Tag: Cybersecurity

AIS spoofing in the Black Sea: a quick OSINT demo

Post author By Cyber Cerber
Post date July 10, 2024

As we all are already aware, the Russian invasion of Ukraine started (officially) on February 24th, 2022, and it came along the so-called, classic war, with many other new, developed, and extensive types of warfare: cyber, radio, psychological, financial, etc.

This time, I will show you a quick and very simple OSINT demo, of the AIS spoofing and GPS jamming in West side of the Black Sea region.

AIS stands for Automatic Identification System and is digitally broadcasted information data, over VHF, consisting of ship name, course and speed, classification, call sign, registration number, MMSI, and other information. The Bridge Officers onboard the vessels are then using such information, as an additional tool, for enhancing the ship’s safety navigation and operations.

Since navigation (maritime, aero, auto, etc) is mainly based on the GPS constellation, the obvious target and scope was to interfere with its functionality in certain areas of interest. GPSJam is a live source of such activities.

Other alternative navigation satellite constellations: Galileo (owned by the European Space Agency), BeiDou (owned by the Chinese state), etc.

Now, returning to our AIS topic, today, 10.07.2024, at 03:20 UTC, I did a quick research on some publicly available sources, and here is what I’ve got:

On Marinetraffic, on an overall view over the western side of the Black Sea, you may notice some unusual reported positions inside of the Crimea Peninsula, just NE of Sevastopol.

Zooming in a bit, you’ll observe that there is no “water” in the area, sea, lake or river).

Going to Google Maps, and finding the same location, you might wonder (or not), what few ships will do in the area of an airport… Simferopol Airport (between Rodykove and Ukromnoye area).

Then, I picked up randomly, an AIS of the bulk carrier, named “Magic L”.

To verify the data is accurate, I cheked the same AIS on Vesselfinder, and surprise, here the position on the map was correct.

As the minimum rule of 3rd, I check on another AIS marine traffic source, Shiplocation, and the confusion increased as pinpointing the ship’s name and AIS is resulted in double locations…

The air traffic is affected too due to the shorter response time needed for taking the proper actions, the maritime AIS traffic spoofing is meant to create confusion, traffic jams, chaos or even accidents.

An extensive OSINT & Radio survey will follow, so stay tuned and safe!

Later update: on October 24th, the national TV post, ProTV, confirmed my above statements: Sistemele de navigație GPS după care se ghidează avioanele în zbor au fost lovite intens de bruiaj. De unde vin interferențe.

InfoSec & ICT Maritime & SMB/SOHO:

OmnisMares.com Cyber-Cerber.com

Tags AIS Maritime Traffic, AIS Spoofing, Black Sea warfare, Cybersecurity, CyRComms, GPS jamming, ICT maritime, InfoSec Maritime

CyberOps Social Media

Don’t! Don’t trust!

Post author By Cyber Cerber
Post date March 5, 2024

Don’t trust everything you see!

Don’t trust everything you hear!

Don’t trust everything you read!

One of the things that cybersecurity taught me is to have zero trust and to be suspicious of any information I see, read, or hear.

Your common sense, education, feelings and perception of normality it will be greatly impacted by the mass-media and social media avalanche of so called, information.

“Breaking news” (or just “breaking” … because are so urgent that writing another word, “news”, takes way too much time and energy), are coming almost in real time.

Publish it first, check it later. Or never.

News “from (credible or confidential) sources“, but impossible to be verified, will manipulate you in the direction desired by the owner’s news or the distributor.

The news is not anymore neutral but heavily connected to who is paying the monthly check. Or the big bonus.

Journalism, as in the ethical cod e(s) originally planned, is “rara avis”.

I will not keep you a lecture about journalism, as it is not my field of specialty.

But I would like very briefly, to reiterate few advises for a safer and better online #cyberlife :

https://www.enisa.europa.eu/news/enisa-news/ecsm-20 20

ThinkB4YouClick: Stop, Think, Act (is one of the very first advice you’ll get in a scuba diving class, in stress management).

Use a search engine and do basic research about the info you are just about to “like” and “share”. There are deeper and more complex tools to identify the original sources and to spot the dark side of that information, I’ll be back on this topic in a separate article.

Fake news, Misinformation, Disinformation, Deep Fake, with the aim of the advanced & powerful computer & dedicated software, and with the booming of the #ArtificialIntelligence (aka #AI) support (or… leadership), will produce audio & visual content almost impossible to be classified. This plague will affect directly or indirectly, almost everything and everybody. A fine-tunned “news” (written, audio or video) can crash companies or stock markets, can divert politically elections, can turn the World upside down…

Everybody can be everything, any scammer can be a CEO.
- $25 million video scam ( 2024)
Any crook can be a “public speaker”, any mobster can show off as a prolific businessman. Be suspicious with “overnight” booming businesses… Search who is behind that “successful story”! Search who is involved (politically, economically, “sentimentally/sexually”) in the background. Don’t trust everything you see posted on their “business” website!
Don’t get easily impressed by the high numbers of “likes”, “followers” or “comments” on certain websites, pages, groups or profiles. It is SO easy to buy your “celebrity”. I am not posting links to such “services” as I am not intending to promote such scammers!

And remember, a fake news or misinformation remains an information with no value.

No matter that there is partial reality or truth in that information, the diversion of it with the clear intention of manipulation, is canceling any value of it.

And to give you a harsh example: you have a bottle of water. But somebody is peeing in your water bottle. Just a bit. A very little. Is your water still potable? You will still drink from that bottle of contaminated water?†

I guess, no!

Same with the information. Don’t accept contaminated news, do your best and filter it before accepting it.

If you are not sure how to verify a certain information, drop me an email, or get in directly in touch with me, I will be more than happy to give you some tips to help you in your future #cyberinvestigations. Confidentiality is by default!

… and to end up with a smaile…

Stay #cybersafe!

Cyber-Cerber.com is part of OmnisMares.com

Tags cyberawareness, Cyberprivacy, Cybersecurity, deep fake, disinformation, fake news, misinformation, Social Media

Social Media

Your CV – Your Life!

Post author By Cyber Cerber
Post date April 13, 2023

CV – Curriculum Vitae… or Resume… no, I will not go into this topic. You can find some good guidance in this Harvard Resume/CV guide.

Also, I will not go into the design concept, which format is better or preferred… as there is none. Every recruiter has their own view and opinion, therefore, whatever you’ll choose, you’ll not be good enough for all. Just kidding.

But what I will like to highlight now is your privacy. Your cyber-privacy!

We are all hunting for better jobs. Some of us are getting the dream job thru a direct recommendation, others by direct hunting, others thru a recruitment agency.

The recruitment agency has the privilege of working on our behalf, hunting and matching the best job as per our CV/resume. They deal with the bureaucratic details in the background, the interviews, etc.

And we are happy. And they are happy. So far, so good.

One of the duties of every accredited agency, at least in the EU, is to properly manipulate and store the data. Including our data. Our CV/resume. As per the GDPR. They have certain procedures and protocols, including cybersecurity and cyberprivacy.

And this is good, this is what we want. To have our data, our personal information, in safe hands!

But recently, over the past months, I started to see a lot of individual recruiters, advertising jobs and collecting CVs into, most of the time, Gmail accounts.

Nothing wrong with or against individuals offering jobs to others, don’t take me wrong. Not going into the professional recruitment process (background check, profile match, certifications and skills verified, etc)… if is properly done or is just passing the paper from one hand to another…

My main concern is how our CVs, or personal data, are manipulated, stored, and protected by the @gmail.com user. Is the device “malware” free? Is the user cyber-clean, cyber-aware, and with good internet and computer habits? Is the data stored in a cyber-protected and encrypted environment? For how long the data is stored? What happens with that data after the “recruitment” process is finished? Is deleted? When? How? Do you get any feedback on the status of your CV/resume after the recruitment process is done?

You may say… is just a CV. No bank details, no PIN. Nothing to lose. Right?

Let’s review… In your CV, you have a name, a picture, DOB, location/address, email, telephone number, in-depth details of your previous jobs, medicals & references details… And the list can go on. And what can happen? Well… sit tight and brace for impact…

Impersonating, fake profiles, spare phishing, or even whaling, and cyberbullying, online harassment are just a few of the real dangers behind personal data (CV) in the wrong hands.

Just do a quick test… type “CV” in any search engine? What you’ll get? Tons of data, private data. Add a name… and there you go. And you don’t want to be on that visible list. Not to mention the dark web and deep web!

Don’t post your CV online. Don’t give your CV to anyone who is just posting a job offer… Is that job offer even for real? Sometimes, we see “recruiters” of large (yes, large) yachts with Yahoo, Gmail, or other free accounts. If for a yacht of 30-40mtrs that is self-managing, this might be OK, for a large yacht with solid logistic support… it does not sound professional.

A few pieces of advice before sending your data:

Do a bit of basic research (searching engines, social media, etc) before jumping with “CV sent. Thank you Sir/Madam”…

Ask your recipient for an email confirmation and application status (forwarded, accepted, rejected, denied, etc). I know…most of the recruiters are demanding professionalism but they deeply lack basic polite feedback so… even fewer expectations from a @Gmail “recruiter”!
Ask for written confirmation of CV/resume/data deletion after the recruitment process is completed

Personal and professional data must be carried out in the most private and professional way. Treat the subject seriously and good luck in your job hunting!

Tags Curriculum Vitae, CV, CV privacy, Cyber Awareness, cyber-cerber, Cyber-Cerber.com, Cyberprivacy, Cybersecurity, CyRComms, GDPR, Resume, Your CV - Your Life

CyberOps

Screen Privacy Protector

Post author By Cyber Cerber
Post date May 12, 2021

In a World where privacy issues are getting bigger and bigger, sometimes small and simple solutions may have a big positive impact.

In the below video, I ran a small test. Devices: a laptop (Macbook Pro M1) and an iPhone 12 Pro Max. Both with Belkin privacy screen protector.

Screen intensity on both devices: approx 75%.

You’ll be pleasantly surprised to see that bystanders are not able to spy (with or without bad intentions) your screen. The 30 degrees view angle is excellent and is doing its job. For the mobile phone, the touch feeling and response is very good, plus the scratch protection included.

Installation on both laptop & mobile – very easy. And very important – with no air bubbles left between the screen and the protection foil.

Cybersecurity & personal privacy are not a joke anymore! Treat them with maximum responsibility!

For more info & advices, stay tuned on Cyber-Cerber.

Tags cyber-cerber, Cybersecurity, privacy screen protector, protector de ecran de confidențialitate, protector de pantalla de privacidad

Social Media

Facebook – Review posts you’re tagged in

Post author By Cyber Cerber
Post date November 26, 2020

Did you noticed that when you self-tagged in a post and later on you want to have that post on your wall, you don’t find it in you’re “activities”?

No problemo, there is a work-around solution!

For some reasons, Facebook does not shows always your self-tagged post in you’re “activity” therefore you cannot add it on your wall. What you have to do is:

make you’re post and tag yourself with @myname
check Activity log

Review posts you’re tagged in

Verify in either “Friends” or “Others” – most probably, you’re post where you just self-tagged, is not visible there so you cannot “Add to Profile”

To correct the problem:
- return to your original post,
- open “edit”,
- delete YOU’RE (self)tagged @myname,
- save the post,
- open again you’re same post
- and edit it by adding again you’re @myname
- and save it again – “update post”.
Redo the steps described above “Edit Profile” – “Activity Log” – “Review posts you’re tagged in” and there you are. “Add to Profile” and you are done!

Hope you enjoyed the tip, stay safe and have fun!

by CyberCerber

Tags Activity log missing tag, cannot find my self-tagged post in Activity Facebook, Cyber Cerber, Cyber Intelligence, Cybersecurity, Facebook Activity log, Facebook tagging, How to self-tagg in a Facebook post, Missing self-tagged post in Facebook, Review posts you are tagged in, Social Media, View tags in Facebook