On the wireless security front, it was a wild week at the Winter Olympics. Before the games even began, NBC Nightly News broadcast a disturbing story that correspondent Richard Engel’s laptop and phone were attacked by malware soon after booting up his devices in Russia. But a few days later, security expert Robert Graham blasted NBC’s report as completely false. Graham said Engel’s phone didn’t get hacked; Engel initiated the download of a hostile Android app onto his phone. He also clicked on an Olympic themed spearphishing email that downloaded malware onto his laptop. In other words, his devices were compromised due to his own actions. NBC fired back that its story was designed to show how a normal user could fall victim to a cyber attack. The network said Engel went online, searched sites and received a bogus message designed to trick him into downloading malware. Would many mobile device users normally do that? Maybe, given the statistics on how many of them fall victim to phishing exploits.
When You’re Online In Russia, Be Careful What You Click On
Whatever you think of the NBC story, one thing is clear: When it comes to your wireless security at the Winter Games in Sochi, you’re in a high risk environment. In 2013, Lookout found there was a 63% chance of encountering malware in Russia, compared to about 4% in the United States. What’s more, cybercriminals routinely exploit high profile events like the Winter Games because they draw huge crowds. At the Beijing Olympics, they created fake websites that looked like they were for the legitimate event. Russian cybercriminals are highly experienced at creating spearphishing campaigns like that which is why US-CERT is warning visitors to the Olympics to watch out for them. Internet users are also advised to exercise caution when they view live coverage, event replays or checking medal statistics online.
The Data Explosion At Sochi Means More Wireless Security Risks
The wireless networks that 40,000 officials, athletes, journalists and support staff are using at the Games were built by Avaya. The California company told the BBC it can handle up to 120,000 mobile devices on site per day – three devices per person. While Avaya’s WiFi networks provide some protection for those cleared to use them, guests and spectators will have to rely on Russian telecommunications. And that puts them at high risk for cyber attacks and spying. Russia has a law which allows the monitoring, retention and analysis of data that goes through the country’s networks – including Internet communications, email, phone calls and fax transmissions. That means all your personal and business information is fair game the moment you arrive in the country.
Phones Hijacked At Sochi Hotels, Press Room Computers Inspected
The day the Games began, Forbes reported that security start-up Silent Circle was getting alarming calls from hotel guests in Sochi. The visitors said strange things were happening to their phones – they were rebooting and overheating in the middle of the night. Silent Circle CEO Mike Janke, said, “I’m assuming Russian intelligence is inside their phones or they downloaded something.”
Meanwhile Yahoo sports reporter Charles Robinson tweeted from the press room that Russia’s Spectrum Management Team was inspecting laptops for private wireless access points which are prohibited by the government – it says because they interfere with and slow down public WiFi communications.
They’re not messing around with private wifi. It’s difficult to track & monitor, so they bounce you if they find it. pic.twitter.com/ZXfDS8yBYe
— Charles Robinson (@CharlesRobinson) February 8, 2014
Too Many Wireless Devices In Sochi to Protect Them All
The Russian security company Kaspersky Lab is charged with monitoring what’s going on at the Games to quickly identify and block all new online threats. But the company’s deputy director admitted to NBC News that there are too many devices to protect them all. He said, “Every segment of this huge huge huge infrastructure can be under attack.” The company has already registered a spike in spam emails using the Sochi Games to promote their services. Spam recipients are being lured into embezzlement schemes that offer to make travel arrangements.
Kaspersky and other security companies offer these wireless security tips if you’re at the Olympic Games:
- Make sure your firewall is turned on and your virus and malware protection constantly updated.
- Don’t log into any of your usual email or password protected accounts, including Facebook. Open a free email account that you only use for your trip to Russia. Then close it before going home to avoid passing malware to other clean devices. Don’t access your own social media accounts.
- Don’t open any attachment in a suspicious email with an Olympic-related header. It may contain malware.
- Use a VPN to send and receive low risk traffic on public WiFi networks.
- Understand that in certain high-risk countries such as Russia, the networks you’re on are considered untrustworthy. Before you leave home, remove anything data from your devices that you can’t afford to lose.