NBC News Runs Fraudulent Report on Network Security at Sochi Olympics

Robert Graham, writing at Errata Security:

Yesterday NBC News ran a story claiming that if you bring your mobile phone or laptop to the Sochi Olympics, it’ll immediately be hacked the moment you turn it on. The story was fabricated. The technical details relate to going to the Olympics in cyberspace (visiting websites), not going to there in person and using their local WiFi.

The story shows Richard Engel “getting hacked” while in a cafe at Sochi. It is wrong in every respect.

  1. They aren’t actually in Sochi (they are in Moscow).
  2. The “hack” happens because of the websites they visit (Olympic themed websites), not their physical location. The results would’ve been the same in America.
  3. The phone didn’t “get” hacked; Richard Engel initiated the download of a hostile Android app onto his phone.

One of the devices was a brand new MacBook (which they opened like an animal), which was “hacked” when a website they visited told them to download some sort of malware masquerading as an antivirus utility. They downloaded it, launched it, and granted it an exception to Gatekeeper’s default rules, which would have prevented it from running. Pretty much the same “attack” as on the Android phone.

Thursday, 6 February 2014