OlympusNet News              

2018 Port Townsend Film Festival Thoughts
The Monday re-entry to the real world after a weekend of other worldliness is a challenge. The Festival takes us to worlds we don’t know or wouldn’t normally choose. Monday’s challenge is to distill the essence of the weekend.

The fraction of the Festival we saw was exciting, inspiring and fun. Janette Force, Jane Julian, the Staff, the cast of reviewers, talented filmmakers, packs of volunteers and generous sponsors made last weekend Port Townsend’s high point of the year.

Beside Me by Tedy Necula is now one of my all-time favorite movies. It often takes war to disrupt, condense then reveal the essence of how groups of people behave under pressure. Instead of war, Tedy Necula used a full stranded subway car between stations in Bucharest to reveal how relationships evolve. When the subway car at last pulled into a station, Necula tied the loose ends together in a masterful way.

We gravitate to the ‘short’ movies because many of the full-length films crave editing which they don’t get. Shorts demand tight stories, are diverse and transport the audience to those other worlds. The best, and they were superb in every way, were Lost in Aroncore, Two Balloons, Open Your Eyes, Little Potato, The Human Face, and The Art of Richard Thompson.

The Festival’s single irritation was the Best Documentary Feature award which went to On Her Shoulders. I wish the award had gone to a more deserving film. Irritating was the incessant repetition, not disclosing the evolution of the Yazidi religion’s rejection of their community’s returning ISIS sex slaves, the protagonist’s not learning English to promote the Yazidi cause and finally the time spent tilting after the ineffectual windmills of the UN and the Internal Court of Justice. That energy could have been better spent unifying the Yazidi diaspora.

Of the Sunday Morning Storytellers, Tedy Necula had a lot to say. Alas I could understand but a fraction of his narrative. I so hope he will return to the Festival.

For the film reviewers and choosers, I appeal to your sense of adventure. Take more risks. You’ll stretch your audience and they’ll appreciate you for it.

Thank you to those who made the Festival a reality. It is an uplifting experience —Ned Schumann

SANS OUCH! for September: CEO Fraud/BEC

What Is CEO Fraud/BEC? Cyber attackers continue to evolve an email attack called CEO Fraud, or Business Email Compromise (BEC). These are targeted email attacks that trick their victim into taking an action they should not take. In most cases, the bad guys are after money. What makes these attacks so dangerous is cyber attackers research their victims before launching their attack. It is also very hard for security technologies to stop these attacks because there is no infected email attachments or malicious links to detect. Here is how the attack works.

The cyber attacker uses the Internet to research their intended victim and people their victim interacts with. For example, if they target you, they would research who your boss is at work or perhaps a real estate agent you are working with from home. The cyber attacker then crafts an email pretending to be one of these people and sends it to you. The email is urgent, requiring you to take an action right away, such as processing an invoice, changing who you make a payment to, or convincing you to reply with sensitive documents. The email works by pressuring you into doing what they want. Here are two examples of how just such an attack could work:

Wire Transfer:
A cyber criminal is after money. They research the company you work for, such as identifying who works in accounts payable or anyone responsible for transferring funds. The criminals then craft and send an email to these individuals pretending to be their boss or a senior executive. The email tells them there is an emergency and money needs to be transferred right away to a new bank account. The email pressures them into making a mistake, and in reality, they are sending money to the cyber criminal.

Tax Fraud:
Cyber criminals are after people’s personal information to use for tax fraud. One of the fastest ways to get this is to steal the information of all the employees at a company. The cyber criminals research and identify who works in Human Resources. They then send fake emails to these individuals, pretending to be a senior executive or someone from legal. The emails create an urgent story, that the tax information on all the employees has to be submitted right away. The people in Human Resources think they are sending the sensitive documents to the senior executive, when they are really sending them to a cyber criminal.

Protecting Yourself
So, what can you do to protect yourself? Common sense is your best defense. Here are the most common clues to look for: The email is very short (often only a couple of sentences), urgent, and the signature says the email was sent from a mobile device.

There’s a strong sense of urgency, pressuring you to ignore or bypass your employer’s policies. Always follow work-related policies and procedures, even if the email appears to come from your boss or the CEO.

The email is work related but uses a personal email address, such as @gmail.com or @hotmail.com.

The email appears to come from a senior leader, coworker, or vendor you know or work with, but the tone of the message does not sound like them.

Payment instructions are provided, but these instructions differ from ones you already received, such as requesting immediate payment to a different bank account.

If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your supervisor. If you have been targeted at home or you have fallen victim and a wire transfer was made, immediately report it to your bank, then to law enforcement.

View and download this and earlier OUCH! articles from https://www.sans.org/security-awareness-training/ouch-newsletter