Did you know that cybersecurity and⊠beekeeping are like two peas in a pod? If not, you probably missed the introduction, back in 2019, of our bee-hive-oristic engine, which protects ATMs from physical break-ins through integration with an actual beehive (while also providing the ATMâs owners with honey, beeswax, and propolis). To implement the engine, we proposed training ATM maintenance workers and cash-in-transit personnel in applied beekeeping for information security.
So, when the new movie with Jason Statham, The Beekeeper, came out earlier this year, I knew right away it had to be about cybersecurity. And wouldnât you know it, I was right. Now, letâs break down the cybersecurity cases shown in âThe Beekeeperâ. Sure, thereâll be spoilers, but come on, you donât watch a Statham movie for the plot twists now do you? Itâs all about the action, right?
The main character, Adam Clay, is a retired beekeeper â in the sense that heâs a former member of a beekeeper special-ops unit. The Beekeepers are a secret organization that answers to nobody, keeps order in the country, and follows the philosophy drawn from the book âBeekeeping for Beekeepersâ. After retirement, Clay moves in with a sweet old lady, Eloise Parker, and devotes himself to his favorite pastime: beekeeping. Thatâs right, Adam is a beekeeper. Literally. Breeding bees in his free time. (Look, I didnât write the movie, OK?) Of course, as usually happens in any Jason Statham movie, some bad guys show up, mess with Adamâs loved ones, and then spend the rest of the movie trying to mess with the man himself â to no avail. All this happens against a backdrop of some sinister cybercrimes, which actually seem way more realistic than the action sequences.
Vishing: robbery over the phone
The first to get stung is poor Eloise. One day, when she opens her list of banking transactions, she receives a well-crafted warning that her computerâs hard drive is infected with two viruses. Very conveniently, the warning displays a tech-support number to help her get rid of the malware.
Of course, itâs scammers on the line â using their social engineering tricks to rob the poor woman blind. Hereâs how they do it: first, they convince her to visit the website friendlyfriend.net and download a certain app (which actually gives them control of the victimâs computer). Then, as an apology for the inconvenience, the fraudsters promise to wire $500 to Eloise, but âaccidentallyâ transfer $50,000 and ask her to return the excess. She seems to consider contacting the bank, but the guy on the phone convinces her heâll lose his job if she does, and persuades her to transfer the money directly. This is how the scammers get Eloise to enter her âpassword for all accountsâ, which they promptly intercept and use to drain not only all her savings and retirement funds but also two million dollars from the charity fund she runs.
Lessons from the vishing attack
Gotta hand it to the writers, they did their homework on online scams. The attack depicted in the movie combines real-life fake tech-support and vishing tactics with a clever twist â the âaccidentalâ overpayment. Eloise is portrayed as a completely inexperienced user (precisely the type scammers target in real life), and she makes a bunch of mistakes we can learn from.
- Donât call phone numbers that pop up in random windows. Best case, itâs a shady ad; worst â a scam.
- Donât install software just because some stranger tells you to â especially if they admit itâs for remote access; double especially if the website is called friendlyfriend.net and the advertising slogan reads âA remote desktop solution that makes senseâ. That definitely doesnât make sense.
- If you know you have remote access software on your computer, donât enter any sensitive information â especially your payment passwords.
- Having a single password for all your bank accounts is a very bad idea; use unique passwords for everything.
In any case, Eloise should have been wary of the promise to be transferred $500. Nobody gives money away. The right move would have been to hang up and call a family member â Â in her case best would have been her daughter, who works in law enforcement. And her daughter should have installed a reliable protective solution on the computer in advance. That would have stopped the âvirusesâ along with the pesky pop-up windows.
Beekeepersâ showdown
It wouldnât be a Jason Statham movie if he didnât spend most of it violently killing bad guys, and so, as expected, thatâs just what he does â specifically wasting the cybercriminals, their guards, and actually anyone else who gets in his way. But at some point, it turns out that the call-center network scamming all these retirees is run by some high-ranking villains who know about the Beekeepers and have connections in the intelligence agencies. These agencies pressure the Beekeepers to stop Clay, so the latter send his former colleague, Anisette, who took over Adamâs job after he retired. She dies heroically, and the Beekeepers conduct their own investigation and then decide to stay out of it. Hey, listen, I told you already â I didnât write this stuff.
Whatâs interesting about these inter-hive disputes is how Adam decides to upgrade his arsenal at the expense of his deceased colleague. For this, he cuts off her finger, breaks into her beekeeping facility (which also houses a weapons cache), and uses her fingerprint to open several biometric locks. Besides weapons and ammo, Clay also gets her password (DR07Z, printed on a piece of paper) and hacks into the Beekeepersâ information systems. So much for the super-secrecy of this organization. Using the Beekeepersâ systems, he finds the addresses of the call centers, prints them out on a dot matrix printer, and goes back to his warpath.
Silly as it may seem, thereâs a serious lesson here: donât rely solely on biometrics, and protect important things (and data) with at least two-factor authentication. Plus, of course, use strong passwords (five characters is just way too short) and store them in a dedicated password manager.
Misuse of cyberweapons
By the end of the film we see the whole picture of the crime. Turns out the mastermind of the operation is the CEO of a company developing software for intelligence agencies. He uses some âclassified algorithmic data-mining software package developed by the intelligence communityâ to find lonely retirees with substantial savings. When cornered, he flat-out admits he taught the software âto hunt for money, not terroristsâ. What utter gibberish.
However, the idea behind this plot twist is bang on the money â all these mass surveillance and espionage tools governments develop, along with other cyberweapons, could easily fall into the wrong hands and be used to attack innocent people. And thatâs no longer fiction â just look at the WannaCry attack. The EternalBlue exploit and DoublePulsar backdoor used in it were supposedly stolen from intelligence agencies and made publicly available.
So, this seemingly nonsensical action flick actually teaches us that dangerous tools can be used in mass cyberattacks at any moment. Therefore, it pays well to be prepared for anything and use reliable security tools both on personal devices and for corporate protection.
Source: kaspersky.com