Do you know that cybersecurity and… beekeeping are like two peas in a pod? If not, you most likely missed the introduction, again in 2019, of our bee-hive-oristic engine, which protects ATMs from bodily break-ins by integration with an precise beehive (whereas additionally offering the ATM’s homeowners with honey, beeswax, and propolis). To implement the engine, we proposed coaching ATM upkeep employees and cash-in-transit personnel in utilized beekeeping for data safety.
So, when the brand new film with Jason Statham, The Beekeeper, got here out earlier this yr, I knew immediately it needed to be about cybersecurity. And wouldn’t you recognize it, I used to be proper. Now, let’s break down the cybersecurity instances proven in “The Beekeeper”. Certain, there’ll be spoilers, however come on, you don’t watch a Statham film for the plot twists now do you? It’s all concerning the motion, proper?
The primary character, Adam Clay, is a retired beekeeper — within the sense that he’s a former member of a beekeeper special-ops unit. The Beekeepers are a secret group that solutions to no person, retains order within the nation, and follows the philosophy drawn from the guide “Beekeeping for Beekeepers”. After retirement, Clay strikes in with a candy outdated woman, Eloise Parker, and devotes himself to his favourite pastime: beekeeping. That’s proper, Adam is a beekeeper. Actually. Breeding bees in his free time. (Look, I didn’t write the film, OK?) In fact, as often occurs in any Jason Statham film, some dangerous guys present up, mess with Adam’s family members, after which spend the remainder of the film making an attempt to mess with the person himself — to no avail. All this occurs towards a backdrop of some sinister cybercrimes, which truly appear far more lifelike than the motion sequences.
Vishing: theft over the cellphone
The primary to get stung is poor Eloise. Sooner or later, when she opens her checklist of banking transactions, she receives a well-crafted warning that her laptop’s laborious drive is contaminated with two viruses. Very conveniently, the warning shows a tech-support quantity to assist her do away with the malware.
In fact, it’s scammers on the road — utilizing their social engineering tips to rob the poor lady blind. Right here’s how they do it: first, they persuade her to go to the web site friendlyfriend.internet and obtain a sure app (which truly provides them management of the sufferer’s laptop). Then, as an apology for the inconvenience, the fraudsters promise to wire $500 to Eloise, however “by chance” switch $50,000 and ask her to return the surplus. She appears to think about contacting the financial institution, however the man on the cellphone convinces her he’ll lose his job if she does, and persuades her to switch the cash straight. That is how the scammers get Eloise to enter her “password for all accounts”, which they promptly intercept and use to empty not solely all her financial savings and retirement funds but in addition two million {dollars} from the charity fund she runs.
Classes from the vishing assault
Gotta hand it to the writers, they did their homework on on-line scams. The assault depicted within the film combines real-life pretend tech-support and vishing ways with a intelligent twist — the “unintended” overpayment. Eloise is portrayed as a totally inexperienced person (exactly the kind scammers goal in actual life), and he or she makes a bunch of errors we are able to be taught from.
- Don’t name cellphone numbers that pop up in random home windows. Finest case, it’s a shady advert; worst — a rip-off.
- Don’t set up software program simply because some stranger tells you to — particularly in the event that they admit it’s for distant entry; double particularly if the web site is known as friendlyfriend.internet and the promoting slogan reads “A distant desktop answer that is sensible”. That undoubtedly doesn’t make sense.
- If you recognize you have got distant entry software program in your laptop, don’t enter any delicate data — particularly your fee passwords.
- Having a single password for all of your financial institution accounts is a really dangerous concept; use distinctive passwords for all the pieces.
In any case, Eloise ought to have been cautious of the promise to be transferred $500. No person provides cash away. The appropriate transfer would have been to hold up and name a member of the family — in her case greatest would have been her daughter, who works in regulation enforcement. And her daughter ought to have put in a dependable protecting answer on the pc upfront. That will have stopped the “viruses” together with the pesky pop-up home windows.
Beekeepers’ showdown
It wouldn’t be a Jason Statham film if he didn’t spend most of it violently killing dangerous guys, and so, as anticipated, that’s simply what he does — particularly losing the cybercriminals, their guards, and really anybody else who will get in his means. However in some unspecified time in the future, it seems that the call-center community scamming all these retirees is run by some high-ranking villains who know concerning the Beekeepers and have connections within the intelligence businesses. These businesses stress the Beekeepers to cease Clay, so the latter ship his former colleague, Anisette, who took over Adam’s job after he retired. She dies heroically, and the Beekeepers conduct their very own investigation after which determine to remain out of it. Hey, hear, I informed you already — I didn’t write these items.
What’s attention-grabbing about these inter-hive disputes is how Adam decides to improve his arsenal on the expense of his deceased colleague. For this, he cuts off her finger, breaks into her beekeeping facility (which additionally homes a weapons cache), and makes use of her fingerprint to open a number of biometric locks. Apart from weapons and ammo, Clay additionally will get her password (DR07Z, printed on a bit of paper) and hacks into the Beekeepers’ data programs. A lot for the super-secrecy of this group. Utilizing the Beekeepers’ programs, he finds the addresses of the decision facilities, prints them out on a dot matrix printer, and goes again to his warpath.
Foolish as it could appear, there’s a severe lesson right here: don’t rely solely on biometrics, and defend necessary issues (and information) with at the least two-factor authentication. Plus, after all, use robust passwords (5 characters is simply means too quick) and retailer them in a devoted password supervisor.
Misuse of cyberweapons
By the top of the movie we see the entire image of the crime. Seems the mastermind of the operation is the CEO of an organization growing software program for intelligence businesses. He makes use of some “categorized algorithmic data-mining software program package deal developed by the intelligence neighborhood” to seek out lonely retirees with substantial financial savings. When cornered, he flat-out admits he taught the software program “to hunt for cash, not terrorists”. What utter gibberish.
Nevertheless, the concept behind this plot twist is bang on the cash — all these mass surveillance and espionage instruments governments develop, together with different cyberweapons, might simply fall into the fallacious palms and be used to assault harmless individuals. And that’s now not fiction — simply have a look at the WannaCry assault. The EternalBlue exploit and DoublePulsar backdoor utilized in it had been supposedly stolen from intelligence businesses and made publicly out there.
So, this seemingly nonsensical motion flick truly teaches us that harmful instruments can be utilized in mass cyberattacks at any second. Due to this fact, it pays properly to be ready for something and use dependable safety instruments each on private units and for company safety.
