Blog: Maritime Cyber Security

Making prawn espressos, or hacking ships by deciphering BAPLIE EDIFACT messaging

Ken Munro 17 Nov 2017

In a separate blog , I discuss the consequence of- and methods to destabilise a container ship as a result of vessel stowage plan or ‘Bay Plan’ manipulation.

However, in order to actually modify the load plan, you need to understand the intricacies of the BAPLIE EDIFACT messaging system that is used to create ship loading and container stowage plans from the numerous electronic messages exchanged between shipping lines, port authorities, terminals and ships.

The messaging standard is developed and maintained by SMDG, the Shipping Message Development Group.

It’s also important to check which EDIFACT message standard is being used, as there are significant differences between the various versions.

Criminals less interested in destabilising ships but perhaps instead stealing goods by rerouting containers, would use COPRAR / COPARN / CODECO / COARRI messages instead. These deal with shipping line to terminal messaging and vice versa.

There’s evidence to suggest that ship and terminal messaging systems have been exploited in the past for routing drugs and theft of valuables. However, we believe this was done using front end GUIs in port rather than manipulating the data itself.

A sample EDIFACT message might look like this:

Already we can see interesting values in there; potential for changing cargo destinations, money and more. However, I’m more interested in some of the message subsets that are found in ‘LIN’ line items about contents and handling for individual containers.

Manipulating BAPLIE messages for fun and profit

If you’re familiar with UN/EDIFACT then you’ll recognise the amusingly literal checksum:

UNT+30+1’

That’s the message trailer – it is the total number of message segments, including itself, but excluding the UNH message header. So, if you remove or add a message segment, don’t forget to update the UNT trailer.

However, if you’re just manipulating segment values, you don’t need to worry about UNT.

You also need to be aware that the terminal/ship/port the message is being sent to will probably respond with a CONTRL message, acknowledging receipt. If you’re intercepting and forwarding the entire EDI message stream, be prepared to spoof a message back to the sender. It’s easy to generate the correct CONTRL message for your modified request: there’s a generator here.

Manipulating container weight and ship balance

This is an easy one, just search the message for:

MEA+AAE+VGM+KGM:9580.7′

or

MEA+AAE+VGM+LBR:21076’

VGM is the Verified Gross Mass, KGM is kilos and LBR is pounds. The trailing value is the weight, so make it lighter or heavier and the vessel load planning software will place the container in the wrong place for stability.

Some ports may intercept the wrong weight at a weighbridge or possibly at the crane, but overloading containers to save on shipping cost is already a significant issue in some regions.

Next, place your mislabelled heavy container at the top of the stack, moving the centre of gravity too high:

HAN+PRI:HANDLING:306′

That sets it as ‘priority’ so it’s likely to be at the top, making for easy offloading.

HAN+LTT:HANDLING:306′

This has a similar effect – ‘load third tier on deck’, so high up, out of the hold.

The ship becomes more and more unstable as heavy goods are inadvertently loaded high up. This can happen to unstable ships:

Blowing things up

Certain attributes can be set for a container to flag that it needs special handling, maybe indicating that it’s explosive:

ATT+26+AGR:DGATT:306+XS:DGAGR:306′

This describes aggregation of explosive materials.

So change it to:

ATT+26+AGR:DGATT:306+S:DGAGR:306′

And now it’s just aggregated liquids. Boom!

One could also remove this:

ATT+26+HAZ:DGATT:306+FLVAP:DGHAZ:306′

Which describes a flammable vapour.

Or modify the flashpoint of a dangerous load:

DGS+IMD+2.1::35-10+1954+055:CEL+1+F-ES-E

‘DGS’ describes a dangerous load. Even changing ‘CEL’ to FAH’ could cause issues, as the flashpoint temperature quoted is for Celsius, not Fahrenheit.

Making prawn espresso

Refrigerated containers need special handling, as they need to be located in certain bays that have power supplies. The following code states that the container is a ‘reefer’, so the load plan software puts it in a powered bay:

HAN+ACC:HANDLING:306′

However, if you want to make a real stink, change the handling code to this:

HAN+NOR:HANDLING:306′

That states that the refrigeration unit is inoperative, so can be placed anywhere. It gets put anywhere and isn’t connected to power, so defrosts. 30 tonnes of stinky prawns anyone?

Next, certain cargoes are sensitive to strong smells, particularly coffee. Handling codes are set to place them well away from smelly things.

HAN+OSC:HANDLING:306′

States that the container is full of odour-sensitive goods.

So simply change it to something amusing such as this:

HAN+OPD:HANDLING:306′

Specifying that the container door should be kept open.

Or locate your coffee next to a container of fishmeal, which will be tagged:

HAN+ODO:HANDLING:306′

Meaning it’s odorous.

And put them all in the hold using the ‘keep dry’ code where there’s poor air circulation:

HAN+KDR:HANDLING:306′

Whatever happens, the coffee will stink of fish on arrival at port. Prawn espresso anyone?

Conclusion

I’ve just scratched the surface of the potential for message manipulation here. Clearly the integrity of BAPLIE messaging is critical to the safety of container ships.

In my next blog I’ll look at the financial features of UN/EDIFACT messaging between ports, terminals and shipping lines. The messaging system supports EDI purchase orders and invoices through the ORDERS and INVOIC EANCOM features, so there’s clearly opportunity for financial fraud.

I strongly encourage all operators, ports and terminals to carry out a thorough review of their EDI systems to ensure that message tampering isn’t possible.

Already there is evidence of theft of valuable items from containers in port, potentially through insider access by criminals to load information. It doesn’t take much imagination to see some far more serious attacks.