While the threat of terrorism at the Winter Olympic Games has grabbed the headlines, NBC Nightly News reports there’s another covert threat facing visitors to Sochi – WiFi hotspot hacking and identity theft. Every time you connect to the Internet in Russia, your personal information and your company’s information are fair game for hackers and spies.
Russian law allows intelligence agencies to engage in electronic spying on anyone inside the country. And members of Russian organized crime groups known for hacking computers and smartphones aren’t likely to be prosecuted in their homeland. That means your personal information and your company information are at risk.
Playing Russian Roulette With Your Identity At Sochi Hotspots
To demonstrate the magnitude of the WiFi hotspot threat, NBC News chief foreign correspondent Richard Engel travelled to Sochi with American computer security expert Kyle Wilhoit. They brought a brand-new Mac, a Lenovo PC running Windows 7 and an Android phone which Wilhoit had loaded with a fake identity for Engel – including bogus contacts, email, and a Twitter account. At the hotel where they were staying, Wilhoit used specialized software to monitor both computers. After connecting to the Internet, he found it took less than one minute for hackers to attack one computer. Within 24 hours, both computers had been hacked; and Engel’s data was scooped up and transmitted to servers in Russia.
Engle and Wilhoit also visited a local restaurant where they went online to browse for information about the Olympics. Engel’s smartphone was immediately hacked by a piece of malicious software that was downloaded onto his device. The malware hijacked his phone, stealing Engel’s information and allowing hackers to tap and record his phone calls.
State Department Issues Warning: Expect No Privacy in Russia
The State Department has warned travelers to Russia that they should have no expectation of privacy, even in their hotel rooms. It said that “Russian Federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including Internet browsing, email messages, telephone calls, and fax transmissions.” In other words, if you connect to the Internet, you should assume that all of your traffic is public.
- If you plan to connect to WiFi hotspots, remove anything important on your phone or computer before coming to Russia. Many security experts even advise purchasing a new device that you only use during your trip.
- Make sure your firewall is turned on and your virus and malware protection is up to date. But understand this is absolutely no guarantee your devices are protected. In certain high-risk countries such as Russia, the networks you’re on are considered untrustworthy. So exposure to attacks is far higher than in normal online environments.
- Follow your company’s policy on connecting to corporate email or systems from countries such as Russia where networks are considered unprotected from large scale government surveillance.
- Don’t log into any of your usual email or password protected accounts, including Facebook. Open a free email account that you only use for your trip to the Olympics. Then close it before going home to avoid passing malware to other clean devices. If you are tempted to tweet, avoid using your own Twitter account.
- Use a personal VPN to help safeguard low risk traffic you send out from WiFi hotspots.
- Don’t make any online purchases, including paid WiFi hotspot access.
Remember, whether it’s hackers or spies, the Russians will own your online communications at the Sochi Olympics. That means it’s up to you to take every possible precaution to avoid becoming a victim of identity theft. Your online security and your personal security depend on it.