IT outage at cruise company AIDA due to a cyber attack?

[German]The cruise company Aida Crusies has canceled all New Year's Eve trips on its cruise ships. The reason are mysterious IT outages that lead to restrictions on board the cruise ships. The company is keeping a low profile, prosecutors are investigating cybercrime, and there are suspicions that the cruise line may have been the victim of computer sabotage.


Advertising

The information has been within my German blog for a few days – because in this comment, blog reader CL had pointed out a report in German Spiegel Online, according to which all trips of the Aida cruise ships on New Year's Eve were canceled by the shipping company. On the Facebook page of the company says in a message from December 25, 2020, that there are technical IT issues, which also affect the necessary communication of arriving guests.

Aida-Absage der Dezember-Kreuzfahrten

Dear AIDA Fans,

unfortunately we are currently affected by IT-technical restrictions. Therefore, we are currently not available for our customers by phone and email. This affects in particular the necessary communication to arriving guests for the voyages of AIDAperla from 26.12.2020 and AIDAmar from 27.12.2020. Therefore, we must unfortunately inform our guests that the planned arrival is not possible and we must therefore regretfully cancel these mentioned voyages.

We will contact all affected guests.

Best regards,

Your AIDA Team

Translated with www.DeepL.com/Translator (free version)

The ship AIDAmar is currently on her first Canary voyage of this season, while the AIDAperla has already been on tour from Gran Canaria for three weeks, according to SPON. On the above dates, other voyages with passenger changes have been canceled by the shipping company.

Passengers report failure of board IT systems

Passengers who were traveling on the two ships report the failure of the information systems. Golem quotes a Facebook post here with the content:

We are on the Aidamar, get the problems. The whole system is based online. All shows are cancelled. Everything is being sorted out offline. Some of the trips can't start.

Or

I am on the Mar right now myself and here since this morning no board portal and cameras are not working. All internet is gone so all waiters have to take orders by hand.

In general, much of the IT infrastructure seems to have failed on the ships as well. The boarding pass system no longer works, according to one passenger, and according to other statements, waiters and employees take orders with paper and ballpoint pen. Franz Neumeier has gathered some more information on his site cruisetricks. Cite:


Advertising

Affected are apparently, among other things, the telephone and e-mail connections to AIDA as well as the booking portal "MyAIDA". But also from on board the two cruise ships AIDAperla and AIDAmar passengers report the failure of IT systems there. And IT systems and the Internet connection are also said to have failed on AIDA ships not used for passenger service, such as AIDAnova and AIDAblu. Apparently affected are both the Internet connection and the systems for checking passengers in and out for shore leave, as well as the ordering systems for waiters in restaurants and bars.

In other words, what passengers have observed on site. If the information here is correct, AIDA Cruises will probably use thin clients based on Windows XP/7 that access Oracle Secure Glogal Desktop. I assume that the entertainment systems on the cruise ships also access this infrastructure.

 AIDA Cruises IT-Infrastruktur
AIDA Cruises IT infrastructure, Sourc: Oracle

Cyberattack: Public prosecutor's office investigates

Since the e-mail servers, phone lines and web functions of AIDA Cruises are probably also down, it can be assumed that there was a major cyber attack. On the Internet, various platforms report (see also Bleeping Computer) that IT problems also occurred at the Italian sister shipping company Costa Crociere and that no trips could be booked on its fleet.

NDR reports here that the Rostock public prosecutor's office is investigating suspected computer sabotage at cruise line AIDA Cruises. Spiegel Online writes here that the investigation is being conducted at the " Information and Communication Crime Unit" (IUK) of the Rostock prosecutor's office. It also says that IT problems are ongoing. In this article (paywall), the Schweriner Volkszeitung asks whether it might have been targeted sabotage. Because no extortion letter, like Ransomware leaves behind, was probably found.

In October 2020, I had reported on a ransomware attack at the parent shipping company Carnival, provider of cruises (Costa, AIDA, etc.), in the article Cruise provider Carnival confirms ransomware attack with data exfiltration.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *