Update: Robert Graham who writes at the blog Errata Sec disputes NBC’s story, calling it “100% fraudulent.” Basically, the NBC reporter hacked himself, Graham writes. Kyle Wilhoit, the expert included in the piece, is working on a full blog post that explains exactly what happened.
Visitors and participants in this year’s Winter Olympics, which kick off in Sochi on Thursday, can expect a reasonable level of security for their personal data — unless of course they plan on sending an email, logging onto Facebook, or even turning on their device, if NBC is to be believed.
In a segment on last night’s Nightly News inevitably called “Russian Roulette”, Richard Engel reported that for out-of-towners it’s not a matter of if you’ll be hacked, but when.
To test his theory, Engel had fake contact lists and other pieces of phony data loaded onto two brand new computers, one Mac and one PC. Within one minute, hackers had launched an attack. In less than 24 hours, they had access to the data on both machines.
Engel also dropped by a coffee shop where he began to surf the web on a brand new Android smartphone. Within minutes, a piece of malware was downloaded onto his device, Engel says, “stealing my information and giving hackers the option to tap and record my phone calls.”
So who’s in charge of stopping these attacks? That would be the Russian computer security company Kaspersky Lab, which according to the official Sochi Games website, will “provide operational services and technical support for the security system on a 24/7 basis and conduct constant monitoring, making it possible to quickly identify and block all new online threats.”
So much for that promise. When Engel spoke to Kaspersky’s Deputy Director Sergey Novikov, he said there are simply too many devices to protect them all. “Every segment of this huge huge huge infrastructure can be under attack.”
Of course, even if Kapersky Labs could protect visitors’ devices from malicious attacks, their data would still be exposed — to Russian government authorities. The State Department recently issued a warning that read, “Travelers should be aware that Russian Federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including internet browsing, e-mail messages, telephone calls, and fax transmissions.”
The good news is, with no safe access to the Internet tourists will have more time to enjoy the real-life charms of Sochi like yellow tap water, semen-soaked sheets, and privately-contracted dog murder squads.