6 Feb 2014

Sochi Visitors Immediately Hacked When Connecting To Wireless Networks

By End the Lie: Visitors to the Sochi Olympics are being immediately hacked when connecting to wireless networks, resulting in a warning from the U.S. State Department according to reports.
Reports from ABC News and NBC News stated that Russian hackers are breaching the phones and personal computers of thousands of foreign tourists visiting the country for the Winter Olympics in Sochi.
The State Department has informed American visitors that they should have “no expectation of privacy” during their stay in Russia, according to Engadget.
The hacking is apparently quite sophisticated, with NBC’s Richard Engel and a security expert showing that test computers were hacked before they even finished their coffee.
The test, which was conducted in a café, resulted in hackers placing malware on the computers, stealing data and “giving hackers the option to tap or even record my phone calls.”

Engel reported that it took “less than 1 minute [for hackers] to pounce, and in less than 24 hours, they had broken into both of my computers.” The report did not state if they were on the café’s public Wi-Fi or if they were on a cellular network.
A security contractor for the Sochi Olympics told ABC News last week that the situation is similar to the Beijing Olympics.
“The host government, private enterprise and individuals pose a big threat to people traveling to the Sochi Games, in respect to monitoring conversations on cell phones and intercepting texts and emails,” the contractor said to ABC.
An unnamed senior U.S. intelligence official told ABC that hacking should be expected.
The tens of thousands of Americans coming to Sochi to watch the games, including some dignitaries, will be “an intelligence bonanza” for organized crime syndicates and Russian spies, according to ABC.
The State Department’s Sochi visitor’s guide states that, “Russian Federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including Internet browsing, email messages, telephone calls, and fax transmissions,” according to PC Magazine.
It’s worth noting that TrendMicro’s Kyle Wilhoit, who worked with Engel on the report, said that they did not install any security software on all of the test devices.
The devices they used were a brand new Apple MacBook air, an Android phone and a Lenovo laptop running Windows 7.
Wilhoit will reportedly post a more technical rundown of the test on Friday, including details about how the devices were compromised.


Daniel Chatfield @danielchatfield
@lowcalspam How did the mac get hacked? By default new macs don't run any code not from the app store.
@danielchatfield Tech blog forthcoming which answers this question. Tentative release on Friday.

Wilhoit’s statement came in response to a Twitter user who wanted to know how the Apple MacBook Air was hacked.
The malicious software installed on the breached devices can reportedly continue to transmit personal data even after the targets leave the country.

Source 

UPDATE 9-FEB-2014: Security Researcher: Sochi Hacking Story Was ’100% Fraudulent,’ NBC Defends Report

No comments:

Post a Comment