By End The Lie: Security researchers have revealed that the NBC story about visitors to Russia getting hacked almost immediately is “wrong in every salient detail,” but NBC is defending their report.
Errata Security, a cybersecurity firm out of Atlanta, Georgia, published a blog post stating that the NBC story was “100% fraudulent,” in which they pointed out many questionable details.
For instance, the NBC story as published gave the impression that Richard Engel was in Sochi. In reality, he was in Moscow, over 1,000 miles away from Sochi.
The NBC story gave the impression that they were hacked simply by connecting to local WiFi networks. In reality, they were hacked because they visited Olympic-themed websites, according to Robert Graham of Errata Security.
Graham states that Engel’s phone didn’t even get “hacked” as such, but instead that Engel downloaded a malicious Android application onto his phone.
In order to download that malicious app, Engel had to disable the security features on his phone. Graham reports that this is “something few users would do.”
Graham even attempted to replicate the NBC story, but noted that it is “extraordinarily unlikely Richard Engel would’ve found a virus on his own without being fed specific search terms or a URL.”
“Knowingly disabling security, then hunting for viruses, rigs the test to the same extent as that Dateline NBC gas tank controversy where they rigged a gas tank to explode,” Graham wrote.
Tim Cushing of Techdirt points out just how misleading the NBC article really is.
“Engel’s use of the passive voice (‘the phone was hacked’ rather than ‘I downloaded a virus’) deliberately obscures what’s actually happening on the video,” Cushing wrote.
The real problem is not the wireless networks, but the sites being visited.
“No one’s getting hacked instantly unless they’re going out of their way to act carelessly in a potentially hostile environment,” Cushing wrote.
While NBC could have used the report as an opportunity to promote basic Internet safety procedures, they instead just opted to go with the sensational story of hackers instantaneously breaching all devices connected to the web.
NBC defended their report to CNET, saying that the claims made by Errata Security “are completely without merit.”
The representative for NBC News told CNET’s Steven Musil that all the report was trying to demonstrate is that a person is more likely to be targeted by hackers while conducting searches in Russia.
The representative said that the report made it clear from the outset that the taping was done and Moscow. The rep also acknowledged that the attacks documented in the report can happen anywhere in the world.
The representative said that the story was aimed at showing how people who are less technologically experienced can be targeted by cyberattacks.
However, as Graham noted, the attack required manually disabling a security feature on the Android phone. Why a less tech savvy person would go out of their way to disable a security feature is unclear.
Cushing further notes that even with the disclaimers, “the report was obviously intended to present Sochi as a hackers’ paradise where anyone — even those not stupid enough to visit rogue websites or purposefully sideload sketchy apps — can be compromised before their coffee cools.”
Cushing points out just how misleading the story really was by highlighting key parts of the transcript.
“The assumption is that hackers accessed the computers on their own, rather than having a door propped open by Engel’s visit to malicious sites, most likely sites that any decent browser/search engine would have warned might be an unsafe place to visit,” Cushing writes.
The report said that fans and athletes coming to Russia enter a virtual minefield “The instant they log on to the Internet.” Cushing says that is “obviously false.”
In his conclusion, Cushing writes:
Source
Errata Security, a cybersecurity firm out of Atlanta, Georgia, published a blog post stating that the NBC story was “100% fraudulent,” in which they pointed out many questionable details.
For instance, the NBC story as published gave the impression that Richard Engel was in Sochi. In reality, he was in Moscow, over 1,000 miles away from Sochi.
The NBC story gave the impression that they were hacked simply by connecting to local WiFi networks. In reality, they were hacked because they visited Olympic-themed websites, according to Robert Graham of Errata Security.
Graham states that Engel’s phone didn’t even get “hacked” as such, but instead that Engel downloaded a malicious Android application onto his phone.
In order to download that malicious app, Engel had to disable the security features on his phone. Graham reports that this is “something few users would do.”
Graham even attempted to replicate the NBC story, but noted that it is “extraordinarily unlikely Richard Engel would’ve found a virus on his own without being fed specific search terms or a URL.”
“Knowingly disabling security, then hunting for viruses, rigs the test to the same extent as that Dateline NBC gas tank controversy where they rigged a gas tank to explode,” Graham wrote.
Tim Cushing of Techdirt points out just how misleading the NBC article really is.
“Engel’s use of the passive voice (‘the phone was hacked’ rather than ‘I downloaded a virus’) deliberately obscures what’s actually happening on the video,” Cushing wrote.
The real problem is not the wireless networks, but the sites being visited.
“No one’s getting hacked instantly unless they’re going out of their way to act carelessly in a potentially hostile environment,” Cushing wrote.
While NBC could have used the report as an opportunity to promote basic Internet safety procedures, they instead just opted to go with the sensational story of hackers instantaneously breaching all devices connected to the web.
NBC defended their report to CNET, saying that the claims made by Errata Security “are completely without merit.”
The representative for NBC News told CNET’s Steven Musil that all the report was trying to demonstrate is that a person is more likely to be targeted by hackers while conducting searches in Russia.
The representative said that the report made it clear from the outset that the taping was done and Moscow. The rep also acknowledged that the attacks documented in the report can happen anywhere in the world.
The representative said that the story was aimed at showing how people who are less technologically experienced can be targeted by cyberattacks.
However, as Graham noted, the attack required manually disabling a security feature on the Android phone. Why a less tech savvy person would go out of their way to disable a security feature is unclear.
Cushing further notes that even with the disclaimers, “the report was obviously intended to present Sochi as a hackers’ paradise where anyone — even those not stupid enough to visit rogue websites or purposefully sideload sketchy apps — can be compromised before their coffee cools.”
Cushing points out just how misleading the story really was by highlighting key parts of the transcript.
“The assumption is that hackers accessed the computers on their own, rather than having a door propped open by Engel’s visit to malicious sites, most likely sites that any decent browser/search engine would have warned might be an unsafe place to visit,” Cushing writes.
The report said that fans and athletes coming to Russia enter a virtual minefield “The instant they log on to the Internet.” Cushing says that is “obviously false.”
In his conclusion, Cushing writes:
Sure, there’s likely a higher concentration of hacking activity in Sochi with so many potential targets in the area, but that’s no excuse to promote fear over facts and for journalists to intentionally sabotage their own equipment just to ensure the eyeball-grabbing headline actually fits the content.It seems that above all, NBC is concerned with getting clicks and shares, not really focusing on accurate reporting.
Source
No comments:
Post a Comment