Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
Title:
2001_002
A port is victim of a distributed denial of service (Ping flood) attack.
Day Month Year Country Activity Incident Type
20 September 2001 United States Port Denial of Service

Summary

The Port of Houston in Texas ranks as the world's eighth-busiest maritime facility. It manages vast quantities of cargo, predominantly containers, and also facilitates significant passenger movements, serving as a central hub in the maritime sector.

According to sources, on the evening of September 20 (Central Standard Time), there was a disruption in the port's network. Essential navigational data, such as tides, water depths, and weather information, might have become unavailable. A British teenager is believed to have initiated this disruption, allegedly in retaliation against a chat-room user over anti-American remarks. Subsequent investigations reportedly led to a DDoS attack tool being identified on the teenager's computer. However, the teenager was later freed of all charges during the trial.

If the sources are accurate, while the cyberattack may not have resulted in physical damage, it could have disrupted operations. It's also noteworthy that, based on reports, the Port of Houston had faced a DDoS attack in August 2001, leading to another individual's conviction.

Victim

Port of Houston

Claimed/Reported Threat Actor

N/A

Origin

Script Kiddie

Main impact

Availability

References

  1. https://www.theregister.co.uk/2003/10/06/uk_teenager_accused_of_electronic/
  2. https://www.independent.co.uk/news/business/news/teenage-hacker-cleared-of-crashing-houston-s-computer-system-91926.html
  3. https://arxiv.org/pdf/2112.06545.pdf

Recommendations to Port to reduce Denial of Service risks:

  • Implement rate limiting and traffic filtering to mitigate the impact of incoming malicious traffic.
  • Check with your IT service provider that the resilience of its systems against such attack was tested.
  • Regularly monitor network traffic and set up alerting for unusual patterns or spikes.
  • Diversify your server locations and use fail-over systems to ensure service availability in case of an attack.
  • Establish an incident response plan to quickly mitigate and recover from DoS attacks.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.