It was a story too good to check. Olympics-bound NBC News reporter Richard Engel gets off the plane in Sochi and steps into a fog of malware, Wi-Fi honeypots and sinister auto-downloads. Within minutes, his phone is compromised. Rushing to turn off his Wi-Fi and freeze his banking apps, he barely escapes with his checking account intact. To an innocent viewer, the message is clear enough: the Russian internet is no place for the weak.
The Russian internet is no place for the weak
The NBC report made the rounds Thursday and, within 24 hours, was revealed to be almost entirely bogus. The reporter was in Moscow, more than 1,000 miles away from Sochi. All the malware downloads were initiated by the reporter, after seeking out sites where malware was likely to be found. Even worse, there was nothing local about it. Aside from Google Search's geographical bias, which shows more Russian sites to Russian visitors, Engel could have found the same page and the same malware without leaving New York. The Russian hackers, so threatening on TV, turned out to be not much more than a camera trick.
The hackers turned out to be not much more than a camera trick
That's not to say the Sochi games are entirely malware free. There have been plausible reports of Flash-targeting exploits on the local Wi-Fi networks, and the State Department has already warned visitors of unofficial live-streams that could be used to spread viruses. But much of that is just standard issue web hygiene, and so far pirated Olympics coverage hasn't proved much more dangerous than, say, the new Hobbit. So why all the obsession with the Russian hacker figure? Why is the myth of the virus-laden Olympics so hard to dismiss?
On some level, it's because the myth isn't all myth. Russia really is a net malware exporter, and any time a private company attempts a botnet census, the country is usually first by a mile. They make most of the fraud-based software on the web, and host most of it too. Network-based fraud is still a lucrative business, and as arrest after arrest shows, it's one the Russian crime syndicates have adopted as their own.
There's a darker side to the false hacking claims
At the same time, the very nature of those crimes makes geography largely irrelevant. The primary tools of network crime, tools like botnets and social engineering for account details, work no matter where you are. There are extra tricks that can be pulled in close proximity, like the Wi-Fi exploit mentioned earlier, but there's no indication those tricks are actually being used, and the extra police attention at the Sochi games is likely to make the hacks more trouble than they're worth.
One of the most intensive campaigns of digital surveillance in the 21st Century
All that would just make the reports a harmless diversion, a non-story — but there's a darker side to the false hacking claims, and it comes from the people running the networks in the first place. For most security researchers, the games aren't an example of digital lawlessness, but one of the most intensive short-term campaigns of digital surveillance the 21st century has ever seen. As The Guardian has previously reported, Russian authorities are closely monitoring all web and phone traffic using a new version of their Sorm system upgraded specifically for the games. Rather than relying on sketchy open Wi-Fi from third parties, most visitors will be treated to a high-speed network maintained by the Russian government, and presumably closely monitored by state security operatives. As one Globe and Mail writer put it, "during the Games, it is reasonable to assume that all phone calls, e-mail, texts, web browsing, online banking and access to voice mail will be intercepted and exploited." And not by hackers, but by the government.
Something much more troubling than a few bad downloads
This distinction is particularly crucial because the fear of wild hackers is one of the things that allows that very system to be set up. By now, President Putin might not see the need to justify surveillance to Russians — but if any visitors wonder why the FSB needs such intensive access to the phone lines, the NBC report and others like it could go a long way towards convincing them. The phenomenon isn't unique to Russia either. When President Obama needed to defend NSA surveillance as a vital to national security, cybercrime was first on the agenda, playing off fears of financial attacks and Chinese malware bombs. The point was simple enough: as long as the open web is dangerous, you're better off with someone listening in. Who else will protect you from the hackers?
Of course, NBC and Engel surely have no interest in justifying Russian surveillance, but by taking the country’s reputation for cybercrime at face value, they may have given credence to something much more troubling than just a few bad downloads. We don't yet know if Sochi is a direct target for hackers, but we do know that there are more powerful things to fear.