Are hackers increasingly targeting Russian visitors?

by Charles Leaver

February 12, 2014

access_time 6 min read

For every Olympics attendee who took a computer or smartphone to Sochi, keeping that device safe from attack is an event of its own. In fact, it may be almost impossible, as an undercover report carried out by an NBC reporter found.

Amid rumors that visitors to Sochi were rapidly finding themselves plagued with malware, Richard Engel decided to go to Russia and, with the help of security specialist Kyle Wilhoit, find out exactly how easy it is to get hacked. Engel and Wilhoit set themselves up in Moscow with a few freshly opened MacBooks, according to Engel's report. At home in the U.S., Wilhoit had already made a fake identity for Engel, replete with phony social media information and made-up contacts. Wilhoit then booted up the new MacBooks with Engel's fake information. If hackers wanted data, they were going to give it to them.

The two men proceeded to a restaurant where they unsheathed a brand new smartphone, and also linked that up with Engel's fake information. Soon after that, the phone alerted Engel that it was downloading something. As Wilhoit pointed out, that thing was a piece of malicious software. Engel immediately realized that his IT equipment was no longer safe.

"Anything I say on this will endanger my financial security, maybe even my physical security, depending on who's listening," Engel said.

Arriving back at the hotel, the men discovered that both of the new MacBooks had also fallen victim to hacking. Suddenly, Engel faced the possibility of personal data leakage, with no idea of whose hands that data might fall into.

In the wake of the NSA data leaks, the prospect of personal information being observed is perhaps not as shocking as it once was. Nevertheless, the presence of Russian malware and the ease with which it had installed itself on Engel's device led the two men to issue a word of caution to anyone operating a personal computing device in the hacker's "minefield" that is Russia.

"If you don't really need a device, don't bring it," Engel advised Sochi visitors.

Did NBC report stretch the truth?
The Wire and RT News are among the publications raising doubts about the legitimacy of Engel's report for NBC. RT reported that Engel had not merely been the passive IT device user he'd represented himself as. Instead, he downloaded a hostile app on his phone, instantly exposing his information to a heightened level of risk.

Additionally, security expert Robert Graham pointed out that in order to even be able to download a hostile app, Engel would have had to disable his smartphone's security settings. These settings are a data loss prevention measure that come pre-programmed in smartphones. Engel disabling the setting was a deliberately ill-advised move that placed him at greater susceptibility to attack. Another fault inherent in NBC's investigation, Graham noted, is that the men never actually stepped foot in Sochi, instead limiting their test to Moscow. Given that Moscow is more than 1,000 miles away from Sochi, the conclusion that Sochi victims face immediate hacking seems speculative at best and flat-out wrong at worst, Graham wrote.

Take preventive measures to stave off attacks
Regardless of the NBC report's level of accuracy, the story does point to the need for users to implement proper endpoint security and control on all their personal computing devices. Writing for ITWorld Canada, Jeff Jedras reported that encrypting IT devices is vital for all users, particularly those who will be in densely packed settings like a football game or the Winter Olympics. Data encryption is a means of endpoint security that will leave users anxiety-free knowing their devices are safely guarded.

People attending the Sochi Olympics that are worried about cybersecurity have a trusted ally in Ziften. Read this blog post to learn more about how to protect endpoints while in Russia or anywhere else in the world.