Categories
CyberOps

AIS spoofing in the Black Sea: a quick OSINT demo

Black Sea

As we all are already aware, the Russian invasion of Ukraine started (officially) on February 24th, 2022, and it came along the so-called, classic war, with many other new, developed, and extensive types of warfare: cyber, radio, psychological, financial, etc.

This time, I will show you a quick and very simple OSINT demo, of the AIS spoofing and GPS jamming in West side of the Black Sea region.

AIS stands for Automatic Identification System and is digitally broadcasted information data, over VHF, consisting of ship name, course and speed, classification, call sign, registration number, MMSI, and other information. The Bridge Officers onboard the vessels are then using such information, as an additional tool, for enhancing the ship’s safety navigation and operations.

Since navigation (maritime, aero, auto, etc) is mainly based on the GPS constellation, the obvious target and scope was to interfere with its functionality in certain areas of interest. GPSJam is a live source of such activities.

Other alternative navigation satellite constellations: Galileo (owned by the European Space Agency), BeiDou (owned by the Chinese state), etc.

GPS Jam

Now, returning to our AIS topic, today, 10.07.2024, at 03:20 UTC, I did a quick research on some publicly available sources, and here is what I’ve got:

On Marinetraffic, on an overall view over the western side of the Black Sea, you may notice some unusual reported positions inside of the Crimea Peninsula, just NE of Sevastopol.

Marinetraffic Black Sea

Zooming in a bit, you’ll observe that there is no “water” in the area, sea, lake or river).

Marinetraffic

Going to Google Maps, and finding the same location, you might wonder (or not), what few ships will do in the area of an airport… Simferopol Airport (between Rodykove and Ukromnoye area).

Google Maps Crimea

Then, I picked up randomly, an AIS of the bulk carrier, named “Magic L”.

Marine Traffic - Magic L

To verify the data is accurate, I cheked the same AIS on Vesselfinder, and surprise, here the position on the map was correct.

Vesselfinder - Magic L

As the minimum rule of 3rd, I check on another AIS marine traffic source, Shiplocation, and the confusion increased as pinpointing the ship’s name and AIS is resulted in double locations…

Shiplocation Magic L

The air traffic is affected too due to the shorter response time needed for taking the proper actions, the maritime AIS traffic spoofing is meant to create confusion, traffic jams, chaos or even accidents.

An extensive OSINT & Radio survey will follow, so stay tuned and safe!

Later update: on October 24th, the national TV post, ProTV, confirmed my above statements: Sistemele de navigație GPS după care se ghidează avioanele în zbor au fost lovite intens de bruiaj. De unde vin interferențe.

SC OmnisMares SRL

InfoSec & ICT Maritime & SMB/SOHO:

OmnisMares.com Cyber-Cerber.com

Categories
CyberOps Social Media

Don’t! Don’t trust!

Don’t trust everything you see!

Don’t trust everything you hear!

Don’t trust everything you read!

One of the things that cybersecurity taught me is to have zero trust and to be suspicious of any information I see, read, or hear.

Your common sense, education, feelings and perception of normality it will be greatly impacted by the mass-media and social media avalanche of so called, information.

“Breaking news” (or just “breaking” … because are so urgent that writing another word, “news”, takes way too much time and energy), are coming almost in real time.

Publish it first, check it later. Or never.

News “from (credible or confidential) sources“, but impossible to be verified, will manipulate you in the direction desired by the owner’s news or the distributor.

The news is not anymore neutral but heavily connected to who is paying the monthly check. Or the big bonus.

Journalism, as in the ethical code(s) originally planned, is “rara avis”.

I will not keep you a lecture about journalism, as it is not my field of specialty.

But I would like very briefly, to reiterate few advises for a safer and better online #cyberlife :

https://www.enisa.europa.eu/news/enisa-news/ecsm-2020

  • ThinkB4YouClick: Stop, Think, Act (is one of the very first advice you’ll get in a scuba diving class, in stress management).
  • Use a search engine and do basic research about the info you are just about to “like” and “share”. There are deeper and more complex tools to identify the original sources and to spot the dark side of that information, I’ll be back on this topic in a separate article.
  • Fake news, Misinformation, Disinformation, Deep Fake, with the aim of the advanced & powerful computer & dedicated software, and with the booming of the  #ArtificialIntelligence (aka #AI) support (or… leadership), will produce audio & visual content almost impossible to be classified. This plague will affect directly or indirectly, almost everything and everybody. A fine-tunned “news” (written, audio or video) can crash companies or stock markets, can divert politically elections, can turn the World upside down…
  • Everybody can be everything, any scammer can be a CEO.
  • Any crook can be a “public speaker”, any mobster can show off as a prolific businessman. Be suspicious with “overnight” booming businesses… Search who is behind that “successful story”! Search who is involved (politically, economically, “sentimentally/sexually”) in the background. Don’t trust everything you see posted on their “business” website!
  • Don’t get easily impressed by the high numbers of “likes”, “followers” or “comments” on certain websites, pages, groups or profiles. It is SO easy to buy your “celebrity”. I am not posting links to such “services” as I am not intending to promote such scammers!

And remember, a fake news or misinformation remains an information with no value.

No matter that there is partial reality or truth in that information, the diversion of it with the clear intention of manipulation, is canceling any value of it.

And to give you a harsh example: you have a bottle of water. But somebody is peeing in your water bottle. Just a bit. A very little. Is your water still potable? You will still drink from that bottle of contaminated water?†

I guess, no!

Same with the information. Don’t accept contaminated news, do your best and filter it before accepting it.

If you are not sure how to verify a certain information, drop me an email, or get in directly in touch with me, I will be more than happy to give you some tips to help you in your future #cyberinvestigations. Confidentiality is by default!

… and to end up with a smaile…

Stay #cybersafe!

Cyber-Cerber.com is part of OmnisMares.com

Categories
Social Media

Your CV – Your Life!

CV – Curriculum Vitae… or Resume… no, I will not go into this topic. You can find some good guidance in this Harvard Resume/CV guide.

Also, I will not go into the design concept, which format is better or preferred… as there is none. Every recruiter has their own view and opinion, therefore, whatever you’ll choose, you’ll not be good enough for all. Just kidding.

But what I will like to highlight now is your privacy. Your cyber-privacy!

We are all hunting for better jobs. Some of us are getting the dream job thru a direct recommendation, others by direct hunting, others thru a recruitment agency.

The recruitment agency has the privilege of working on our behalf, hunting and matching the best job as per our CV/resume. They deal with the bureaucratic details in the background, the interviews, etc.

And we are happy. And they are happy. So far, so good.

One of the duties of every accredited agency, at least in the EU, is to properly manipulate and store the data. Including our data. Our CV/resume. As per the GDPR. They have certain procedures and protocols, including cybersecurity and cyberprivacy.

And this is good, this is what we want. To have our data, our personal information, in safe hands!

But recently, over the past months, I started to see a lot of individual recruiters, advertising jobs and collecting CVs into, most of the time, Gmail accounts.

Nothing wrong with or against individuals offering jobs to others, don’t take me wrong. Not going into the professional recruitment process (background check, profile match, certifications and skills verified, etc)… if is properly done or is just passing the paper from one hand to another…

My main concern is how our CVs, or personal data, are manipulated, stored, and protected by the @gmail.com user. Is the device “malware” free? Is the user cyber-clean, cyber-aware, and with good internet and computer habits? Is the data stored in a cyber-protected and encrypted environment? For how long the data is stored? What happens with that data after the “recruitment” process is finished? Is deleted? When? How? Do you get any feedback on the status of your CV/resume after the recruitment process is done?

You may say… is just a CV. No bank details, no PIN. Nothing to lose. Right?

Let’s review… In your CV, you have a name, a picture, DOB, location/address, email, telephone number, in-depth details of your previous jobs, medicals & references details… And the list can go on. And what can happen? Well… sit tight and brace for impact…

Impersonating, fake profiles, spare phishing, or even whaling, and cyberbullying, online harassment are just a few of the real dangers behind personal data (CV) in the wrong hands.

Just do a quick test… type “CV” in any search engine? What you’ll get? Tons of data, private data. Add a name… and there you go. And you don’t want to be on that visible list. Not to mention the dark web and deep web!

Don’t post your CV online. Don’t give your CV to anyone who is just posting a job offer… Is that job offer even for real? Sometimes, we see “recruiters” of large (yes, large) yachts with Yahoo, Gmail, or other free accounts. If for a yacht of 30-40mtrs that is self-managing, this might be OK, for a large yacht with solid logistic support… it does not sound professional.

A few pieces of advice before sending your data:

  • Do a bit of basic research (searching engines, social media, etc) before jumping with “CV sent. Thank you Sir/Madam”…
  • Ask your recipient for an email confirmation and application status (forwarded, accepted, rejected, denied, etc). I know…most of the recruiters are demanding professionalism but they deeply lack basic polite feedback so… even fewer expectations from a @Gmail “recruiter”!
  • Ask for written confirmation of CV/resume/data deletion after the recruitment process is completed

Personal and professional data must be carried out in the most private and professional way. Treat the subject seriously and good luck in your job hunting!

Categories
IT & Networking

Manual force scan & device reboot

You have installed an internet cyber protection on your device? Mobile, laptop or desktop? Do you push for manual Operation System and apps/software updates? Do you apply the basic cyber protection while traveling and working from home? Great! You are doing good!

But there is still something else, many times ignored:

despite the fact that your internet protection is active and scanning in real time whatever is IN or OUT and happening in your device, there might be still a problem: like the zero-day vulnerability , antivirus databases not updated or updated with an inaccurate database.

Therefore, make a good habit and at least, one time every two weeks run a quick scan, and once a month, run a full scan with your antivirus/antimalware application.

A file or application recently downloaded might be credited as “clean” at the time of first scanning but assessed as “dangerous” at a later stage, simply because the cyber-protection database is updating constantly and files considered good… now are bad.

And yes, make a habit to reboot your device (laptop, desktop, tablet, including mobile phones and smart watches). You will enjoy a better & faster functionality!

Be cyber-safe!

Categories
Social Media

Tip & Tips on SuperYachts

As per Merriam-Webster online dictionary, “TIP” is, among many other meanings, “to give a gratuity to”.

Cambridge Dictionary define it as “to give someone who has provided you with a service an extra amount of money to thank them“.

In plain words, tip is when you give some extra money, besides the official charge for that service, because you liked that service. You liked her smile, you liked his skills and professionalism showed above average, you like the way how she presented you the menu or the tips in how to spend your time in the area etc.

In my opinion, if the tip is compulsory…. there is lost the meaning of “above average service”! The guest or client will pay anyway so… what for to give some extra mile in providing the service. On the other side, if you’ll get the tip only if you are really good in the job you do, then we are talking about competition and performance.

Giving a tip is encountered almost everywhere. In some places, is a norm, almost compulsory. In other places… is seen as bit unusual.

In the superyachts, as well as in the cruise ships, industry tip is a big, big attraction for the old crew and greenies alike. Apart from the monthly wage, tip is sometimes mentioned by the Crewing Agency during the employment procedure. But be aware of what you sign as it may state very clear some words, as “Owner or Master discretionary” for example.

Tips might be is mentioned also during various training courses (especially for greenies), as a stimulus in paying the fees & joining the classes. Please… be aware of trainers which are promoting “onboard tips guarantee” during their classes. Is not such guarantee, it is a pure BS! Stay aware of those so-called experienced “trainers”.

So, let’s clarify the myth of “tips on superyachts”.

First of all, there are 3 categories of yachts (in the meaning of operational status): private yachts, chartered yachts, and mixed private-charter yachts.

A private yacht is a vessel owned by a person (or family). Crew is getting their monthly wages. Sometimes, under solely discretion of the Owner, a tip may be given.

A charter yacht – is a vessel managed by a company, who is chartering it to another party (a person, a group, a company) for a certain period of time and under certain terms and conditions. The crew is payed monthly (on-charter or off-charter), but during the on-charter time, an extra money is received. In few words, an equivalent of XX percentage of the chartering fee is representing the tips for crew. Which is spread among the crew but in various amounts for each crew, based of the internal procedures established by the Master and Management.

And there is the mixed, private-charter yacht, which is somehow similar with the charter yachts. With monthly wages and variable tips.

And here is coming the interesting, sometimes unclear or even unfair part of tips distribution onboard:

  • everybody is getting a tip, even when you are in vacation (as equal part with your rotational team). Everybody is happy, everybody is working hard 365 days a year/30days a month/7days a week/24 hrs a day.
  • you might get tip only while onboard. When in vacation… you are skipped. Which is a bit unpleasant (and definitely, unfair), especially when you work very hard to get the vessel ready for the charter but your vacation is due just before the charter to start.
  • you might work onboard during the charter but… the tips is purely discretionary and you (and others) is out of the list. Simply because your job is somehow in the background (engine, galley, laundry) and you are not seen by the Guests. Yes… unfair and very demotivating!

Few advices for crew, experienced or greenies:

  • the fact that you get a tip does not make you better, more cunning or superior to any other crew on the Planet! You are just lucky to be have that job. Do it good, be professional. Be humbled! That’s all.
  • never ever show off with your tip… Is yours, you worked hard for it, good. Keep it in your pocket. Shows a huge luck of education and respect towards the others to flutter your money!
  • tips or no tips, you are a professional. Don’t step over your crew-mates or credit yourself a job just to be in the front of the Guests or Owner… Remember, respect last longer than money!

Be safe, be always professional & keep smiling!

Costa

www.Cyber-Cerber.com | www.YachtDiver.eu

Categories
CyberOps IT & Networking

3 basic steps to enhance your cyber-travel protection

The internet is full of competent advices in how to stay cyber-protected while surfing and browsing the world wide web.

In this very short guide, I will show you 3 very basic and very simple tricks to enhance your cybersecurity, on mobile, desktop or laptop device. Are free and easy to implement.

So, let’s begin:

  1. VPN: you heard about Virtual Private Network which is doing exactly what is saying: is placing your traffic inside of a tunnel between you and your final destination, via a Domain Name System provider. Trustable providers: CloudFlareWARP 1.1.1.1 or ProtonVPN (free or payed). I strongly recommend to have VPN installed (at least 2-3 options, because in some countries you may face heavy or random difficulties to use them) and activated at all the time! Not only when travelling or performing online banking or shopping but 24/7/365. Not all VPN’s are equal good, some of them are well known for selling your traffic data to some other parties.

2. DNS – the 1st step after joining a network, change your default DNS to 1.1.1.1 (part of Cloudflare), 208.67.222.222 · 208.67.220.220 ( part of Cisco), or 9.9.9.9 (Quad9). The instructions are quite easy to follow and takes few minutes to be implemented.

3. Internet protection: no matter what OS or device you are using, the cyber-protection is a must. Don’t be a cheap bastard! If you pay couple of good hundreds of euros for a device, you’ll have some “peanuts” money for a yearly subscription. Don’t think that if you are not a high profile VIP or important CEO, your data are less valuable! You have phone contacts & emails (see the email phishing attack in 2021), pictures… private stuff! You should take care of your digital data as much as you take care of your real life! Bitdefender is one of the recommended AV options. Also, you can consult AV Comparatives if you are looking for another trustful option.

Keep in mind that there is no perfect and complete cybersecurity protection! You, the user, are playing a very important role too in staying safe in the wild cyber World.

For consulting & support, contact me as listed on the main Cyber-Cerber page.

Stay safe!

Categories
CyberOps

Manually Apps store & OS updates

Even if you have the setting on auto-updates, make a habit in manually forcing your App store (iOS or Android) to download & install updates for all your installed applications.

The speed of spreading the malware is incredible and sometimes, many times in fact, patches are released with immediate application.

Do the same good habit for Windows updates or macOS updates.

Do it one time, two times a week. It takes few seconds to see if your Apps or iOS/macOS/Android/Windows is up-to date.

Seconds which may save your virtual life. And sometimes, your real life too.

Categories
CyberOps

Screen Privacy Protector

In a World where privacy issues are getting bigger and bigger, sometimes small and simple solutions may have a big positive impact.

In the below video, I ran a small test. Devices: a laptop (Macbook Pro M1) and an iPhone 12 Pro Max. Both with Belkin privacy screen protector.

Screen intensity on both devices: approx 75%.

You’ll be pleasantly surprised to see that bystanders are not able to spy (with or without bad intentions) your screen. The 30 degrees view angle is excellent and is doing its job. For the mobile phone, the touch feeling and response is very good, plus the scratch protection included.

Installation on both laptop & mobile – very easy. And very important – with no air bubbles left between the screen and the protection foil.

Cybersecurity & personal privacy are not a joke anymore! Treat them with maximum responsibility!

For more info & advices, stay tuned on Cyber-Cerber.

Categories
AVIT on Superyachts

AVIT vs ETO

Continuing our first blog into the AVIT engineer/officer on superyachts , now will guide you thru a basic description of a very common (unfortunately), still yet, mixed up between AVIT and ETO titles.

You may find various good descriptions of the jobs as on WilsonHalligan website. Unfortunately, many recruiters are still posting AVIT and ETO jobs positions with mixed up titles & duties, making the novice job-hunters quite confused.

AVIT – is the officer/engineer onboard in charge of the entire Audio-Video entertaining equipment and IT/Networking plus Satellite Comms (Vsat/TVRO). And everything between, starting from the CCTV to DJ consoles, from direct customer service to contractors, refit & shipyard planning.

These days… is one of the most important positions onboard simply because almost our entirely business & life goes thru the cyber-world internet. Your VVIPs may nicely survive a couple of hours without AC or toilette system… but cut off their internet for 1 minute and you’ll see the difference. Let the crew without internet for half day… and you’ll have a mutiny onboard 😉

ETO – is the engineer in charge of the, let’s say, in very few words… 110/220V and up. It is a critical job onboard as everything is run by electricity.

And now… let’s go into the overlapping grey area between the AVIT & ETO. On “smaller” yachts, 65… 90m LOA, you might find a position with somehow both duties combined. Being AVIT as 1st job and partially/”light” ETO/electrical & engine basic duties. You might do, apart of your main AVIT duties, some basic electrical maintenance (lightning system), bridge & navigation equipment, radars, GMDSS etc. Or the other way around – electrical as 1st duties with complementary AVIT jobs.

Engine watchkeeping might (while alongside/off operation) be on your duty list too. Engine team is small, working and supporting each other, which makes a great environment to work.

On larger yachts, +90… +100m LOA, the engine team is getting substantially bigger therefore, your job can be dedicated only to AVIT and the ETO team is separate (CETO, ETO, Asst Electrician). As AVIT you might have even a 2nd AVIT onboard, in case of a very large superyachts with heavy 24hrs around the clock operations.

As AVIT, you’ll (mainly) report to Chief Engineer or Chief ETO. And Master, of course.

Some jobs onboard may be shared between the AVIT & ETO department: for example, the ETO are taking care of the CCTV cameras & security doors while the AVIT are looking after the networking components of the respective systems.

About the AVIT Officer/Engineer job description, shore technical support, required qualifications & experience, working schedule & life onboard, tips for getting a job, comparison between the job onboard superyachts & cruise ships, and more, in our next blogs.

Stay tuned & stay safe!

Costa

Categories
AVIT on Superyachts

AVIT on SuperYachts

Superyachts… the ultimate luxury life-style for the wealthy people. Working on superyachts… the ultimate dream for any mortal worker. To see, feel and side-enjoy the life where almost anything is achievable.

But to work on superyachts and to be above average, targeting to the top professional in your field, you must follow some good and solid principles.

A series of blogs will follow with tips and tricks to join and perform at the best with some of the best in our field of the Audio-Video IT sector!

Stay tuned & stay safe!