There have been many stories in the news recently about superyachts being under treat from cyber attacks. Typical headlines have included ‘cybercrime, the next big thing’, ‘new threats facing billionaire owners’ and ‘less than half an hour to hack a yacht’.
Are hacks really a serious risk for superyachts? What is the likelihood of a yacht being hacked, taken over, sailed to a different location and the people onboard being robbed? And if a superyacht network is hacked, how worried should you be?
No one talks about stealth. Stealth hackers are hackers who get onto your system and stay there for an average of 290 days before being detected. They are waiting for the right moment to steal your money and disappear without anyone being aware.
An owner was defrauded of $11 million in one transaction. The hacker used a phishing email to get into the network, carried out communication surveillance and gained access to negotiation talks between the owner and a broker. When a price was agreed, the hacker sent a confirmation email asking for the money to be paid into a bank account. The owner was expecting such an email and paid the money.
A captain lost $100,000 on a fuel payment. He received an email requesting payment that was identical to previous fuel company’s emails, with only the bank account being different. Caught unawares, the crew made the transaction to the false account and lost $100,000 in the process.
An owner was blackmailed for an undisclosed six-figure sum after a group of cyber criminals compromised the yacht’s camera system and computers. They took several compromising images of owner and guests aboard the vessel then used them to send blackmail demands.
What all three examples show is that stealth hackers take their time. They wait for an easy opportunity to come for your money and many people are not even aware that a crime is being committed.
Financial Superyachts provide a stealth hacker with a high ROI. They link people with big budgets to complex IT networks with many systems, users and hardware. Patient hackers will get a lot of money from a yacht if they find out what is happening onboard, who communicates with whom about what and when large sums of money are expected to change hands. As our examples above show, successful stealth hacks have ranged from 100K to 11 million USD!
Emotional The emotional impact is sometimes bigger than the financial. Feelings range from guilt to mistrust to fear and there is genuine suffering involved. Spending time on a superyacht should be about enjoying yourself and having quality time with loved ones. Not about lying awake at night worrying about hackers invading your privacy.
An ounce of prevention is worth a pound of cure. But what can you do to prevent stealth hackers from taking your money? Understanding how to prevent a stealth hack requires understanding how stealth hackers work.
There are three distinct phases to an attack. Firstly, the hacker needs to gain access to your network. This can be done in multiple ways, including a phishing email, USB stick, an open port and a device left on factory settings. Once in the network, step two is to investigate your activity. Who communicates with whom, what systems are connected to the network, which information can be collected? The last step sees the hackers using what they’ve learned to take your money. This usually involves pretending to be someone they’re not, but can also see data being held hostage in exchange for a ransom.
In order to protect yourself you should follow three similar phases. First of all, deny access to your network. A properly managed firewall, looking at activity between yacht systems and firewall, makes the difference. The second step is to detect hackers using your network. As hackers develop new ways of getting onboard, you have to familiarise yourself with the normal use of the network by crew, guests and owner to recognise divergent behaviour. Thirdly, upgrade your network based on what has been learned in steps one and two. If needed back up data that has been compromised. Sometimes digital forensics are a step – finding the exact location from which the hacker accessed the internet. This information can be handed over to authorities for further action.
All hackers develop their own way of working and you need to rely on more than known methods to uncover them. Check all communication from onboard systems with the outside world and ensure you can distinguish normal network events from abnormal ones. Both require an intimate knowledge of life on a particular yacht.
The most worrying cyber threats for superyachts are stealth hacks. It can be weeks before you discover that stealth hackers have taken your money. The financial and emotional impact is substantial and seven-figure sums are known to have been stolen. This can take the joy out of yachting altogether.
Prevention requires specialist knowledge and constant human-based monitoring. If you don’t have the knowledge, manpower and experience, outside help is a solution. You will need to work with a company that has knowledge of both yachting and cyber security.
VBH partners with Atlas Cyber Security to help superyachts keep the stealth hackers at bay. Atlas brings to the table years of experience protecting some of the world’s most sensitive data for the military, Fortune 500 companies and the intelligence community. The company employs a mix of legislative and cyber specialists and, as one of the advisors to the IMO as its cyber regulation comes into effect in 2021, it can instruct yacht owners and crew on their approach to cyber threats.
Together with Atlas, VBH can offer help with all the key phases involved in protecting your yacht, with specialists taking care of your system 24/7, year-round. We can manage your firewall for you, looking at everything happening between your yacht’s system and the firewall. All activity on your network can be monitored and normal behaviour distinguished from abnormal.
As a special offer, VBH is offering a free five-day assessment of your yacht network, checking your current defences and network activity. All we need to do is install a small computer in your network to collect metadata and analyse it based on our experience and particular algorithms. This results in a report that details exactly which risks you are running and what measures need to be taken.
Call us now for your free assessment! +31 20 799 3700.