Yesterday (Feb 5 2014) NBC News ran a story claiming that if you bring your mobile phone or laptop to the Sochi Olympics, it’ll immediately be hacked the moment you turn it on. The story was fabricated. After further examination we found that the technical details of the hack didn’t make sense. Really, the exploit (and story) relate to going to the Olympics in cyberspace (visiting websites), not going to there in person and using their local Internet connections.
A few relevant points:
The story shows Richard Engel “getting hacked” while in a cafe in Russia. It is wrong and was misrepresented if not altogether misreported:
1. They aren’t in Sochi, but in Moscow, 1007 miles away.
2. The “hack” happens because of the websites they visit (Olympic themed websites), not their physical location. The results would’ve been the same in America.
3. The phone didn’t “get” hacked; Richard Engel initiated the download of a hostile Android app onto his phone.
So, on the eve of the opening ceremonies of the 2014 Winter Olympics we leave you with some salient guidance on how to not get hacked while traveling;
1. Don’t click on stuff if you don’t know where it came from.
2. Before you leave, patch your operating system and applications (browser, Flash, PDF)
3. get rid of the really bad stuff (old Java, unpatched applications, most Adobe browser-integrated products)
4. don’t click on stuff (see #1)
5. oh, and if you really are in Sochi (or anywhere that you don’t control the network), use VPN over the public networks – including WiFi.
6. Encrypt your local hard disk (or solid state) disk drive.
7. Don’t leave your computer unattended. Ever.
8. Don’t leave your computer logged in with your user account. (See #7)
9. Ensure your Antivirus, Antimalware, and Anti-rootkit software is up-to-date and running. If you don’t have or know what these software are, contact your favorite IT company and ask for help.
10. Ensure your personal operating system firewall is running and properly configured.
We of course can help you with any of these. We can even help you create a formal and verifiable endpoint computer security system. If you need help with any of this, please give us a call, email, or tweet!
Special thanks goes to the technical consultant quoted in the NBC article, Kyle Wilhoit for providing specifics to us on the technical details of this ‘hack’.