If you're going to Sochi, you may get hacked
According to a report by NBC News, it’s entirely likely that you will get hacked almost as soon as you land in Sochi.
Hackers are prepared to compromise your devices and steal your data the moment you log into any electronic device that can access the Internet. And as NBC News Chief Foreign Correspondent Richard Engel discovered, it wasn’t if you would get hacked, but rather when.
“The State Department warned that travelers should have no expectation of privacy, even in their hotel rooms,” Engel said. “And as we found out, you are especially exposed as soon as you try to communicate with anything.”
To test his theory, Engel brought two laptops to Sochi and uploaded a fake identity with the help of an American security expert. He tried the same experiment with a smartphone. The hackers got to him both times.
Kaspersky Labs is tasked with protecting Sochi from hackers during the Winter Olympics, but according to an expert, visitors will bring so many electronic devices that hackers have plenty of alternatives to target
Engel’s advice? Leave your electronic devices at home.
Update: Security blogger Robert Graham makes an important distinction: It's not the local Wi-Fi that renders you vulnerable, it's the Olympic websites, which can be accessed from anywhere.
The story shows Richard Engel "getting hacked" while in a cafe in Russia. It is wrong in every salient detail.
- They aren't in Sochi, but in Moscow, 1007 miles away.
- The "hack" happens because of the websites they visit (Olympic themed websites), not their physical location. The results would've been the same in America.
- The phone didn't "get" hacked; Richard Engel initiated the download of a hostile Android app onto his phone.
- ...and in order to download the Android app, Engel had to disable a lock that prevents such downloads -- something few users do [update].
I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day. But the story was nothing of the sort.
Instead, the hacking in the story was due to the hostility of Olympic themed websites. The only increased danger from being in Russia is geolocation. Google uses your IP address to increase the of rank local sites, so you'll see more dodgy Russian sites in the results. You can disable this feature in your Google account settings.
H/T Betabeat | Screengrab via NBC News