Wakashio’s Grounding: Was the Ship Hacked?

Aftermath of Wakashio's grounding

On 25 July 2020, Japanese bulk carrier MV Wakashio ran aground on a coral reef off the coast of Mauritius. The ensuing oil spill caused environmental devastation to Mauritius’ coral reef, as well as local marine flora and fauna. Initially thought to have been caused by human error, discrepancies now lead investigators to question whether the Wakashio was hacked.

What Caused Wakashio to Run Aground

At first, human error was seen as the probable cause for the supersized Japanese built iron ore bulk carrier, Wakashio, running aground on a coral reef off the coast of Mauritius. Investigators questioned crew members after the incident. According to their accounts, the crew had been celebrating the birthday of a sailor when the incident happened. Meanwhile, the captain sailed the ship nearer to shore to get a Wi-Fi signal. The ship’s crew had not been able to go ashore for some time due to Covid-19. Therefore, the captain was trying to get a signal to allow the sailor and other crew members to contact their loved ones. This was later refuted by Mauritius’ local police. They stated that the ship need not have sailed so close to shore to get a signal.

Allegedly, the ship’s captain also failed to respond to warnings from Mauritian authorities that the ship was off course. Consequently, the ship’s captain, Captain Sunil Kumar Nandeshwar, an Indian national, was arrested on 18 August. He is facing 60 years imprisonment on grounds of unlawful “interference with the operation of a property of a ship likely to endanger its safe navigation” under Mauritius’ Piracy and Maritime Violence Act.

However, discrepancies have since surfaced between accounts from the crew and those from Mauritius’ and Panama’s maritime authorities. Inconsistencies have also been found between statements made by the ship’s owners, Nagashiki Shipping, and those from the IMO specialist in Mauritius. Consequently, questions are being asked whether Wakashio systems could have been hacked, which could possibly explain some of these discrepancies. The IMO (International Maritime Organization) is a specialized agency of the United Nations, which is responsible for regulating global shipping

Cybersecurity Vulnerabilities in Ship’s Systems

Cybersecurity experts have reported an exponential increase in the number of cyberattacks against global shipping in the last year. This shows that shipping systems are seen as easy targets by cybercriminals. In Wakashio’s case, investigators have found an anomaly with the ship’s Electronic Chart Display and Information System (ECDIS). The ECDIS is essentially the ship’s navigational computer, which replaced paper nautical charts.

Captain John Konrad, founder of the gCaptain website, speaking to Forbes explained how the Wakashio could have been hacked. He sees three possibilities as to how this could have been done. However, hacking the navigational computer is the most feasible. “Many of these systems run old versions of Windows or other compromised software. It would be fairly straightforward for a smart and determined hacker to cause a vessel to go off course,” explains Konrad.

The other two possibilities were GPS hacking and hacking before departure. With regards to GPS hacking Konrad explains this is unlikely because: “Most GPS hacking requires that the hacker be near the antenna of the ship, which is very hard to do in the middle of the ocean.” As for hacking before departure, he says: “A hacking device could have been installed before the ship departed Singapore but that is unlikely, especially with Covid-19 restrictions.”

ECDIS had previously been flagged by cybersecurity experts as one of the most vulnerable systems on large ships. This has led to questions as to why appropriate cybersecurity measures had not been put in place on the Wakashio. Or why, at the very least, up-to-date backup paper nautical charts were not on board in case the ship’s ECDIS failed.

Environmental Impact of Wakashio Running Aground

The Wakashio ran aground of Pointe D’Esny, south of Mauritius, and subsequently began leaking fuel oil before breaking up. This area is listed under the Ramsar convention on wetlands as being of international importance. It is also near the Blue Bay marine park.

Most of the fuel oil had been pumped out of the ship before the Wakashio broke apart on August 15. Nonetheless, an estimated 1,000 tons of oil were spilled into the Indian Ocean. Forbes reports that the spill killed “over 50 whales and dolphins, directly contaminating 125 square kilometers of coral lagoon, washing up along 36 kilometers of coastlines and poisoning fish along this entire region.”

Tourism plays a major role in the economy of Mauritius and is centered around marine scenery and animals likely to have been endangered by the oil spill. Greenpeace stated that “Thousands of species […] are at risk of drowning in a sea of pollution, with dire consequences for Mauritius’ economy, food security and health.” However, who is accountable for this environmental disaster? As Nishan Degnarain states in the Forbes article: “When one company, managed by another owns a ship chartered to another, insured by another, flagged in Panama, crewed in India, operating in Brazil, inspected in Singapore… who is responsible?”

Information technology expert
Grace is an information technology expert who joined the VPNoverview team in 2019, writing cybersecurity and internet privacy-based news articles. Due to her IT background in legal firms, these subjects have always been of great interest to her.