It Took a Specialist Less Than Half an Hour to Hack Into a Superyacht

The 390-foot-long Motor Yacht A superyacht, pictured while moored on the Thames River in London in September 2016.

Leon Neal/Getty Images

As a rule, superyacht owners are not a group that inspires a lot of pity. But this scenario truly does seem scary: While at sea, hackers located miles away take control of your 100-foot-long, $275 million superyacht’s poorly secured Wi-Fi network. The break-in grants them access to your banking information, emails, and potentially compromising pictures featuring your high-profile guests. It even permits them to rejigger the ship’s navigational systems and sail it off course.

Superyachts’ digital vulnerabilities were on full display at the 2017 Superyacht Investor conference, held in London on May 3 and 4. Campbell Murray, a BlackBerry IT specialist who focuses in thwarting cybercrime, demonstrated the ease with which digital infiltrators could break into the vessels’ Wi-Fi networks. As reported by the Guardian, it took him and a colleague less than a half-hour to take over one ship’s internet connection. “We had control of the satellite communications,” Murray told the assembled audience of superyacht designers, industry leaders, investors, and other conference-goers. “We had control of the telephone system, the Wi-Fi, the navigation. … And we could wipe the data to erase any evidence of what we had done.”

Even as physical acts of piracy have plummeted over the past two years, digital theft targeting superrich superyacht owners has emerged as a new frontier of nautical crime. Ransomware operators have already extorted yacht owners using stolen photographs, held a vessel’s steering controls for ransom, and reportedly nabbed more than $100,000 from one unnamed billionaire’s bank account. “People on yachts are what cybercriminals call high-value targets,” Malcolm Taylor, a former U.K. government intelligence official who now leads private security firm G3’s cybersecurity team, told the Guardian. “They are wealthy, and money is what people want to steal or extort.”

Some shipboard security lapses stem from the high-speed, long-range, less-secure Wi-Fi connections sported by contemporary superyachts, many of which increasingly serve as floating offices for their high-profile clientele. “Owners like to have strong Wi-Fi so they can operate their businesses from the vessel,” Murray told the Guardian. “But this means that the network extends quite far from the actual ship to other vessels and the shore,” creating openings for hackers.

In other cases, breaches are the result of simple carelessness. “Typically, ransomware infections occur by way of a drive-by,” Darren Mayhead, CEO of Great Circle Systems, a firm that provides IT services to yachts, told the International Business Times. “A crew member or guest is surfing web pages that may be dodgy to begin with, or some that are very popular.” Errant internet use can help ransomware operators triangulate vessels, allowing them to dispatch long-lens photographers to capture unflattering images of owners and their guests. Some owners have even put the kibosh on yacht crews’ onboard use of Facebook and Instagram in order to keep such photos from leaking.

Whatever their provenance, concerns over IT security could sink superyacht investors’ efforts to hawk the seagoing personal resorts to an expanding market of hugely wealthy potential buyers. Chartering one for a vacation voyage runs renters an average of $212,000—30 percent of which goes to fueling, stocking, and berthing the vessel—plus tips for the crew, according to Forbes. That exorbitant price tag depressed superyacht sales following the 2008 financial crisis. But consumer appetite is now on the rebound, and interested parties are eager to expand the market for the luxury vessels. Oliver Blanchet, who heads an actual department at the French bank BNP Paribas called “yacht financing,” told the Guardian that while more than 100,000 people worldwide can afford a superyacht, only 5–7 percent of them have actually purchased one (compared with 20 percent of those with enough cash to shell out for a private jet).

To some extent, fears about maritime machinations and the superyachts’ technological shortcomings are of a piece with a rising tide of handwringing over the intersection of vehicles and digital technology. Despite some high-profile incidents that have raised alarm about hackable Wi-Fi-enabled cars—including one in which researchers shut down a Jeep Cherokee being driven at 70 miles per hour by a Wired writer—fears about digitally infiltrated vehicles run amok are mostly overblown. The less-secure networks of superyachts, however, remain a potential pitfall. “If you moor up in Monaco, who are you moored up next to?” Murray said.