. “This could have gone very badly if bad guys had found it before we did,” said a spokesperson for Cybernews.

ElasticSearch lacks a default authentication and authorization system – meaning the data must be put behind a firewall, or else run the risk of being freely accessed, modified or deleted by threat actors. The push access logs of the zjgeport[.]com found on the database contained user IDs and, most importantly, API keys that could in theory permit universal access, allowing a cybercriminal to write new data about current ship positions.

Chinese Ports Exposed

In layman’s terms, what this means is that if left unplugged, the gap could allow threat actors to read, delete or alter any of the entries in the exposed databases – or even create new ones for cargoes or ships that don’t exist. Moreover, conventional criminals could physically hijack a ship and jam its communications, leaving the port that controls and tracks its movements unaware that the vessel had been boarded.

Recommended:  Chinese Researchers Say They’ve Spotted an NSA Hacking Tool

That in turn could jeopardize up to 3,100 vessels that transport more than 250 million tonnes of cargo annually to and from the two ports – not to mention putting at risk the lives of the estimated 40,000 passengers a year that use Nanjing for sea travel.

The Cybernews team said: “Because of the way ElasticSearch architecture is built, anybody with access to the link has full administrator privileges over the data warehouse, and is thus able to edit or delete all of the contents and, most likely, disrupt the normal workflow of these ports.

“Because both of these ports directly connect factories based in China to international waters, it’s more than likely that they carry international cargo, thus creating a butterfly effect likely to affect the whole supply chain worldwide if the open instance is not closed.”

Zhangjiagang’s main cargoes include steel, timber, coal, cement and chemical fertilizers, while Nanjing typically trades in goods such as metal ore, light industrial goods, petroleum and pharmaceutical products. With Russia having incurred global sanctions as a result of its invasion of Ukraine, the fate of China’s economy will be more important than ever as it seeks to fill the vacuum created by its superpower neighbor’s expulsion from the world stage.

Since being alerted to the problem by Cybernews, the owners of the ElasticSearch database have enforced HTTP Authentication as a requirement for access, effectively cutting it off from the public side of the internet.

Related Reading: Prolific Chinese APT Caught Using MoonBounce UEFI Firmware Implant

Original Post @CyberNews

Recommended:  U.S. Cybersecurity Agency, CISA, Publishes List of Free Security Tools and Services

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
ClosePlease loginn
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security