The Winter Olympics in Sochi are off to a rocky start to say the least. The web is saturated with pictures from Sochi of unfinished hotels, awkward communal bathrooms, contaminated brown tap water, and uncovered manholes. Security concerns are high due to political unrest in the area, just today there was an attempted hijacking of a commercial flight. Fortunately the flight landed safely and the suspect is in the hands of the authorities. If it weren't enough for travelers to worry about their health and physical safety they must also worry about their privacy.
In the Sochi 2014 – Visitor Information For Olympic and Paralympic Games guide, the U.S. Department of State issues this warning:
"Travelers should be aware that Russian Federal law (known by the Russian acronym SORM) permits the monitoring, retention, and analysis of all data that traverses Russian communication networks, including internet browsing, e-mail messages, telephone calls, and fax transmissions. All systems, whether wired or wireless, are subject to monitoring including telephone conversations (landline and cellular), fax, internet, e-mail, VOIP, and SMS/instant messaging. The information may be stored and analyzed for up to three years."
Travelers going "to Russia by the thousands are entering a mine field the instant they log on to the internet." But the Russian government is not the only cyber threat lurking in Sochi. Hackers are ready and waiting to attack unsuspecting travelers.
NBC reporter Richard Engel and top American computer security expert Kyle Wilhoit traveled to Sochi to see just how real the Russian cyber threat is. In an experiment Wilhoit created a fake identity using Engle's real name and filled two brand new Apple computers and an Android smartphone with troves of "potentially attractive data" to entice hackers.
The pair entered a café in Sochi and connected to the free public Wi-Fi where Engel says "malicious software hijacked our phone before we even finished our coffee. Stealing my information and giving hackers the option to tap and record my phone calls." The hacked smartphone appeared to be a Smasung Galaxy S3 running Android. Android is by far the most popular operating system for mobile devices, and unfortunately also known for being vulnerable to attack.
The apple computers did not fare any better. Upon opening the first computer and connecting to the internet hackers quickly identified and attacked the device. "It had taken hackers less than 1 minute to pounce," said Engel, "within 24 hours they'd broken in to both computers and started helping themselves to my data."
Not content with the troves of data stolen from the compromised computers the hackers then used the data to develop a targeted attack built specifically for Engel. "I received a customized phishing message, an email addressed to me" said Engel. Travelers in Sochi for the Olympics cannot expect privacy not "even in their hotel rooms."
The Olympic Games' organizers were well aware of the cyber threat present in this area of the world and charged the antivirus company Kaspersky Labs with the duty of protecting travelers attending the games. Kaspersky is making a valiant effort but even they admit that "visitors here will bring so many devices the hackers will have plenty of targets."
The best advice Engel could give to anyone planning on attending the Olympics in Sochi was "if you don't really need a device don't bring it, (and) try and avoid the public Wi-Fi." Furthermore any one brave enough to bring and use their electronic devices should be using up-to-date anti-virus software, this applies to computers and mobile devices. Travelers should NOT respond to unprovoked emails, should NOT open e-mail attachments, and should NOT download any unfamiliar software to their devices.♦
James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email:James@ArmorforAndroid.com; Twitter:@James_AfA