Clarifying cybersecurity for yachts: link to the article
Published by the PYA (Professional Yachting Association). Interview with Alexandre Bayeux, founder of YachtCyberSafe and La Belle Classe Academy from the Yacht Club de Monaco.
2022, August 17th
Digital security is first and foremost a management issue
2022, August 12th
As masters of the yachts and crews, captains need to have a global and precise understanding of the digital perimeter of their yachts, and to have a simple dashboard to monitor the situation. Captains will probably delegate implementation of solutions to other officers or external contractors. Yet, it is critical for them to monitor and challenge people dealing with digital systems.
Digital management does not require IT skills, but culture of digital security and good practices. This is essential to meet IMO’s requirements. For IMO : “Effective cyber risk management should start at the senior management level. Senior management should embed a culture of cyber risk awareness into all levels of an organization and ensure a holistic and flexible cyber risk management regime that is in continuous operation » (source IMO Guidelines / MSC-FAL.1/Circ.3, 5 July 2017, § 3.3).
How to act. Be pragmatic
You have many powerful quick actions on board to digitally secure the yacht and crew without buying new IT services and devices. In other words, before adding a new locker on the armored front door, start checking if there are windows open, and close them.
You probably need support to guide you: please contact us. email@example.com, +377 9798 2929 or +33 616 99 21 00.
Guidelines for captains / tips before the season
2022, May 18th
If you are starting the season within less than 1 month, go to the essential
- A 1-day digital review mission and awareness training will be very profitable.
- Use this checklist “tips before the season”.
Do you feel far from those basic practices for digital hygiene? Do not panic! The best defence against cyber crime is common sense. Just be very careful with phishing, attached files… and never hesitate to call someone you now to confirm bank details before ordering significant money transfers (fraudulent money transfer is a very profitable activity for cyber criminals).
Cybercrime: How to protect your yacht against 21st century pirates
Written by Kate Lardy
How many different networks are on board your yacht? Are they isolated to stop any access from the guest wifi to a sensitive network such as the CCTV or navigation? How many suppliers and manufacturers have remote access to your yacht? And are their passwords something other than 0000? Are your crew trained to spot and not click on suspicious links? What devices on board require connection without security, like toys, lamps, cameras, watches? Your captain and officers should be able to answer all of these questions.
“Yachts have what all hackers love: money, secrets, negotiations for deals, reputations, famous people…” says Alexandre Bayeux, founder of Xperys, which specialises in yacht cyber security. Cybercrime is big business that’s getting ever more sophisticated. For instance, as of 2020, mercenary hackers with skills that used to be reserved for government agencies have been available for hire for targeted attacks, says Bayeux. Read more…
What you must know and do about Pegasus, over 50 000 exposed people have been targeted worldwide
2021, July 25th
What Pegasus is, born in 2016
Pegasus can allow spies to gain access to an infected phone’s memory and view photos, videos, emails and texts, even on encrypted applications such as Signal or WhatsApp. The software can also let spies record conversations made on or near a phone, use its cameras and locate users. The first famous version of Pegasus was discovered by Lookout and Citizen Lab in 2016. It was used against a rights activist in the United Arab Emirates and a journalist in Mexico. A new version was used against J Bezos in 2018, through WhatsApp. Pegasus has been designed by the NSO Group, a major Israeli cyber-surveillance company. Since 2016, NSO has been constantly developing new versions of Pegasus to use unknown breaches in iOS or Android systems: “zero day” vulnerability.
The latest update in July 2021
The journalist consortium “Forbidden Stories” has listed more than 50,000 mobile numbers from more than 50 countries that appeared to be infested by Pegasus. The list contains the numbers of hundreds of journalists, media proprietors, government leaders, opposition politicians, political dissidents, academics and rights campaigners.
Could you be a target?
For years, the global spyware industry has operated in the shadows, exposed only by human rights organizations and journalists. The industry claims it’s in the business of fighting crime and terrorism. But many users have other goals. The first motivation for cybercrime is money, far ahead of political activism. Criminal organizations offer their services commercially to attack individuals or businesses. Therefore, people with financial, business or political responsibilities are prime targets for smartphone spyware and hacking. People are still very naïve regarding data protection. Daily cyber behaviors provide criminals with so many opportunities.
How to protect?
Awareness first. Exposed people need to be aware of they’re always targets. Xperys has been developing in 2021 specialized programs and training to develop people awareness and reaction and to make organizations resilient to cyber threats. Xperys has an advanced expertise in protection of companies (large and small exposed companies) and families’ interests (family members protection, family officers, yacht crew…). IT tools are needed too. Pegasus is very sophisticated. Some specialized IT security companies (ex: Lookout) have been focusing on Pegasus since 2016, and can deliver appropriate protection. Yet, Pegasus is only 1 type of malware among thousands. Keep operating systems (OS) updated. Xperys can coach your organization to select the appropriate tools and to develop a culture of cybersecurity within your people, including your external key partners.
Information about Xperys ’services: firstname.lastname@example.org
The simplest hack of WhatsApp accounts, and exceptionally effective
2021, August 20th
Have you ever received a message saying “you’ve mistakenly received a text with a 6-digit code, please send it to me”? That’s someone has been trying to hack your WhatsApp account (or Facebook… same tactic).
Why is it so simple? Because WhatsApp needs easy enrollment process be globally adopted by anyone.
WhatsApp enrollment process
When you install WhatsApp on a new phone, the platform asks for the phone number of the account, which you enter, and then it sends an SMS one-time code to that number. This confirms you have the number in your possession. Once you enter the right code, the phone starts to receive WhatsApp messages for that account.
How hackers hack
The hacker just needs to install WhatsApp on a new device, registering the phone number of the target he wants to hack. WhatsApp automatically sends a 6-digit code to the owner of the phone number. The Hacker just has to send a text message like “you’ve mistakenly received a text with a 6-digit code, please send it to me”. If you send back the code, your account is hacked.
This practice is even more effective if the attacker uses an already hijacked account to contact a victim’s friends. In their message, the attacker tells the victim’s friend they are having issues receiving a six-digit code, and so had it sent to their friend instead — « please send it back”.
No IT skill required for this exceptionally effective practice. Easy also to protect, just awareness and common sense.