Pirates in the Malacca Strait

Given my recent post Taking the Fight to the Enemy Revisted, does this AP report sound familiar?

Countries lining the Malacca Strait have vastly improved security in the strategic shipping route over the last five years, the top U.S. commander in the Pacific said on Monday...

Attacks in the Malacca Strait have been on the decline with only 11 cases last year compared to 18 in 2005 and 38 in 2004, according to the International Maritime Bureau, a martime watchdog...

Indonesia, Malaysia and Singapore began stepping up their surveillance by coordinating sea patrols in 2004 and following with air patrols a year later.

Last August, the British insurance market Lloyd's lifted its "war-risk" rating for the waterway, saying the safety of the 550-mile-long strait had improved due to long-term security measures.
(emphasis added)

Despite this development, Malaysia is looking for alternatives to shipping when transporting oil, according to this article:

A proposed oil pipeline project to pump oil across northern Malaysia could lower transportation costs and avoid risks of pirate attacks on tankers.

The US$14.2-billion project would involve building a 320-kilometre pipeline across northern Malaysia, linking ports on the two coasts, officials in northern Kedah state announced...

Crude oil would be refined in Kedah, pumped through the pipe to Kelantan on the east coast and then loaded onto tankers bound for Japan, China and South Korea, completely bypassing Singapore and the Malacca Strait, which lies off peninsular Malaysia’s west coast.

The strait, which carries half the world’s oil and more than one-third of its commerce, is shared by Malaysia, Indonesia and Singapore. It is notorious for robberies and kidnappings by pirates, but attacks have fallen following increased security patrols in 2005.
(emphasis added)

I see two lessons here. First, shipping companies did not try to "patch" their way out of this problem. There is no way to address all of the vulnerabilities associated with transporting oil by tanker. A two-pronged approach was taken. First, to protect ships, governments increased security patrols to deter and repel pirates. Ships did not get equipped with Yamato-size deck guns and battleship armor. Second, an alternative means to transport oil is being considered. This is a form of backup or redundancy to ensure oil still flows if the Strait becomes too dangerous.

I think these stories have plenty of lessons for digital security. Of course the next step would be going after the pirates directly, before they ever reach friendly ships. Consider the history of the US Navy:

Operations Against West Indian Pirates 1822-1830s

By the second decade of the 19th Century, pirates increasingly infested the Caribbean and Gulf of Mexico, and by the early 1820's nearly 3,000 attacks had been made on merchant ships. Financial loss was great; murder and torture were common.

Under the leadership of Commodores James Biddle, David Porter and Lewis Warrington, the U.S. Navy's West India Squadron, created in 1822, crushed the pirates. The outlaws were relentlessly ferreted out from uncharted bays and lagoons by sailors manning open boats for extended periods through storm and intense heat. To the danger of close-quarter combat was added the constant exposure to yellow fever and malaria in the arduous tropical duty.

The Navy's persistent and aggressive assault against the freebooters achieved the desired results. Within 10 years, Caribbean piracy was all but extinguished, and an invaluable service had been rendered to humanity and the shipping interests of all nations.

That's what I'm talking about.

Thanks to geek00l and mboman for discussing pirates in #snort-gui for inspiring this post.


Anonymous said…
I actually thought the privateers who came to the region to fight the pirates for a fee had a lot to do with the changing numbers.

Since costs of protecting a ship were starting at $50K, the lure of money brought in some seasoned mercenaries who were sick of fighting in Iraq and Afghanistan.

Note the detail from this article:


"Duperouzel said his forces have not yet had to open fire – his men merely stepping up to the side of the ship with weapons displayed has been sufficient to convince pirates to leave, often to find easier prey."

Or far fewer unguarded prey, apparently.
Anonymous said…
Just read another explanation. Apparently the tsunami could have been the primary cause of decline in pirates:


"The tsunami that erased dozens of coastal communities in Aceh, Indonesia, killing more than 228,000 people in the country, may have taken a toll on another group that has dogged security officials in the region for years.

The gigantic wave could also have wiped out a band of pirates who prey on ships travelling through the Malacca Strait, according to a Malaysian agency that tracks attacks on global shipping.


Indonesia, Malaysia and Singapore formed highly-publicised joint patrols in the Malacca Straits, sharing radio frequencies and approving the pursuit of pirates in their neighbour's territorial waters.

But the patrols had no effect on piracy, Choong said."

That's Noel Choong of the International Maritime Board (IMB) in Kuala Lumpur, Malaysia.

Seems like that disproves your theory, no?

In the context of computer/information security there are a number of folks advocating lots of locking up of criminals, etc.

One interesting difference between the sort of crime we've got now (massive phishing, spam, identity theft, etc. rings) is that piracy was an international offense and the US was allowed to attack pirates on the seas regardless of locality.

In the computer crime world we have a current situation where even interested law enforcement agencies have a tough jurisdictional problem and laws that make it tricky to pass the per-user dollar-loss hurdle.

What do ou think the chances are we're going to get US law enforcement and/or the military to start doing renditions for the folks heading phishing outfits? I'd guess it isn't very high on their priority list :)

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4