UPDATED: Kyle Wilhoit, Senior Trend Micro Researcher, further confirmed that NBC misrepresented the ‘hacks’ in their video in his blog posts here and here and his whitepaper. Wilhoit is quoted in his blog as saying, “First, all the attacks required some kind of user interaction….Second, these attacks could happen anywhere. They would not just happen in Moscow, nor did it require us to be in Moscow….Third, the infections occurred on newly unboxed hardware. Had basic security precautions such as updating the operating system or not opening emails from unrecognized sources been done, these attacks could have been prevented.”
UPDATED: We originally re-posted the story from NBC. As security researchers have charged, this could be the work of media bias and manipulation. It seems as though, as usual, standard security best practices are all that are needed.
Tweet from Kyle Wilhoit, security researcher in the NBC video in reference to the white paper he is writing describing his trip to Moscow (not even Sochi): “Agreed. A line from the paper: “In this case, he would have been hit in Russia; just the same way he would if in Philadelphia”
So in short, the video was made to sound like Moscow was more dangerous than say a coffee shop in America. As it turns out according to Kyle’s Twitter feed, its no more dangerous if you follow standard security. They purposely downloaded malicious files, and navigated to malware infested Russian websites. According to Erratasec’s blog:
- don’t click on stuff
- patch your stuff (browser, Flash, PDF)
- get rid of the really bad stuff (Oracle’s Java)
- don’t click on stuff
- oh, and if you really are in Sochi, use VPN over the public WiFi
According to NBC, visitors “can expect to be hacked.” The State Dept warns that “travelers should have no expectation of privacy, even in their hotel rooms.” From the point of logging onto their computer and connecting to the internet, the computer was attacked within less than a minute and fully compromised in less than 24 hours. This could become one of the largest data breaches ever if visitors do not heed these warnings. There will be high profile celebrities, athletes, heads of state, foreign dignitaries and more, all with information that attackers would love to exploit.
The advice according to NBC is to leave your electronic devices at home if they are unnecessary. If they are necessary do not connect to public wifi, and remove any private information such as photos, financial information, or similar data.