Just before the Winter Olympics started, NBC ran a piece about how easy it was hackers to get into and steal data from the cellphones and computers of Sochi-bound tourists.
In the video, NBC’s Chief Foreign Correspondent, Richard Engel, with the help of security expert Kyle Wilhoit, opens a fresh Android phone and a MacBook Air. According to the report immediately after the cellphone is fired up in a Russian cafe, it “gets hacked”. Meanwhile, within a day the Macbook Air (and a Thinkpad) also get hacked. In each case the “hackers” get access to documents, contacts and could, if they wanted, turn on the smartphone’s microphone and/or record phone conversations.
Problem was, the story was complete bullshit. Or, as security expert Robert Graham put it on his Errata Security blog "100 percent fraudulent" and “wrong in every salient detail”.
First of all, despite the introduction about “families and tourists arriving in Sochi”, Engel was actually in Moscow, not Sochi.
More importantly, in the video Engel and Wilhoit go to cafe with an Android phone. Engel claims that “before we finished our coffee” the phone was hacked. In the video they just turn on the phone and BAM, malicious software starts taken over the phone and stealing data.
Problem is, that couldn’t happen, and that’s not what happened. In a blog post Wilhoit wrote after the piece aired he explains:
“First, all the attacks required some kind of user interaction. Whether to execute “applications” or to open a Microsoft Word document, all the attacks shown required user interaction in order to compromise the device.”
In the case of the cellphone, though not shown in the video, Engel would have had to go to a sketchy site and download the malicious software, and then ignore the warnings about the software the phone would have generated, unless security was turned off, which it was.
Graham, who called bullshit on the story, followed up, trying to simulate the malware attack Engel’s suffered.
Graham had to go to extraordinary lengths, including searching specifically for malicious code, before his phone was compromised. This even though he spoofed his location so it would appear he was browsing from Moscow.
Here’s the second point. It would make little difference whether Engel was in Moscow or Sochi or Calgary, Alberta. He didn’t get hacked because he was in Russia, he got hacked because he was deliberately browsing sketchy sites on the Web (sketchy sites, btw, that Google down ranks no matter what country you’re in).
In the case the of the laptops, Engel’s machines were not just randomly hacked, he and Wilhoit downloaded a suspicious Word document sent to him via email from someone he didn’t know. You can read the full report of what really happened, but was edited from the video on Wilhoit's blog.
So, to wrap up. NBC runs a video that suggests that tourists and family members arriving in Sochi will have their laptops and phones “hacked” almost immediately upon arrival. This is simply not true. Clicking stupidly on sketching sites or files on the Web in any country is not a good idea. Neither is spreading nonsense about malicious Russian hackers waiting to pounce.
This concerns me for a couple of reasons.
First, given the Snowden revelations about real U.S. spying on smartphones and laptops without any user knowledge or action, it’s pretty rich that an American media company would air a piece about uninitiated cyberspying by Russians.
Second, this video demonstrates, for the umpteenth time, how dreadful mainstream media is at telling stories about tech. The producers were either clueless, deliberating lying, unaware that the editing reduced the piece to a xenophobic parody or just interested in eyeballs.
And third, it also demonstrates what I think is a chronic belief on the part of traditional media that the web is the dark sewer of all things evil: child pornographers and molesters; bombers, terrorists, identify thieves and all-powerful Russian cyberspies with super viruses. This is born from ignorance, an ongoing suspicion of a technology many mainstream journalists continue to misunderstand and salivation about a juicy, easy story that breds fear, uncertainty and doubt. Sad, when journalists should actually work to make sense of the world.
And, it really makes you ask the question. If NBC gets this story so wildly, foolishly wrong, why should we believe this is a one-off?