As The Olympics Begin, Visitors Should Expect No Online Privacy, Even In Hotel Rooms

Image via Alexandar Mark/Shutterstock

Visitors for the Sochi Olympics now have one more issue to worry about: online security. But it may not be quite as bad as NBC’s Richard Engel makes it out to be.

Engel reiterated on Tuesday, “The state department warns the travelers should have no expectation of privacy.”

To demonstrate, he used several electronic devices and monitored their security. With the help of top American security expert Kyle Wilhoit, Engel used two laptops in his hotel room, both with fake contact lists. One was compromised within a minute, and both were completely hacked within 24 hours.

Engel also used a brand new smartphone to browse the web at a restaurant. The phone was hacked “almost immediately.” From that point on, hackers had access to any information on the phone and had the option of tapping and recording phone calls.

Engel did give some advice for any visitors: don’t use devices you can do without, avoid public WiFi, and get rid of any personal information like financial information and photographs.

Others Say The Report Is Misleading

Some experts disagree with how the news report was edited, saying it left out pertinent information that would give more context for the security threats.

Wilhoit himself, the security expert who appears in the segment, said everything isn’t as it seems. He tweeted, “Unfortunately, the editing got the best of the story. Cut a lot of the technical/context details out.”

As blogger Robert Graham points out, the story has a lot of holes: 1. They aren’t in Sochi, but in Moscow, 1007 miles away. 2. The “hack” happens because of the websites they visit (Olympic themed websites), not their physical location. The results would’ve been the same in America. 3. The phone didn’t “get” hacked; Richard Engel initiated the download of a hostile Android app onto his phone. In other words: Engel went to bad websites and clicked things he shouldn’t have. Purposefully or not, he was the one responsible for downloading malicious software. Wilhoit has said he’ll release a paper with his full findings from the experiment. He agreed with Graham’s interpretation, tweeting this excerpt from his forthcoming paper: “In this case, he would have been hit in Russia; just the same way he would if in Philadelphia.”

 

NBC Responds, Defends Its Report

An NBC spokesperson spoke to Business Insider about Graham’s points. The spokesperson said Graham’s claims are “completely without merit,” arguing each one point by point:

1- From the very first frame it was made absolutely clear that the piece was taped in Moscow. Richard welcomed the expert to Moscow on camera, in front of a well-known Moscow landmark.

2- Of course this type of cyber attack can happen anywhere in the world, but the point we were demonstrating is that a user is more likely to be targeted by hackers while conducting search in Russia, and that such attacks happen with alarming speed from the moment a user goes online.

3- The story was designed to show how a non-expert can easily fall victim to a cyber attack when they are deceived into downloading a piece of malicious software that is disguised as a friendly message or alert. Just like any regular user, Richard went online, searched sites and was very quickly targeted and received a tailored fake message designed to trick him into downloading the software.

The bottom line, then, is that visitors to Sochi should show caution when browsing the web, just as they would if they were anywhere else.

And visitors in Sochi may still be at a higher risk. One senior U.S. intelligence officer told ABC News that the tens of thousands of visitors would be “an intelligence bonanza” for Russian spies and for organized crime groups.