Cyber Actors Find a Target-Rich Landscape in Sochi

Today, spectators the world over tuned in to watch the Opening Ceremony of the XXII Olympic Winter Games in Sochi, Russia. Over 100,000 tourists and 3,000 athletes will stay in the Black Sea resort town for 17 days of international competitions. Despite the excitement, however, the past few weeks have seen substantial trepidation over the potential for a terrorist attack. But cyber-attacks, which seem omnipresent at nearly every major news-worthy event these days, are a far more likely (albeit less dangerous) threat.

The Department of Homeland Security’s Computer Emergency Readiness Team (CERT) issued a report detailing the various threats and offering security advice. Hacktivists and cybercriminals alike will undoubtedly seek to exploit the international attention surrounding the Olympics, with different goals in mind: hacktivists like Anonymous are drawn to the games’ large audience as a means to publicize their agendas, while criminals see a gold mine of opportunities for financial exploitation.

Already, Anonymous Caucasus tweeted to its followers to attack Sochi-related websites, using the hashtags #OPSochi and #PaybackforSochi.  The official site for the Russian National Olympic Committee, Olympic.ru, was down for a period of time last week as Twitter followers proclaimed it was revenge for the killing of hundreds of stray dogs inhabiting Sochi. Officially, however, Anonymous Caucasus stated that its actions were in protest to Russia’s deportation and alleged murder of over one million Circassians in 1864: an episode which Circassians today still campaign to have recognized as genocide. 700 other Russian websites are also listed as targets, with the message: "We warned you Russia."[1]

Criminals, too, are having a field day with the influx of tourists, athletes, and spectators – and their electronic devices. As most tech-savvy readers already know, Russia is home to some of the world’s most sophisticated and aggressive cybercriminals, and the global leader in phishing attacks. But they don’t stop at social engineering: malware is rampant in Russia, and virtually every device that connects to a Russian network will receive a hefty dose.  NBC’s Richard Engel put his theories to the test. "One of the first thing visitors to Russia will do is log on," says Engel. "Hackers here are counting on it." His test computer was hacked immediately after he logged on to a Russian network.[2] "Malicious software hijacked our phone before we even finished our coffee, stealing my information, and giving hackers the option to tap and record my phone calls,” he said in his report to NBC.[3]

A third group is also interested in the online activity of American tourists: the Russian government. Americans headed to the games are “likely” to have their communications monitored and should presume that they have no expectation of privacy, said DHS and the State Department. Despite the recent controversy over the National Security Agency’s data collection efforts, such discussions are a moot point in Russia, where the state’s Federal Security Service (FSB) has the lawful right to intercept and collect all electronic communication. Any electronic data transmitted in Russia, ranging from texts to emails to tweets, flows through the Russian System for Operational-Investigative Activities (SORM), according to the State Department’s Overseas Security Advisory Council report. All telecom companies and ISPs are required by Russian law to install SORM devices on their networks, allowing the FSB to remotely access and collect all data. Recent upgrades to the system, particularly in Sochi, give the FSB, formerly known as the KGB, enhanced access to electronic communications. The FSB can and likely will use deep packet inspection to filter data based on key words or phrases, tracking it back to the original user. Encryption won’t help game-goers, as the FSB can also confiscate any device containing encrypted data.

The best advice for visitors to Russia in the coming weeks is to use disposable pre-paid phones and devices cleaned of any sensitive information, with up-to-date anti-virus software and a good VPN. And if at all possible, avoid public and/or wireless networks!  

References:

[1] Carlo Angerer and Michael Isikoff, Sochi Security: Warning of Cyber Attacks as Hackers Target Games, NBC News, February 5, 2014, http://www.nbcnews.com/storyline/sochi-olympics/sochi-security-warning-cyber-attacks-hackers-target-games-n22596.


[2] Daniel Halper, NBC: All Visitors to Sochi Olympics Immediately Hacked, The Weekly Standard, February 5, 2014, http://www.weeklystandard.com/blogs/nbc-all-visitors-sochi-olympics-immediately-hacked_778718.html.


[3] Ibid.