Typosquatters

Man typing

Of all the myriad of ways that we can be duped, scammed, or otherwise taken advantage of on the internet, “typosquatting” remains one of the easiest to stumble into.

Perpetrators of this scam will purchase site domain names that are very similar to popular pages that people visit, usually by changing the .com part of the web address to .cm. This preys on people who make typos, which is, suffice to say it – all of us.

These duped sites can range from being pop-up laden cesspools riddled with viruses or malware, to near-replicas designed to fool users into inputting login information that can be manipulated later.

So, who is doing this? While these types of tricks can occasionally be tied down to lone actors (given how easy it is to obtain a domain name), KrebsOnSecurity identified the marketing firm Media Breakaway LLC to be behind more than 1500 of these false .cm domains. The company is headed by one Scott Richter – a convicted felon who has been the target of several successful lawsuits for illegal spamming. Other companies related to Richter include Dynamic Dolphin and affiliate[dot]com, also related to email spam.

Just how many people are falling victim to these scams? More than 12 million in a 3 month time frame – amounting to a potential of 50 million per year, according to an analysis conducted by Matthew Chambers. Several of these visitors additionally were found to be coming from .gov and .mil sites in the USA, which are the official federal government and military domains. Many popular news sites, social media, banking, and music streaming sites have these malicious doppelgangers.

The actionable item to protect yourself in this situation ultimately boils down to a matter of double-checking the web address before you hit enter, or bookmark your most commonly visited sites.

For more information on this subject, feel free to reach out to us @CentryLTD on Twitter or any of our other social platforms.

Supply Chain Security Introductory Guide

architecture-bay-boat-326410

Having a secure logistics supply chain can save your company millions in terms of assets and reputation, and here at Centry, we have the know-how to help you. Two of the biggest certifications that we offer consultation on in our supply chain security program include the Authorized Economic Operator (AEO) authorization and compliance with security standards of the Transported Asset Protection Association (TAPA).

What is AEO?

The Authorized Economic Operator (AEO) Program is an initiative of the European Union geared toward securing logistic supply chains against trafficking and financial fraud. Being an Authorized Economic Operator is beneficial – it is an open declaration that your company has a lower risk and threat evaluation.

Basically, traders who meet the criterion of the program are entitled to enjoy benefits of trade in international supply chains. Some of these benefits include things like easier admittance to customs simplification programs, fewer physical and document-based controls, priority treatment if selected for control, and reputational advantages such as recognition as a safe and secure business partner, improved relations with customs and gov’t authorities, and reduced theft and losses.

What is TAPA?

When you become a member of TAPA, you are taking a stance for your company with an internationally recognized leader of the fight against cargo crime. TAPA is a worldwide coalition of manufacturers, shippers, carriers, insurers, service providers, law enforcement, and government agencies. It is inclusive of every type of organization or company facing the problem of cargo crime within the transportation supply chain.

TAPA security requirements have expanded to global recognition as the industry standard for cargo facility and transport security, notably:

  • FSR (Freight Security Requirements)
  • TSR (Trucking Security Requirements)

These standards exist to help TAPA members reduce losses, and to provide a platform for more uniform conformance with state of the art security. Carrier hubs and depots that are TAPA certified guarantee with minimum security standards for manufacturers, and they are suitable for inclusion in contractual agreements.

Centry was recently appointed to be the TAPA Service Center in Thailand, becoming the main TAPA service provider in the country, supplying our services also to the general region of South East Asia.

Our supply chain security team supports organizations that are interested in enhancing the resilience of their supply chains by applying for international certificates and authorizations.

Who Can Benefit from this? ​

Our program is suitable for both organizations who are just beginning the journey toward a more secure supply chain, and organizations that have an established security resilience culture, but wish to improve it with objective knowledge. In order to ensure that the efforts of the organization receive the recognition they deserve, we support our customers in complying with the requirements of AEO, C-TPAT, ISO 28000, TAPA FSR and TSR certificates and authorizations.

Where to Begin

For businesses looking to begin the journey toward securing their supply chains, we provide our full spectrum of services that are aimed at guiding the customer through the whole process of certification and security– from preliminary discussions to the maintenance phase of the security management system.

Our primary objective is to support the creation of a system that suits the existing culture and processes of the organization. This begins with determining the desired outcome for the program, followed by examining the operations to understand the business and pinpoint the critical areas. When the key areas have been identified, we provide our expert knowledge to comply with the requirements of the certificate or authorization. This includes system upgrades, creation of documents, training of staff and third parties, inspections of third parties and ensuring compliance with internal requirements.

How to Extend Your Knowledge

For an organization with established security resilience culture, we provide objective and up-to-date knowledge and services regarding supply chain security. The service can be directed to specific issues or give an overarching view of the whole organization. It ensures that the team tasked to ensure supply chain resilience has the up-to-date information regarding key topics and solutions required to enhance the main business. The services we provide include: site and system assessments to ensure compliance with requirements, workshops and training sessions for key stakeholders, classroom sessions for larger crowds, e-learning solutions to ensure global coverage and intelligence services to clarify the opportunity and threat profiles for business objectives and areas.

As global supply chains involve long subcontracting chains, we provide third-party monitoring solutions. We conduct assessments and investigations on behalf of the organization to their third parties for an objective compliance evaluation against any security requirements.

All of these services can be included with Centry’s Security Manager as a Service -package. With it, the organization has the up-to-date knowledge available, when it is required.

If you have any questions or comments, feel free to contact us at info@centry.global.

Bulgarian-Swiss Business Connection

My Post

Last week, Centry supported the “Promoting business partnerships with Switzerland” forum, organized by the Bulgarian-Swiss Chamber of Commerce (BSCC) in cooperation with the Chamber of Commerce and Industry (CCI) Stara Zagora.

The main objective of the forum was to boost and develop business relations between Bulgarian and Swiss companies such as those already part of the BSCC Partnership Platform and other Bulgarian producers and service providers who plan on working with Swiss companies.

The information presented on Bulgarian-Swiss business relations issues and the role of BSCC in establishing sustainable partnerships between these companies served as the foundation of an interesting discussion during the event.

1.PNG

For more information about the forum, please follow this link to the BSCC website! If you have any questions or comments, feel free to reach out to us on any of our social media platforms.

 

GDPR: Day One

The European Union’s General Data Protection Regulation (GDPR) officially went into effect today. The new regulation exists to give citizens of the EU control over how their data is used. It’s extensive and comes with the promise of harsh fines if non-compliant companies experience a data breach.

Centry’s GDPR Guide, shown on the popular webcast This Week in Law, breaks down the who/what/when/where and why of GDPR for those who want a quick briefing of what this means and why it’s important.

Now, on day one, we are observing the first ripples in the pond of this new policy. Already, BBC has reported that some US-based news websites are unavailable in Europe as the new regulations have come into effect. Some of these include the New York Daily News, LA Times, Chicago Tribune, Orlando Sentinel, and Baltimore Sun.

The above news sites are part of the Tronc media publishing group. Others under Lee Enterprises have been similarly affected. Freelance developer Owen Williams created a blog called GDPR Hall of Shame to provide a tongue-in-cheek illustration of the blunders some companies have made as they have taken the first steps of navigating the ruling.

One of the worst offenders is the social media/micro-blogging platform Tumblr, which requires users to manually deselect more than 300 boxes to prevent each entity from utilizing their data. There is no available option currently for mass selection.

Others are taking the change to data regulation in full stride. Microsoft has expanded their GDPR-compliant policy to protect all of their users, not just the ones based out of the EU.

If you have any questions or comments about GDPR, feel free to contact us on any of our social platforms!

For more content like this, subscribe to Centry Blog for weekly updates related to the security industry, cyber security, risk management, compliance, and global affairs.

What to Pack in a Grab-Bag

One of the ways that you can prepare yourself for an emergency is to stock a grab-bag. That is, a bag containing a handful of supplies that could make all the difference in recovering after an emergency, whether it’s a natural disaster or hostile threat.  The idea is that you need only to take this single bag with you as you respond to a crisis, ensuring that you have what you need for immediate survival following the contingency.

The exact necessities that you pack will be impacted by your geographical location and the regional-specific risks therein, but here are a few ideas to get you started:

Information & Documentation

This should include your passport and/or visa, and any other important documents related to your identity. This is especially important if you are travelling abroad, particularly if the contingency requires you to leave the country. Even if it is for a home-emergency, being able to have at least a couple identifying documents will assist you in the recovery of other important documents after the fact.

Food & Water

A stock of high energy, non-perishable food items and as much water as you can feasibly carry.

Communications

A spare mobile phone with a charger.

Health & Safety

Basic first aid kit and any essential medications that you may require day-to-day.

Other

Some other items to include in your grab bag are money, a change of clothing, candles, matches, a flashlight/torch, and spare batteries.

Keep in mind that the general advised contents of this grab bag address the needs of the average individual whether they are at home or traveling. Family and/or group kits will vary, especially if there are pets involved. 

If you have any questions or would like expanded detail of this, please don’t hesitate to contact us at info@centry.global! Remember to subscribe for weekly updates on Centry Blog, and follow us on Twitter @CentryLTD for more content like this.

Social Networks & Data Protection Policies

tree-200795_1920

In preparation for GDPR, a comprehensive EU data protection law, a few big-name social media companies have taken the time to review their privacy policies, making it easier for users to know where and how their information is being used.

Facebook has made some changes to its privacy settings in light of the Cambridge Analytica scandal and Mr. Zuckerberg’s congressional hearings. While it is not changing the information that the company collects from its users, it is making strides toward greater transparency on what that information is and how that is shared. It created a central hub with a more user-friendly interface to enable people to more easily see what data they are sharing and who can see it.

Additionally, the social network will make it easier for users to see all the data that the company has on them – previously, this could be accessed by a massive data dump download, however the new Access Your Information tool allows individuals to explore the information by category.

Twitter updated their privacy policy, sending out emails to their users with information on some of their key revisions. These include more focus on the controls that they offer users over their personal data, more focus on how Twitter shares public data, more transparency and control over how the data is shared with business partners. Furthermore, there is more clarity about how data may be shared to prevent harm, comply with the law, or serve public interest.

LinkedIn has adapted its policy to enable members to download their personal data, and it has followed up on GDPR’s right to erasure, by clarifying that personal data such as audience email addresses will be automatically deleted within a 90 day time frame if it is not edited or being used in active campaigns.

If you are active on any social media networks, be sure to take a proactive approach and review your privacy settings, as well as the availability of your personal data.

This article was written by Kristina Weber at Centry Ltd. For more content like this, subscribe to Centry Blog and follow us on Twitter @CentryLTD!

A Quick Look: South China Sea Disputes

sunset-1401393_1920

The South China Sea is a critically important trade route of the world, with an estimated $5-trillion worth of goods passing through yearly, which amounts to about 30% of global maritime trade. In addition to that, there are vast oil and natural gas reserves under the sea, and it is the site of lucrative fishing grounds, providing the main source of animal protein for the densely populated southeast Asia.

For all of its resources and strategic value, the South China Sea is highly contentious. Several sovereign states all have varying claims over different sectors of the waterway and the islands therein, whereas non-claimant states advocate for the South China Sea to remain international waters.

These maritime and territorial disputes are complex and sprawling in their nature. To better grasp the greater picture of the situation, we’ve broken it down into a few sections.

The Claimants

The prime areas of contention in the South China Sea include the Spratly Islands, Paracel Islands, and various boundaries in the Gulf of Tonkin. Each claimant nation wants something specific, and they all have their individual justifications for what they want. The main players in the territorial disputes have been China, Taiwan, Vietnam, The Philippines, Indonesia, Malaysia, and Brunei.

551px-South_China_Sea_claims_map

Image 1. South China Sea Claims

China depicts its claims to the South China Sea using the map of the nine-dash line, a vague demarcation line that was inspired by a December 1947 then-Republic of China (1912-1949) map with eleven segments. After the Communist Party of China formed the PRC, the claim was amended to the “nine-dash line” that we know today. The U-shape of it can be observed in Image 1 above.

Taiwan (ROC) also uses the 1947 map it as a basis for their own claim to the contested waters, because it was published before the PRC was established. Taiping Island, also known as Itu Aba Island, is the largest isle of the Spratly group and it remains steadfastly in Taiwan’s control. As one of the world’s biggest seafood exporters, Taiwan’s interests in the region are connected to fishing and oil.

Vietnam’s claim over the Paracel and Spratly islands was first established in a White Paper issued by the Ministry of Foreign Affairs in 1974, with historical evidence as a basis for the claims. It has been a vocal opponent of China’s historical claim over the South China Sea, asserting that China had never claimed sovereignty over the islands before the 1940s, whereas Vietnam had actively ruled over both the Paracel and the Spratly Islands since the 17th Century.

However, tensions between China and Vietnam have been de-escalating ahead of agreements to resolve their disputes. In April 2018, Chinese Foreign Minister Wang Yi gave an announcement that China and Vietnam are moving toward a settlement agreement on the status of their claims in the South China Sea.

The Philippines has historically cited its geographical proximity to the Spratly Islands as the main basis of its claim to the Scarborough Shoal, however its President Rodrigo Duterte has avoided aggressive rhetoric on the issue, saying that he “will not impose anything on China.”

This came after the July 2016 international arbitration that ruled China could not legally claim most of the South China Sea – including a rebuke of the nation’s manmade islands. Although China is a signatory to the UN Convention on the Law of the Sea, it refused to accept the court’s authority on this case.

Malaysia has claimed seven islands in the Spratly group, of which two are also claimed by Vietnam and one by the Philippines. Thus, it has occupied the remaining four and constructed mini-naval stations to reinforce its claim.

Brunei by contrast is sometimes referred to as a “silent claimant” of the South China Sea, however it first asserted rights shortly after gaining independence from Britain in 1984. Its principal interests revolve around the development of offshore oil and natural gas fields – both within its EEZ and outside of its territorial waters. Its claim is on Louisa Reef, which is on its continental shelf, however the Louisa Reef is also part of the Spratly islands, a feature claimed by both China and Vietnam.

Recently, Indonesia ramped up the territorial disputes by renaming the northernmost waters of its exclusive economic zone in the South China Sea to the North Natuna Sea, despite China’s claims to the area.  Ian Storey, a senior fellow at the Institute of Southeast Asian Studies in Singapore, suggested that the renaming of the waterway helped to make it “sound more Indonesian.” It has increasingly conducted aggressive posturing in the area, including a military buildup on nearby Natuna Islands and deployment of naval warships.

For decades, Indonesia’s official policy has maintained that it is not party to any territorial disputes with China on the South China Sea, yet in 2016, the two countries had three maritime skirmishes, including warning shots and a situation where Indonesian warships seized a Chinese fishing boat and its crew.

China’s Manmade Islands

In recent years, China has been building various ports, runways, and radar facilities on manmade islands throughout the South China Sea. CSIS Satellite images from 2016 depict large anti-aircraft guns and weapons systems as well.

These man-made islands have been constructed by dredging sand on to reefs in an effort to boost China’s claim to the Spratly Islands in the South China Sea. China had previously committed to not militarizing the islands, however the CSIS imagery suggests otherwise. Nonetheless, the PRC government maintains that the islands are for maritime safety and civilian purposes.

The Situation at Present

On April 11th, 2018, the Chinese navy began a 3-day drill near its main submarine base in what analysts described as a message to other nations in the area that it was capable of defending its territorial and maritime interests. This display came right as an American strike group, led by the aircraft carrier USS Theodore Roosevelt, conducted its own exercises in the South China Sea. The United States maintains that the South China Sea is international water, and therefore the United Nations Convention on Laws of the Sea should determine sovereignty in the area.

These exercises additionally overlapped with a week-long series of live-fire drills involving the aircraft carrier Liaoning, near the venue for the BOAO Forum for Asia. On the sidelines of the forum, senior fellow Oh Ei Sun said that all the surrounding countries were concerned by the military exercises in the region. This area is significant because it has several underwater channels and straits that could allow China’s submarine fleet to break through the United States’ first and second island chain blockades. Although the location for these specific demonstrations was in a less sensitive area than the South China Sea, it nonetheless served as a means for China to illustrate its military might to the other claimants involved in the disputes.

PRC President Xi Jinping presided over the Chinese navy’s largest military display on April 12th, 2018. The state broadcaster, China Central Television, showed footage of Xi boarding the destroyer Changsha before sailing to an unspecified location in the South China Sea to watch the procession. China’s armed forces are in the middle of a modernization program, and the subsequent military buildup has seemingly unnerved its neighbors, particularly due to the increasing assertiveness on the territorial disputes of the South China Sea.

China intended on holding live-fire military drills in the Taiwan Straits on April 18th, however, it was reported that the drill scaled down in an effort to reduce tensions. The Taiwanese military similarly cancelled a scheduled cannon drill.

The probability of South China Sea disputes leading to an outbreak of hostilities is unlikely, however since China has continued to pursue its territorial and maritime claims, the potential for escalating small-scale skirmishes cannot be ruled out. Furthermore, any escalations in the trade corridor may have an impact on the global economy, particularly if sanctions become involved.

This article was written by Kristina Weber of Centry Ltd. For more content like this, follow @CentryLTD on Twitter!