An experiment set up by NBC News reporter Richard Engel demonstrated this week how quickly Russian hackers can break into the laptops and other mobile devices of those traveling to Sochi for the Winter Olympics.
In a report filed on NBC, Engel recounted how hackers broke into two brand new laptops shortly after he set them up at his hotel with the help of a cyber security expert. Engel received “Hello, welcome to Sochi” messages on both devices as well as on his new smartphone, the report said.
Long a hotbed of cyber crime, in recent years Russia has produced Olympic –class hackers who authorities fear will flex their considerable muscle as foreign tourists and reporters flock to Sochi for the Winter Games. Indeed hackers breached all of the security on the reporter's devices and the malware downloaded on Engel's phone and laptops made it possible for them to listen in on conversations and access information.
In advance of the Games, US-CERT issued a three-pronged warning for travelers, cautioning against cyber criminals who “may use the games as a lure in spam, phishing or drive-by-download campaigns to gain personally identifiable information or harvest credentials for financial gain” as well as hacktivists who might try to exploit the presence of a large audience “to spread their own message.” CERT also encouraged those attending the Games to assume “their communications will likely be monitored.”
That latter warning could be equally applicable to the activities of cyber criminals and government forces. According to story in Bloomberg BusinessWeek, the U.S. State Department's Overseas Security Advisory Council issued a warning that the Russian System for Operational-Investigative Activities (SORM) was recently upgraded so that it can capture telephone communications as well as intercept Internet traffic, ostensibly on behalf of the Federal Security Service (formerly the KGB), which is charged with preventing terrorist attacks and other malevolent events during the Olympics. The U.S. council noted that the system is also capable of “collecting and storing all user information and data (including actual recordings and locations),” the Bloomberg BusinessWeek story said.
UPDATE: Security Researcher Robert Graham took issue with Engel's report last week, calling it, in his blog, "wrong in every salient detail." Based on information from the Twitter feed of the TrendMicro expert used in the NBC report, Engel was not in Sochi at the time of the "experiment" and any hacking was the result of visiting hostile, Olympic-themed websites, which could have occurred from virtually any location in the world. In a statement to Business Insider, NBC News defended Engel's report and its handling of the story, saying, "The point we were demonstrating is that a user is more likely to be targeted by hackers while conducting search in Russia, and that such attacks happen with alarming speed from the moment a user goes online."
[An earlier version of this story's headline said the hackers and Engel were based in Sochi.]