BSM-Be-Cyber-Aware-At-Sea
0 (0 Likes / 0 Dislikes)
[CYBER AWARE
FIDRAFILMS.COM/CYBER]
[door bell rings]
It's a business.
We are professionals
and we are growing as fast as the internet itself.
[music and internet dial-up sound]
The first thing to be aware of is that whether you're
looking to take down a rival's website,
steal someones identity
or take control of a network,
your first target isn't IT infrastructure.
It's people.
[camera zoom sound]
99% of attacks are aimed at people.
People like you.
Everyone uses email
and a lot still fail to spot the signs
of a simple phishing expedition.
The unknown sender, poor grammar,
incorrect information, irrelevance.
[HAZIQ MOHAMED ABLE SEAMAN
PORT AMBARLI, TURKEY]
More effective is spear phishing.
Individually target emails with a reasonable ask.
It looks like it's from someone you know.
Just because it says it came from the boss,
doesn't actually mean that it did.
Email doesn't work like that.
[tapping of keyboard]
People give up personal information so easily.
Just think about it—
Why would a company ask you for
personal information or passwords they already have?
But people don't think.
[CHRISTOS STAMATIS CHIEF OFFICER
NEWPORT, UK]
Never more so than on social media.
Every time you announce where you're going
or what you're doing,
you are telling us that you are not at home.
Or worse, you can reveal important business information
that someone, somewhere could make use of.
[BREAKING: Somali Pirates Attack Commercial Vessel]
[gun shots and incoherent talking]
If you want to get on the inside of a business,
target the individuals that work there.
[GEOFF DANIELS LOGISTICS MANAGER
SOUTH COAST, UK]
Find their weakness, exploit it...
everybody has one.
Just because you think you're talking to a beautiful girl,
doesn't mean that you actually are.
We're all human.
Some people are easily led into careless or foolish acts
that leave them open to blackmail.
Control the individual,
we control what you do.
People are the weak link.
How many passwords do you have?
People use the same password for their bank,
their Facebook, their LinkedIn, their tax return.
If I get your password,
I can act as though I'm you.
Spend your money, take out loans,
even sell your house.
I'll change the address for your statements,
divert your emails.
[PASSPORT CONTROL
ROTTERDAM, NETHERLANDS]
By the time you find out,
I could have spent hundreds of thousands of dollars
and committed crimes in your name.
I can phish with your phone
with texts or WhatsApp
and upload malicious software
to your phone without you knowing.
When you connect it to a computer,
the software can get to work
paralyzing the system until you pay up,
or, whatever we want to achieve.
Technology is my friend.
Every time you connect to a public Wi-Fi network,
we can learn so much about you.
Who you are, where you've been,
who you work for.
Use your phone for sensitive interactions like banking?
Then you are helping us to access your life.
This is what I do.
It is a business
and we are professionals.
[static and beep]
Haziq Mohamed spent three weeks in a foreign prison
before he was able to establish his innocence.
On his return home he found the cybercriminals
had spent $12,000 on credit cards.
His driving license had been used
for insurance fraud which had lead to his arrest.
Geoff Daniels couldn't face the images
he shared with his virtual sex partner online
being seen by family and friends
so he followed the blackmailers demands
and installed a remote device on his company's network.
He worked at a large European port.
With remote access, a criminal gang were able to
alter records to enable goods
to be smuggled out of the port
unseen by customs.
Christos Stamatis regularly posted information
about his work on Facebook.
As the chief of a container ship,
traveling down the East African coast,
he might have thought more carefully
about who might be interested in this information.
But it was his casual attitude towards how he used
his personal devices on board that caused the most trouble.
Having fallen for a texted phishing link,
his phone was infected with malware.
When he used the USB connection
on ECDIS to charge his phone,
the malware crashed the system.
Without it's primary means of navigation,
the ship was forced to divert for repairs
causing a lengthily and costly delay
to his voyage.
Christos is now looking for a new job.
Cybercrime is real.
They target us because we are a weak link.
Treat your personal and your company information
like you would your cash or passport.
Never hand it over unless you are 100% sure
that you know who you are giving it to.
Post on social media sensibly.
Update your password to include letters,
numbers, capitals and symbols.
Keep different passwords for different sites.
Watch out for unsolicited and irrelevant emails with urgent
requests for you to click on a link or upload information.
Never assume that an email is from
who it appears to be from.
Never charge your personal devices
on ship equipment.
Use a dedicated USB charger.
Surf the web with care,
stick to known sites.
Avoid tempting links and free downloads.
Nothing is free, even online,
and the price you pay could be high.
Never take part in anything online that you wouldn't
want to show in the real world.
99% of successful attacks succeed
because we fail to do the basics.
Someone opens the attachment, clicks on the link,
plugs something in.
It only takes one careless click
to expose the entire network.
Make it difficult for cybercriminals.
Don't be the easy target.
[Cybercriminals are targeting the maritime industry.]
[For more information visit Fidrafilms.com/Cyber]
[Pukka FILMS]
[NSSL Global]