26 comments

[ 3.1 ms ] story [ 54.2 ms ] thread
I'm gonna need to see some better sources for this claim. I mean, it's not unbelievable but it's lacking in technical detail.
I agree, this article gives little to any depth and makes broad claims with little substantial info. I think we all could discern that there would likely be a lot of more nefarious online activity surrounding these Olympics, but surmising that everyone will near immediately get their devices hacked is a bit much.
I gotta think that the primary concern is WiFi hotspots. It's easy to create a bogus hotspot that spies on your communications.
Call it Apple Store and the vast majority of iOS devices will connect to it automatically.
Assume that hotels, regardless of country, are filming, tapping the phone and the internet.

The other bit to realize is that there will be sex, around 100k condoms worth. That's 35 condoms per athlete on average. Certainly there's dirty laundry incentive for news and political orgs.

I'm pretty sure those athlete sex reports are highly exaggerated. Those numbers are based on a ridiculous calculation where they took the number of condoms shipped to the Olympics and divided it by the number of athletes.
You think it's just a few athletes having lots of sex? No wonder they are so fit!
I think they are forgetting all the people visiting the city for the olympics that aren't competing in their numbers.
Actually these stories are generally talking about the number of condoms available to the athletes in the athletes 'village'. But generally the condoms are branded for the event (like everything else) and hance are souvenired in large numbers distorting any estimates of athlete nookie.
Exaggerated in one way, possibly under-reporting in another. What if athlete sexual activity follows a power law? A very small number of athletes might have hundreds of hookups during the games while most may have zero or one.
Anecdotal evidence, but measuring the amount of sex that occurs by the amount of condoms purchased will not often be accurate.
Someone on Reddit seems to be claiming to have contacted the researcher behind this story:

----

Right technical post/description of how not to use technology coming up.

TL; DR I guess if you can't operate a box then there isn't much hope of being able to operate a phone or a laptop.

# Phone:

User logs onto public wifi and was asked to run setup program to access internet, setup program was actually malware. Note, this was a "user initiated action" and whilst I realise that many people just download and run anything without even checking the permissions anyone with even a modicum of technical knowledge would not have been caught out by this. Also this would not affect iPhones since they cannot run apps that are not distributed via the app store.

# Do not EVER use public wifi.

* log into reddit and then anyone within wifi range can steal your reddit session (same for all sites that don't enforce https on every page).

Ever seen that message that says "we couldn't verify the certificate for mail.google.com" (or similar) when accessing emails? This is because the people operating the wifi are intercepting secure traffic which means they can intercept any password sent over the network, so if you have mail configured and you click ok when that warning comes up (which 90% of users do unfortunately because it just looks like a normal alert rather than a really serious security warning) then they will have your email password.

# Mac laptop:

I actually don't know how this was done, I've contacted the guy from the video and he said he will write up a technical post on Friday. Out of the box, new macs only run code from the App Store so unless that setting was changed (in which case saying it was hacked is bullshit rather than a simplification) I just don't see how it could have become infected.

Edit: Found out that they downloaded an antivirus software from a dodgy site and followed the instructions to allow it to run. If people are going to follow instructions to disable security on their computer then there really isn't much that can be done to help them.

# Windows Laptop:

They opened an email attachment in office and clicked "allow macros". Again, not something that a clued up user would do. Still something that Microsoft could handle better - make it something that has to be preconfigured rather than just giving the user the option since there really isn't any good reason for most consumers to be running macros.

# In summary:

Nothing new to see here and only one of the pieces of installed malware was of Russian origin so basically this is just a bit of a smear campaign. Sure the free wifi may be more dodgy over there than in the US/UK (yay for Britain) but it is not a problem limited to Russia, I had the same problem in Sri Lanka and public wifi is not secure and should never be used.

----

u/daniel_chatfield

http://www.reddit.com/r/videos/comments/1x2t3j/all_visitors_...

One potentially significant nitpick on the Mac end of things: new Macs don't ship defaulted to only running code from the App Store, but rather App Store or apps signed with Apple's Developer ID program.

This is important because not only does Developer ID allow you to run apps that you downloaded directly, but there's also pretty much no checks on the whole process. It would be pretty easy for a malicious developer to pay $99 (presumably with a stolen credit card), get a Developer ID certificate, and go to town. Apple can revoke the certificate, but it would come too late for a quick thing like this.

For iPhones, it's possible that they got up to some shenanigans using configuration profiles. These aren't well known, but you can install a configuration profile downloaded from anywhere, and they can do amusing things like add new root certificates, fiddle with network settings, etc. The user has to approve any new configuration profile, but plenty of nontechnical people will obediently tap "INSTALL" when told to.

Instantly is a bit a overstatement. Whenever you connect to a public wifi hotspot and don't use some kind of tunnel (ssh/vpn) you run the risk of automatically downloading malware. Which isn't any different then any other place in the world. Whenever I connect to a public wifi hotspot I use a ssh tunnel, I wish them good luch injecting any malware in that stream.
"Proving yet again what a fabulous idea it was to stage the 2014 Winter Olympics in Russia..."

I should have stopped reading right there :)

I have judged Marissa Mayer because of this article making into Yahoo Sports. Nothing has changed.
No detail. How were they 'hacked'? How did they notice?
So let me get this into perspective: A US journalist is worried that Russian hackers[1] will hack into his computer the moment he turns it on at Sochi.

Of course if the Olympics were held in Washington, he wouldn't be perplexed. He would probably be so sure about it, that it wouldn't even be worth mentioning.

This post is an prominent example of propaganda: No technical details, just pure old FUD for the masses. Why and How did this came up in HN's frontpage (we're supposed to me technically speaking, above average when it comes to computers), is beyond me.

[1] Tall guys, short blond hair, speaking English with as Russian accent as you can get, having obvious temper-control problems and always heavily armed (K-7 and a couple of bombs, just in case) even when sitting on a 11.6" inch laptop. Sorry, I forgot to add that they are probably sitting on a cold basement in Syberia.

Gotta love American hypocrisy: "Proving yet again what a fabulous idea it was to stage the 2014 Winter Olympics in Russia, NBC has discovered that all the Games' attendees can expect to immediately get hacked as soon as they get to Sochi."

Wouldn't the US do the exact same thing if it was in the US?

I'm sure the US is doing the exact same thing at Sochi, though likely with a bit more targeting.
FIFY: I'm sure the US did this during the 1996 Atlanta Summer Olympics. A lot of international leaders attended. I'm sure the was lots of targeting.
You can tell it's going to be an excellent article when a flight to Sochi takes 75 hours.