2026-06-16 · Case Study
The short version: We scanned 30 vessels from 6 shipping companies using Shipcrawler. 22 of them (73%) had at least one system directly accessible from the open internet [data redacted to protect vessel identities].
Here's what we found, what it means, and what the fleet managers did about it.
We asked 6 shipping companies to give us vessel names — 30 vessels total. For each vessel, we searched Shodan, AIS databases, public web sources, and certificate transparency logs using Shipcrawler's multi-source OSINT pipeline. Results were compiled into plain-language reports for each vessel and aggregated here.
VSAT Management Interfaces Were the Most Common Find. The majority of scanned vessels had at least one satellite terminal management interface exposed to the public internet. Of those:
Remote Access Ports Left Open. Several vessels had RDP ports open to the internet. Some had no apparent authentication requirement.
No Correlation With Company Size. The 6 shipping companies ranged from small to 200+ vessels. Company size had no correlation with exposure levels. Spending more on IT doesn't automatically mean better vessel security.
One of the participating companies — a container vessel operator — had never had a security audit of any kind. Their results showed multiple critical and high-severity findings.
Their response: The IT manager changed credentials on all VSAT terminals within 48 hours. RDP was disabled and replaced with a VPN-based solution. Unsecured services were restricted to internal IPs only. Total remediation time: approximately 4 hours. Total cost: zero (all fixes were configuration changes). A follow-up scan two weeks later showed zero critical findings.
The reality is straightforward: most commercial vessels have some degree of internet-facing exposure, most of it is fixable with basic configuration changes, and most fleet managers have no idea it exists until someone checks. The gap isn't technical — it's awareness.