OSINT: Tracking Ships & other Floating Vessels

DeTaSECURE

3 min read
OSINT: Tracking Ships & other Floating Vessels
Photo by Ian Taylor / Unsplash

Synopsis

In this post, I will show you how a malicious Hacker can use Shodan Search Information for tracking ships in the open ocean. As nowadays all floating vessels are connected to Satcom boxes with VAST or GSM/LTE the endpoint of Satcom boxes is over the internet that can be easily identified with some open source intelligence techniques (OSINT) and real-time monitoring/tracking of vessels.

Many satcoms like Telenor, Inmarsat, and Cobham can be searched over the internet with simple keywords like org: "Inmarsat Solutions US" or "SAILOR 150 FleetBroadband" which can give various results for open Satcom and try login with default credentials like HTTP admin/1234 or PPPoE void/void.

Basic terminologies that one should know once entered successfully into Satcom

AIS - Automatic identification system <TL;DR>

MMSI - Maritime Mobile Service Identity <TL;DR>

IMO - International Maritime Organization <TL;DR>

Getting Started

1. Open Shaodan Search and look for various keywords Eg. "SAILOR 150 FleetBroadband" <TL;DR>

A. Ship OSINT With Shodan Search Keywords

1. "Cobham SATCOM"
2. "Sailor"
3. "VSAT"
4. "Sailor 900"
5. "SAILOR 900 VSAT"
6. "thrane"
7. "SAILOR 150 FleetBroadband"
8. "SAILOR 150"
9. "Cobham SATCOM - SAILOR 150 FleetBroadband"
10. org:"MARLINK"
11. Server: "TT-3672 IP Handset - 1.17.1687"
12. Server: "TT-3672 IP Handset"


B. Submarine Mission Control Dashboards : title: "Slocum Fleet Mission Control"

C. CAREL PlantVisor Refrigeration Units: "Server: CarelDataServer" "200 Document follows"

D. Nordex Wind Turbine Farms http.title:"Nordex Control" "Windows 2000 5.0 x86" "Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.6.0_14)"

E. C4 Max Commercial Vehicle GPS Trackers "[1m[35mWelcome on console"

F. DICOM Medical X-Ray Machines "DICOM Server Response" port:104

G. GaugeTech Electricity Meters "Server: EIG Embedded Web Server" "200 Document follows"

H. Siemens Industrial Automation "Siemens, SIMATIC" port:161

I. Siemens HVAC Controllers "Server: Microsoft-WinCE" "Content-Length: 12581"

J. Door / Lock Access Controllers "HID VertX" port:4070

K. Railroad Management "log off" "select the appropriate"

2. Once the search is finished open the sitcom's IP in any browser and try login with default passwords.



3. Once entered successfully inside Satcom look for AIS, MMSI, or IMO for tracking ship real-time positions in the open ocean or play around and try to listen to SIP calls.

4. Google Search for GPS coordinates

5. Real-Time Searches with help of AIS and MMSI

For live traffic check out the following websites
1. https://www.marinetraffic.com/

2. https://www.vesselfinder.com/

3. https://www.fleetmon.com/

4. https://shipfinder.co/

5. https://www.cruisemapper.com/

6. https://www.myshiptracking.com/

7. http://www.vtexplorer.com/

8. https://www.vesseltracker.com/

9. https://www.ww3.maritrace.com/

10. https://www.marinevesseltraffic.com/

Thanks For Reading...

Raghav

Experienced Security Researcher with a demonstrated history of practicing Information Security and eGovernance consulting for Government organizations/sectors. Plus he also practices Cyber Security Consulting for the information technology and services industry. Skilled in Vulnerability Assessments & Penetration Testing, Cyber Security Intelligence, and OSINT. You can reach out to him by Clicking Here.