Think Sochi is a cyber war zone? Try your local Starbucks
Paul Proctor explains that cyber security should be considered carefully wherever you are
Richard Engle and NBC News recently posted several reports from Sochi, Russia based on an "experiment" they did.
I applaud them for bringing attention to the critical condition of cyber security, but the report is misleading in two major respects.
First, they have directly positioned this as just turning on your mobile device and computer will result in you being "hacked". To quote Brian Williams, introducing the story:
"If travelers to Sochi fire up their phones at baggage claim, it's probably too late to save the integrity of their electronics and everything inside them. Visitors to Russia can expect to get hacked. It is not a matter of if, but when."
This is an overstatement and misleading.
Second, almost everything they describe in the story is as equally true at your local Starbucks as it is in Sochi. Therein they miss the opportunity to present a more accurate picture of global security, as opposed to simply playing up to an idea of the "evil Russians".
Researching this blog post, I wrote down a lot of the quotes from the story but I have decided it would bore all of you to walk through them. Here are a few that tell the tale:
"[after plugging in brand new machines] it doesn't take long for someone to TRY to tap into your [device]" and "within a minute hackers were SNOOPING around TRYING to see how secure the machines were".
- So reconnaissance is confused with turning on your machine and becoming hacked.
"...and very soon I was sent a CUSTOMISED PHISHING email."
- I have three customised phishing emails sitting in junk mail right now. So do you.
"We did a little browsing and almost immediately landed on a site that infected our brand new phone."
- So they had to surf to an infected site for the demonstration. Those pesky Russian hackers! I'm glad that website won't infect me if I click on it from San Diego.
"[known as a] 'honeypot', an attractive target, left out in the open for hackers to come at."
- So they created an open and attractive target then reported that it attracted interest? Knock me over with a feather.
And here is the biggest mislead of all: none of this requires you (or the hackers) to be in Russia.
In fact, I'll bet the "Russians" they were hacked by were smart enough to route their traffic through compromised machines in China. That would have been an interesting and ironic twist, but it would detract from the story line.
Basically they had to make all these bad things happen, they were not location dependent, and they waited till the very end to mention that maybe you shouldn't click on links you don't recognise from people you don't know.
Here's the bottom line: NBC missed an opportunity to point out that you are not really "safe" anywhere and that your behaviour is the deciding factor in your risk of being hacked regardless of location.
I would encourage Richard Engle and NBC News to repeat the same experiment in a Starbucks in downtown Manhattan. Those same "Russians" are right there, waiting for them, and for you.
Paul Proctor is a vice president, Distinguished Analyst, and the chief of research for security and risk management at Gartner