In a recent CNN article, an IT specialist installing a simple Internet router aboard a yacht discovered a host of hacking vulnerabilities. In fact, the way the yacht was wired, a hacker easily could seize control over everything from the GPS to the rudder. “Someone could be sitting at a café with a Wi-Fi connection and targeting them, and they don’t know,” CNN quotes him. This inspired the specialist to launch a business preventing cybercrime on superyachts. He’s one of many offering the service, in fact, yet few owners and advisors are paying attention. That has to stop.
Cybercrime on superyachts isn’t a scare tactic, nor is it make-believe. Over the past two years, I’ve learned first-hand from yacht managers whose fleet members suffered attacks. In one case, for instance, the hackers unleashed malicious software that froze every onboard computer. They held the yacht for ransom, too—not coincidentally, days before a charter. The hackers infiltrated the yacht’s system some time previously, and learned of the revenue stream. The captain had the unpleasant task of informing the boss of the ransomware. Failure to take it seriously, though, cost them. Dearly. They had to cancel the charter, and pay the hackers to regain any semblance of control over the yacht.
In yet another case, the hackers were far more sophisticated. They were in the system, quietly, for weeks, even months. They read the captain’s emails and learned how to mimic his writing style. After setting up malware that diverted all incoming messages to their own inbox, they pretended to be the captain in replies. You can imagine the rest: Wire transfers went to their bank accounts, not the yacht’s. (Editor’s note: Here’s the full story.)
These examples of cybercrime on superyachts are not isolated. In fact, they’re growing in frequency. Some of the blame stems from unsecured Wi-Fi networks onboard. Ben Lind, a senior yacht underwriter at AIG, tells CNN, “You can sit in a café at a marina and watch 10 or 20 yacht Wi-Fis come up.” Many of those connections are all on the same yacht, too, since owners want Wi-Fi throughout the decks.
So, what should you do? First, hire an IT specialist to check your yacht’s vulnerabilities. This includes nav systems. Researchers have proven how easy it is to hack and spoof GPS, for example. Second, establish individual, separate networks. One can handle guests’ social media surfing and email. Another should handle the crew’s communications. Yet another should handle sensitive communications regarding business.
Depending on the size of your yacht, or the sensitivity of business conducted aboard, consider a full-time IT consultant. Regardless, at the very least, every owner can take one simple step to prevent cybercrime on superyachts. Change your passwords! Don’t ever use the factory default password for a router or other device. Change the guest login code as well every time guests depart. There’s a reason why financial institutions and others require new passwords every three months or so.
Not convinced cybercrime on superyachts is your problem? Here’s the last word: Few, if any, insurance policies cover it.