Skip to main content

Hackers aren't the problem at Sochi; surveillance is

Hackers aren't the problem at Sochi; surveillance is

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

NBC Hacker
NBC Hacker

It was a story too good to check. Olympics-bound NBC News reporter Richard Engel gets off the plane in Sochi and steps into a fog of malware, Wi-Fi honeypots and sinister auto-downloads. Within minutes, his phone is compromised. Rushing to turn off his Wi-Fi and freeze his banking apps, he barely escapes with his checking account intact. To an innocent viewer, the message is clear enough: the Russian internet is no place for the weak.

The Russian internet is no place for the weak

The NBC report made the rounds Thursday and, within 24 hours, was revealed to be almost entirely bogus. The reporter was in Moscow, more than 1,000 miles away from Sochi. All the malware downloads were initiated by the reporter, after seeking out sites where malware was likely to be found. Even worse, there was nothing local about it. Aside from Google Search's geographical bias, which shows more Russian sites to Russian visitors, Engel could have found the same page and the same malware without leaving New York. The Russian hackers, so threatening on TV, turned out to be not much more than a camera trick.

The hackers turned out to be not much more than a camera trick

That's not to say the Sochi games are entirely malware free. There have been plausible reports of Flash-targeting exploits on the local Wi-Fi networks, and the State Department has already warned visitors of unofficial live-streams that could be used to spread viruses. But much of that is just standard issue web hygiene, and so far pirated Olympics coverage hasn't proved much more dangerous than, say, the new Hobbit. So why all the obsession with the Russian hacker figure? Why is the myth of the virus-laden Olympics so hard to dismiss?

On some level, it's because the myth isn't all myth. Russia really is a net malware exporter, and any time a private company attempts a botnet census, the country is usually first by a mile. They make most of the fraud-based software on the web, and host most of it too. Network-based fraud is still a lucrative business, and as arrest after arrest shows, it's one the Russian crime syndicates have adopted as their own.

There's a darker side to the false hacking claims

At the same time, the very nature of those crimes makes geography largely irrelevant. The primary tools of network crime, tools like botnets and social engineering for account details, work no matter where you are. There are extra tricks that can be pulled in close proximity, like the Wi-Fi exploit mentioned earlier, but there's no indication those tricks are actually being used, and the extra police attention at the Sochi games is likely to make the hacks more trouble than they're worth.

One of the most intensive campaigns of digital surveillance in the 21st Century

All that would just make the reports a harmless diversion, a non-story — but there's a darker side to the false hacking claims, and it comes from the people running the networks in the first place. For most security researchers, the games aren't an example of digital lawlessness, but one of the most intensive short-term campaigns of digital surveillance the 21st century has ever seen. As The Guardian has previously reported, Russian authorities are closely monitoring all web and phone traffic using a new version of their Sorm system upgraded specifically for the games. Rather than relying on sketchy open Wi-Fi from third parties, most visitors will be treated to a high-speed network maintained by the Russian government, and presumably closely monitored by state security operatives. As one Globe and Mail writer put it, "during the Games, it is reasonable to assume that all phone calls, e-mail, texts, web browsing, online banking and access to voice mail will be intercepted and exploited." And not by hackers, but by the government.

Something much more troubling than a few bad downloads

This distinction is particularly crucial because the fear of wild hackers is one of the things that allows that very system to be set up. By now, President Putin might not see the need to justify surveillance to Russians — but if any visitors wonder why the FSB needs such intensive access to the phone lines, the NBC report and others like it could go a long way towards convincing them. The phenomenon isn't unique to Russia either. When President Obama needed to defend NSA surveillance as a vital to national security, cybercrime was first on the agenda, playing off fears of financial attacks and Chinese malware bombs. The point was simple enough: as long as the open web is dangerous, you're better off with someone listening in. Who else will protect you from the hackers?

Of course, NBC and Engel surely have no interest in justifying Russian surveillance, but by taking the country’s reputation for cybercrime at face value, they may have given credence to something much more troubling than just a few bad downloads. We don't yet know if Sochi is a direct target for hackers, but we do know that there are more powerful things to fear.

Today’s Storystream

Feed refreshed 51 minutes ago Striking out

External Link
Emma Roth51 minutes ago
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.

Andrew Webster5:33 PM UTC
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew Webster4:28 PM UTC
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Andrew Webster1:05 PM UTC
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.

A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.

External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.

External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.