Convergence isn’t a new fact in information security. For a while, we’re speaking about “security convergence” while two, at the beginning, distinct principles or functions are mixed to tend toward or achieve union or a common conclusion or result (as defined by Wikipedia). A good example is the combination of physical and logical security controls: to improve the authentication and authorization processes, we can use two different factors: something we “know” (a PIN, a password) and something we “have” (a token or smartcard). Security convergence is also used to detect incidents or suspicious activies. You could correlate data generated by a badge reader (physical security) with an Active Directory event (logical security). A user who swiped his badge to enter the building “A” but opening a session on a desktop located in the building “B” can be considered as suspicious.
Today, I read an interesting news reported on Twitter. It was published by the Dutch portal,Â transport-online.nl, which compiles news about freight. Nothing related with information security at first sight but quite interesting anyway. The portal reported that drug criminals hacked two containers terminals websites. Those companies operated in the port of Antwerp. Why? Today, computers control more and more infrastructures and containers are not an exception. Every container can be trackedÂ throughout its journey: when it was (un)loaded on boats, trains or trucks. Where it was stored (position), etc. Such information can be very valuable for criminals, especially, if they contain drugs. Hackers used the infiltrated systems to locate their precious goods.
This is a very good example of “crime convergence“: To achieve their goals, criminals do not hesitate to mix regular crime activities with cyber-crime. I’m pretty sure that the two hacked companies would never have imagined to be a target for cyber criminals (“Hey, who will be interested by the position of our containers?“). Don’t forget that data handled by your organization might be very valuable for some people with bad intentions.
Here is a link to the article: Drugshandelaren hacken rederijen en ontvreemden containers met cocaÃ¯neÂ (in Dutch – translation in English here).