Tales of the unexpected

TT Club look at cyber crime

The ingenuity of thieves and fraudsters has always surprised unsuspecting victims. The stakes are high and it is clear that the international supply chain, which by its nature facilitates movements across borders, is being targeted in order to fulfil trafficking of people and drugs, and other illegal trades, such as dumping waste, as well as intercepting valuable cargoes. In this article Peregrine Storrs-Fox, Risk Management Directorwith freight insurance specialist TT Club hopes to forearm, or at the very least forewarn transport operators, against such surprises.

In the closing weeks of 2013 there has been some publicity about the frequency of incidents of bogus Chinese forwarders establishing online relationships with agents in the UK and sending container loads of cargo without the necessary bill of lading to secure the release of the container once landed at the UK port. Ransoms have reportedly then been demanded by the Chinese agent in order to relay the necessary documentation. Without this, the import forwarder can find himself with significant demurrage and storage bills, as well as large legal fees incurred in trying to extricate himself from the situation.

This form of extortion needs to be publicised, as do a number of other devious forms of fraud and theft, in order to keep forwarders and other operators aware of ‘scams’ by which they may be taken advantage. TT Club, by revealing some of the details of such incidents, aims to increase the care with which freight companies choose business partners abroad and the priority they give to the security of their IT systems, in order to reduce their losses.

Towards the end of 2012 TT Club drew attention to increasing trend in the fraudulent use of internet clearing sites. We noted such occurrences, particularly on occasions when operators needed assistance in regions that they were unfamiliar with, especially at short notice. In such circumstances operators could be tempted to use unknown and untried subcontractors sourced via such sites.

We found instances where crime organisations purchased legitimate but failing transport operators and continued to trade in their name, predominantly on line and in a state of virtual insolvency, waiting for the opportunity to receive a valuable cargo before disappearing. More simply in other cases, fraudulent road hauliers advertising vehicles available for backloads again hoping for an unsuspecting forwarder, in too much of a hurry to carry out proper checks, and with a high-priced cargo to move.

More recently, however TT Club has become aware of IT-based theft that does not just involve misleading operators into thinking they are dealing with legitimate sub-contractors via the internet. Sophisticated criminals are now attempting to take control of operators’ IT systems.

‘Cyber-criminals’ are focussing on emerging technologies

A small but significant number of incidents have been reported which at first appear to be petty break-in’s at office facilities. The damage seems minimal – nothing is physically removed. More thorough investigations however reveal that the ‘thieves’ were actually installing spyware within the IT network of the operator. Interestingly, this involved physical installation. More typically the criminals identify targets (generally individuals) where the system cyber security is inadequate, combined with sufficient access and authority rights. As such, operational executives who may travel extensively can be particularly exposed.

The type of information being sought and extracted may be release codes for containers from port and terminal facilities. However, spyware can record movements, key strokes, and even download and print documents and screen shots to an external source. In the instances discovered to date, the cyber criminals have apparently been focused on specific individual containers, taking steps to track the units through the supply chain to the destination discharge port. Once the container has arrived, the perpetrators intervene, collecting the required release data from the unsuspecting operator’s IT systems, ultimately facilitating the release of the container into their custody and control. The incidents to date are thought to have been related to drug trafficking, leveraging a means of importing illegal substances through the supply chain unnoticed.

The use of such technologies, however, could very easily be replicated to infiltrate other areas of the supply chain, from freight forwarders through to warehouse operators. The potential scope of valuable information within the supply chain cannot be underestimated. In addition to the focused incidents experienced to date, there is scope for highly selective and targeted cargo theft, human trafficking and general disruption of the global supply chain. Generally, security efforts focus on the potential for disruption and ‘business continuity’; these recent spyware infiltrations point more to criminal leveraging to achieve darkly profitable ends. Implementing effective computer logs and ‘dashboards’ (as part of detailed operational and performance management information) may arguably be more pressing than updating and testing appropriate response plans.

Driven by the necessity to become more cost effective and efficient, many of today’s national and global logistics operators are substantially reliant on IT systems to manage every section of their business from stock management and vehicle routing tools through to accounting, security and even communication systems. The value and extent of the information held increases daily to the cyber-criminal.

Criminal organisations are well resourced and focused on utilising emerging technologies, not only to perpetrate crime but also to mitigate the risk of detection. The cyber-criminals’ ability to hack into email accounts and communication channels is well-established, and the risks to the logistics operator must not be ignored. For instance, if a driver received instructions to deviate from a planned delivery destination and to deliver to a nearby warehouse, from what appears to be a known and trusted source from within their own organisation, would they have concern to question it? Similarly, by accessing a warehouse operator’s stock management system, a criminal organisation can achieve its ends by altering the logical versus actual stock levels held within a facility.

Combatting cyber risks

The losses that can ensue from such cyber-fraud can give rise to very large financial exposures, let alone the commercial and reputational damage. The increased sophistication of such ‘cyber-attack’ of course makes it challenging for operators to build effective defences. However, awareness is the first step, followed by thorough risk assessment. Boards and managements need to articulate a clear risk culture and deliberately follow through the process. In many cases, the human element is both the strongest and weakest link in the armoury – the potential for individual or contractor malfeasance may be thoroughly mitigated by others’ alertness, thorough training and effective procedures (such as segregation of duties and ‘whistle-blowing’).

Vigilance and due diligence in day-to-day operations – the more physical side – are clearly vital, together with general security of IT installations. However, it would also be wise for operators to investigate the means of a greater degree of protection from and detection of hacking and spyware activity. When reviewing IT systems, the 2013/2014 Global Fraud Report issued by Kroll identifies at two key questions to consider:

• If you discover that your systems have been compromised, does your system have the facility to trace and identify what was viewed, modified or taken?
• What would be the potential commercial impact on your business if it became known to your clients that such information had been accessed through your IT Systems?
Equally, removing single system dependencies, such as implementing bifurcated messaging through different devices, and controlling information release by GPS mapping have been shown to foil infiltration.

Security in the supply chain is no longer simply about the use of locks, alarms and tracking systems. Organised crime has spawned new risks. For those who need to consider this topic further, the Kroll report provides a thorough global overview, with many comments applicable to those involved in transport and logistics. Additionally, the TT Club’s handbook ‘Supply Chain Security – Management, initiatives & technologies’ is a useful contextual reference. This is free to Members and brokers and available to others to purchase in print or pdf for £36.00.


Whilst technological advances undoubtedly provide greater operational efficiencies and opportunities for carriers and operators to mitigate their exposure to theft and fraud, unfortunately the same advances are also benefitting organised criminal groups. Such practices currently seem to be in their infancy. However, as invasive technology becomes more widely available, TT Club suggests that what has been observed in recent months could be a significant emerging risk to legitimate trade, exposing the operators in the supply chain to economic and commercial damage.