The 2014 Winter Olympics are set to start on Friday in Sochi, a Russian city located on the shores of the Black Sea.
There have been many controversies regarding this choice of host city (and country), but also when it comes to the expected blanket communication surveillance – communication interception, metadata collection, etc. – that Russia will effect during the Games.
US CERT has published on Tuesday a set of tips both for viewers and travelers to Sochi about the cyber-related risks they should take into consideration.
While hacktivist activity is not something they should concern themselves with, government surveillance is.
“Russia has a national system of lawful interception of all electronic communications. The System of Operative-Investigative Measures, or SORM, legally allows the Russian FSB to monitor, intercept, and block any communication sent electronically (i.e. cell phone or landline calls, internet traffic, etc.),” they explained.
“Reports of Rostelecom, Russia’s national telecom operator, installing deep packet inspection (DPI ) means authorities can easily use key words to search and filter communications. Therefore, it is important that attendees understand communications while at the Games should not be considered private.”
They also warned about the possibility of any computer or software containing sensitive or encrypted data being confiscated by Russian authorities when they depart from the country.
“Travelers may want to consider leaving personal electronic devices (e.g. laptops, smartphones, tablets) at home or alternatively bring loaner devices that do not already store sensitive data on them and can be wiped upon return to your home country. If individuals decide to bring their personal devices, consider all communications and files on them to be vulnerable to interception or confiscation,” they pointed out.
Another type of threat comes from cyber crooks and scammers looking to take advantage of the huge global interest in the Games.
Internet users are advised to be careful when viewing live coverage, event replays, or checking medal statistics online.
“Events which gain significant public interest and media coverage are often used as lures for spam or spearphishing campaigns. Malicious actors may also create fake websites and domains that appear to be official Olympic news or coverage that can be used to deliver malware to an end user upon visiting the site,” they noted.
“Viewers should be wary of any other source claiming to provide live coverage. As always, it is best to visit trusted resources directly rather than clicking on emailed links or opening attachments.”
In addition, if you are looking to buy tickets, use the Website Checker tool (at the end of this page) to see whether the website you’re planning to buy the tickets from is an Authorised Ticket Reseller.
NBC News has a short report on the dangers visitors face by using their Internet-enabled devices, but unfortunately doesn’t go into much detail on how the compromises happen.
But the danger is real: from insecure public WiFi networks and rogue access points; Bluetooth attacks, malicious charging stations, to malicious downloads masquerading as updates or patches, and device theft.
Actually, the best thing to do if you’re not tech-savvy is to not bring your own phone or laptop with you at all, or bring it but clean it thoroughly of every shred of sensitive information before visiting.
Disable Wi-Fi, Bluetooth and NFC on the devices, don’t log into sensitive accounts while you’re there, don’t accept unsolicited downloads, and don’t (if you can help it) use third-party charging or storage services.