NBC News report that attendees at the Winter Olympics were being hacked immediately is "wrong in every respect," Errata Security's Robert Graham says. February 6, 2014 9:50 PM PST (Credit: CNET) A report this week that attendees at the Sochi Winter Olympics were being hacked the second they booted up their electronic devices is "100 percent fraudulent," a security researcher charged Thursday. Robert Graham of Errata Security was criticizing a report by NBC reporter Richard Engel on the safety of logging onto Russian networks. Engel reported that during a security test at cafe with a security expert, "before we even finished our coffee" the bad actors had hit, downloading malware and "stealing my information and giving hackers the option to tap or even record my phone calls." Engel went on to report that once two test computers went online, it took "less than 1 minute [for hackers] to pounce, and in less than 24 hours, they had broken into both of my computers." However, Graham's criticism of the report called it "wrong in every respect," writing in a blog post Thursday that the technical details of the Engel's report reflects the dangers of visiting the Olympics in cyberspace, not in person. "I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day," Graham wrote, referring to common cybercrime techniques. "But the story was nothing of the sort." Related stories Heating vents may have given Target hackers their opening Sochi visitors entering hacking 'minefield' by firing up electronics Target works on security-heavy credit cards, after breach Noting that the NBC News tests were conducted in Moscow and not the host city of Sochi, Graham said that the hack was the result of visiting malicious Olympic-themed Web sites and was just as likely to have occurred to visitors based in the US. Graham also charged that Engel was responsible for a reported phone hack described in the report, writing that Engel initiated download of a malicious app onto his handset. "Absolutely 0% of the story was about turning on a computer and connecting to a Sochi network. 100% of the story was about visiting websites remotely," Graham wrote. "Thus, the claim of the story that you'll get hacked immediately upon turning on your computers is fraudulent." CNET has contacted NBC News for comment and will update this report when we learn more.
NBC News report that attendees at the Winter Olympics were being hacked immediately is "wrong in every respect," Errata Security's Robert Graham says.
A report this week that attendees at the Sochi Winter Olympics were being hacked the second they booted up their electronic devices is "100 percent fraudulent," a security researcher charged Thursday.
Robert Graham of Errata Security was criticizing a report by NBC reporter Richard Engel on the safety of logging onto Russian networks. Engel reported that during a security test at cafe with a security expert, "before we even finished our coffee" the bad actors had hit, downloading malware and "stealing my information and giving hackers the option to tap or even record my phone calls."
Engel went on to report that once two test computers went online, it took "less than 1 minute [for hackers] to pounce, and in less than 24 hours, they had broken into both of my computers."
However, Graham's criticism of the report called it "wrong in every respect," writing in a blog post Thursday that the technical details of the Engel's report reflects the dangers of visiting the Olympics in cyberspace, not in person.
"I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day," Graham wrote, referring to common cybercrime techniques. "But the story was nothing of the sort."
Related stories
- Heating vents may have given Target hackers their opening
- Sochi visitors entering hacking 'minefield' by firing up electronics
- Target works on security-heavy credit cards, after breach
Noting that the NBC News tests were conducted in Moscow and not the host city of Sochi, Graham said that the hack was the result of visiting malicious Olympic-themed Web sites and was just as likely to have occurred to visitors based in the US. Graham also charged that Engel was responsible for a reported phone hack described in the report, writing that Engel initiated download of a malicious app onto his handset.
"Absolutely 0% of the story was about turning on a computer and connecting to a Sochi network. 100% of the story was about visiting websites remotely," Graham wrote. "Thus, the claim of the story that you'll get hacked immediately upon turning on your computers is fraudulent."
CNET has contacted NBC News for comment and will update this report when we learn more.
