If you have not read HD Moore's research on serial port servers,  DO IT NOW. It gives you a shocking perspective on the reality of things: the security industry has been historically blabbing and making consumers concerned about the most recent, complex, intriguing and fashionable threats and attacks, while IT as a whole keeps failing the same old basic precautions since networks were born. Long story short, the state of the Internet hasn't changed: it's still damn nasty.

The Internet Census 2012, with its immense amount of data, along with HD's private research project, Critical.io, and the security search engine Shodan, allowed us to prove it once again. HD's serial port server research highlights the inherent insecurity of a large amount of network-enabling devices that bridge to the Internet normally isolated systems such as fuel pumps, oil and gas pipelines, power grids, traffic lights and many more odd and scary things.

But what does that have to do with ships? 

One of the most curious things we found when reviewing the Internet Census data were systems streaming messages like the one below, publicly, and with no authentication. These messages were often mapped to ports 2001 and 3001; the default TCP access ports for Digi and Lantronix serial port servers.

1. !AIVDM,1,1,,A,18Lg0o`P017<JGP7i:G5sOvb0H<h,0*2E  

These messages are emitted by devices able to collect and interpret communications of a maritime protocol known as AIS: Automatic Identification System. AIS transmitters are generally mounted on vessels, navigation markers and shore stations and they combine a VHF transceiver with a GPS receiver in order to broadcast their position and other information to nearby receivers. This data is  then collected and used by other vessels' anti-collision systems, search and rescue aircrafts, as well as maritime security agencies to easily track and identify ships entering national waters.