Security Researcher Punches Holes In NBC's 'Everyone Going To Sochi Will Be Hacked" Story; NBC Doubles Down In Response

from the because-'being-careless-will-get-you-hacked'-isn't-headline-material dept

Earlier this week, NBC "reported" that journalists and visitors to Sochi are being immediately hacked virtually as soon as they acquire a connection. [AUTOPLAY WARNING.] NBC presented this as something completely inescapable in its report, which purportedly showed NBC journalist Richard Engel's cellphone and laptop being compromised "before he even finished his coffee."

All very scary but all completely false.

Errata Security points out that the entire situation was fabricated.

The story shows Richard Engel "getting hacked" while in a cafe in Russia. It is wrong in every salient detail.

They aren't in Sochi, but in Moscow, 1007 miles away.

The "hack" happens because of the websites they visit (Olympic themed websites), not their physical location. The results would've been the same in America.

The phone didn't "get" hacked; Richard Engel initiated the download of a hostile Android app onto his phone.

...and in order to download the Android app, Engel had to disable a lock that prevents such downloads -- something few users do [update].
While your average person might be lured to sketchy sites supposedly related to the Olympics, most of these people wouldn't have disabled the default locks on their phone, as Robert Graham at Errata Security points out.

The truth makes for a much less interesting story, however, and as Graham points out, Engel's use of the passive voice ("the phone was hacked" rather than "I downloaded a virus") deliberately obscures what's actually happening on the video. It's not Sochi's wireless connections that are "infected," it's the sites themselves. No one's getting hacked instantly unless they're going out of their way to act carelessly in a potentially hostile environment. Following normal internet safety procedures should keep journalists and Olympic fans protected -- preventative measures that NBC could have chosen to deliver with its report, except that they would undercut the narrative it was crafting. There is no doubt that the influx of out-of-town visitors presents an enticing target for aspiring hackers, but there's no reason to believe any device will be insta-compromised the moment it connects to the internet.

NBC, for its part, seems to think the only way to wipe this egg of its face is to apply more egg, as c|net reports:
"The claims made on the blog are completely without merit," according to a representative from NBC News.

The NBC rep also noted that the report made it clear from the beginning that the taping was done in Moscow. The report was intended to demonstrate that a person was more likely to be targeted by hackers while conducting searches in Russia, the representative added, acknowledging that these attacks can happen anywhere in the world. In addition, the story was designed to show how less technically savvy people can fall victim to such a cyberattack.
But NBC's story carried this headline:
Hacked Within Minutes: Sochi Visitors Face Internet Minefield
Even with the appended disclaimers, the report was obviously intended to present Sochi as a hackers' paradise where anyone -- even those not stupid enough to visit rogue websites or purposefully sideload sketchy apps -- can be compromised before their coffee cools. And the phrasing used by the reporters is equally as misleading. The following quotes are taken from the transcript (which, to NBC's credit, opens up with "Welcome to Moscow").
>> reporter: good evening, brian. the state department warns the travelers should have no expectation of privacy. even in their hotel rooms. you are immediately exposed as soon as you try to communicate with anything. one of the first thing visitors to russia will do is log on. hackers here will count on it. we decided to find out how dangerous that could be.

>> reporter: with our new computers loaded with attractive data, we headed for a restaurant, where we used a new smart phone to browse for information about the sochi olympics. almost immediately we were hacked.

>> did you see where it said downloading?

>> i did.

>> it's actually downloading a piece of malware.

>> malicious software hijacked our phone before i even started my coffee.
This would be the malware consciously downloaded by the reporter. Note that it's stated that the phone is downloading the malware on its own, rather than with any assistance by the journalists.
>> back at the hotel will hoyt was using specialized software to monitor my two computers. and sure enough, they had also been hacked.
No mention of visiting unknown sites. The assumption is that hackers accessed the computers on their own, rather than having a door propped open by Engel's visit to malicious sites, most likely sites that any decent browser/search engine would have warned might be an unsafe place to visit.
>> it had taken hackers less than one minute to pounce. within 24 hours they had broken into both computers and started helping themselves to my data.
"Pounce?" On what, the Welcome mat the journalists laid out? God helps those who help themselves to data, but the devil's editor visits compromised sites in search of a good story.
>> reporter: american athletes and fans now coming to russia by the thousands are entering a minefield. the instant they log on to the internet.

>> the best way to protect yourself is quite simple, if you don't really need a device, don't bring it. try to avoid the public wifi. and if there's anything particularly and uniquely important on your computer or phone, banking information or photographs, remove it before coming to russia.
"The instant they log on…" Obviously false. Pre-priming your devices for failure will "allow" you to be hacked before your coffee cools, but following some very basic security measures will keep devices safer. Sure, there's likely a higher concentration of hacking activity in Sochi with so many potential targets in the area, but that's no excuse to promote fear over facts and for journalists to intentionally sabotage their own equipment just to ensure the eyeball-grabbing headline actually fits the content. It's not just bad journalism, it's also irresponsible. NBC could have used this time to outline the same basic safety precautions Graham does in its blog post, but was obviously more interested in reinforcing its viewers' perception that Russia is the Internet Wild West, where even the safest surfer will be hacked to unrecognizability by malicious electro-bandits at the faintest whiff of a wi-fi signal.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, olympics, richard engel, sochi
Companies: nbc


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    silverscarcat (profile), 7 Feb 2014 @ 4:39pm

    Stupid people do stupid things!

    News at 11!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2014 @ 6:35pm

    You trusts mainstream media these days?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2014 @ 7:01pm

    its funny TD ran with it as well

    just saying

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2014 @ 7:36pm

    Mis-information?

    Yesterday their was a techdirt article on the GCHQ running Operations using journalists &/or their Identities to trick their targets. Now we have a story run on major media telling us what a wild and dangerous place the Internet is, especially in (pick country).

    The story has been fined down over the next few news editions to mask the factual complaints raised.

    Any-One want to bet on when a "story breaks" that "US zone" of the Internet is better managed and safer because. (fill in your favorite government agency name), is soooo active.

    link to this | view in chronology ]

    • icon
      Anonymous Howard (profile), 10 Feb 2014 @ 2:24am

      Re: Mis-information?

      This.

      We're accessing a global network, the endpoint's location (with extreme exceptions, like china, UK) have little to no affect on the content.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2014 @ 7:38pm

    Mis-information?

    Yesterday their was a techdirt article on the GCHQ running Operations using journalists &/or their Identities to trick their targets. Now we have a story run on major media telling us what a wild and dangerous place the Internet is, especially in (pick country).

    The story has been fined down over the next few news editions to mask the factual complaints raised.

    Any-One want to guess on when a "story breaks" that "US zone" of the Internet is better managed and safer because. (fill in your favorite government agency name), is soooo active.

    link to this | view in chronology ]

  • identicon
    Turd Ferguson, 7 Feb 2014 @ 7:42pm

    More pseudo news entertainment for the masses

    Frickin fear mongers. I smell a new Dateline special in the same vein as "To Catch a Predator".

    link to this | view in chronology ]

  • icon
    madasahatter (profile), 7 Feb 2014 @ 7:58pm

    NBC incompetence

    The article is blatant attempt to discredit Russia by implying the Russians are behind the supposed hacks. If they are getting hacked as fast they claim it is because they are not following or using proper security practices for their devices.

    link to this | view in chronology ]

  • icon
    BSD32x (profile), 7 Feb 2014 @ 8:24pm

    Wait, so who exactly in the US is 100% guaranteed to be NSA surveillance proof given that the Snowden leaks revealed they have cracked most VPN encryption and are doing everything possible to compromise TOR? We're one Snowden like contractor with less moral righteousness or a hacker who gains access to the NSA data farm away from a thief nabbing unheard of amounts of data, but we're supposed to be shaking in our boots because the (according to the same media) inept Russians who can't do anything right are also master hackers at the same time? Whatever this is, is not journalism.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Feb 2014 @ 4:50am

      Re:

      I don't think openvpn is easily crackable even by them. pptp and maybe even l2tp/ipsec yeah...and don't get me started about the new ms proctocol SSTP...

      link to this | view in chronology ]

  • icon
    G Thompson (profile), 7 Feb 2014 @ 8:40pm

    Ah NBC....


    No Bloody Clue

    link to this | view in chronology ]

  • icon
    Sheogorath (profile), 7 Feb 2014 @ 10:13pm

    This is why...

    when I sideload Android apps, I get them only from sites I trust and study the permissions on them as carefully as I study the permissions on the apps I get from Google Play.

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 10 Feb 2014 @ 9:00am

      Re: This is why...

      Yup, and not just for sideloaded apps. I also firewall them off from the net, so if they're doing any data snarfing, they can't send that data back home.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2014 @ 11:49pm

    the lies on tv are so many and so obvious. this is no exception. you'd think that anyone would have noticed how phony and how staged that report was.

    you don't just turn on a device to find that something is downloading unless you have enabled such a thing yourself. at least not yet anyway.

    I have to question whether this is just more entertainment or [puts tin foil hat on] are they preparing people for a future where devices are designed so poorly that you'll see things like this actually happening even on brand new devices that have just established their first connection?

    [adds tinfoil hat to device before clicking submit]

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Feb 2014 @ 4:53am

      Re:

      There was an annoying windows virus back then called LASSER or something like that...you could wipe out the hard drive, reinstall windows, and if you didn't have pre-installed third party security you would get it over and over again. A window would appear and start a 30 seconds countdown and reboot the machine over and over. I was really in total disarray that somebody could manage to have so much crap on their computer that their IP was permanently targeted like that. It was during the 2k/xp days.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Feb 2014 @ 1:36pm

        Re: Re:

        wow, I could be thinking of something else but it seems like I remember something about that. the name even sounds familiar. I also remember one called Sasser worm but that was a worm.

        the wiki on it says:
        This worm was named Sasser because it spreads by exploiting a buffer overflow in the component known as LSASS (Local Security Authority Subsystem Service)

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Feb 2014 @ 6:09am

          Re: Re: Re:

          That's what it was :) Had to preinstall a lot of stuff because I couldn't get any time to download any security programs (free ones, when AntiVir(avira) and SpyBot were more than enough for most people) to repair that person's computer, I was really amazed then that someone's computer was so messed up I couldn't repair it live there without bring stuff burned to CD first.

          link to this | view in chronology ]

    • icon
      Starke (profile), 10 Feb 2014 @ 1:00am

      Re:

      Could just be retribution for Russia not finishing their hotel room in time... or would that be too puerile?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Feb 2014 @ 1:53am

    Media spreading propaganda about russia...
    What is this the 60s? I thought you guys stopped the commie hating, but what goes on now is sad.
    Its obvious that the US tries to discredit Russia at every opportunity. The only problem I see with sochi is that they havent finished it in time. But this whole "everyone gets hacked", "gays are thrown in gulags" and the latest "Putin should smile more"...
    Seriously guys, if you still believe what the media says

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Feb 2014 @ 4:55am

      Re:

      Especially since they aren't commies at all anymore. Just good old disguised fascism like in most countries of this planet.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2014 @ 4:44pm

      Re:

      link to this | view in chronology ]

    • identicon
      Anonymous, 9 Feb 2014 @ 4:45pm

      Re:

      The guy who wrote the Target card-hacking code...where's he from?

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 10 Feb 2014 @ 9:02am

      Re:

      "I thought you guys stopped the commie hating"

      Most sane people have, but there are notable holdouts.

      link to this | view in chronology ]

      • identicon
        Anonymous, 10 Feb 2014 @ 3:35pm

        Re: Re:

        The government has changed its focus. Now instead of commies, it's Al-CIAda, pedosexuals, Constitutionalists, and mythical terrorists.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Feb 2014 @ 6:14am

    Likely Reality

    NBC takes one well known nugget of truth: Sites can load malicious software to devices automatically if proper security precautions are not taken then combines that with the image of Russia being and evil and dangerous country which requires us to be "protected" by the government surveillance machine that the government wants to further and the hype that surrounds the Olympics, to craft a sensationalistic story complete with an accompanying headline. They then load devices with "attractive data" merely so that they can make that claim, have a researcher find a site that will automatically download such malware, and then have the reporter on camera visit the specific site to demonstrate the download. This isn't just surfing and accidentally getting infected. No they went looking for a site with malware on purpose to make their story and left out the little detail that the chances of getting exploited could be dramatically reduced if some basic security precautions are taken. If they had presented their demonstration from the perspective of "These are the precautions that people need to take." This would have been fine, but that wouldn't have served the purpose of generating the FUD that implies the necessity of the government surveillance machine by demonizing Russia.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Feb 2014 @ 6:50am

    So full of fail

    People who actually understand security don't use smartphones. Or Windows. Or MacOS. Or Facebook. Or LinkedIn. Or any of the other various combinations of {hardware, OS, applications, web sites, Internet services} that are known-insecure.

    I'm quite sure I could take my laptop (which is running OpenBSD) (and not on an x86-based CPU)in there and do just fine.

    link to this | view in chronology ]

    • icon
      madasahatter (profile), 8 Feb 2014 @ 8:09am

      Re: So full of fail

      My first reaction to the article was I would like to take my computer to Moscow and see if I could replicate the problem. I use various Linux distros so the attacks would need to target Java not Java applets.

      For most, good security, even on Windows, is being careful about where one visits and keep the OS and software fully updated. Most of my older friends and family rarely get any malware on Windows by following good practices.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Feb 2014 @ 8:55am

      Re: So full of fail

      "People who actually understand security don't use smartphones. Or Windows. Or MacOS. Or Facebook. Or LinkedIn. Or any of the other various combinations of {hardware, OS, applications, web sites, Internet services} that are known-insecure."

      While that may be true for some people who understand security, it isn't true for all. Many simply limit what information they make available through those devices and means and follow best practices otherwise. There is plenty of low hanging fruit out there for the malcontents to pick after all.

      link to this | view in chronology ]

    • icon
      John Fenderson (profile), 10 Feb 2014 @ 9:07am

      Re: So full of fail

      "People who actually understand security don't use smartphones. Or Windows. Or MacOS."

      Simply not true. People who actually understand security know that it's a terrible, and really common, mistake to think of some platforms as insecure and others as secure.

      Security experts treat all systems as insecure and do two things to reduce (you can never eliminate) the risk: adopt proper habits, and know how to use high-quality security software and use it correctly.

      The various Unices are easier to secure because of their design, but it is possible (and not really that hard) to harden any other OS to an acceptable degree as well.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Feb 2014 @ 8:07am

    Rinse, Repeat.

    Dateline's footage showed a sample of a low-speed accident with the fuel tank exploding. In reality, Dateline NBC producers had rigged the truck’s fuel tank with remotely controlled model rocket engines to initiate the explosion. The program did not disclose the fact that the accident was staged.
    The General Motors lawsuit and subsequent settlement was arguably the most devastating blow for NBC in a series of reputation damaging incidents during the 1990s and early 2000s.

    http://en.wikipedia.org/wiki/Dateline_NBC#General_Motors_vs._NBC

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Feb 2014 @ 2:49pm

      Re: Rinse, Repeat.

      I remember that. they ended up apologizing for it even.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Feb 2014 @ 4:39am

        NBC also messed with Zimmerman's 911 phone call

        It's all in the title.

        They were alright during the worst of the Bush days, but now they're fake "left" FOX News like the latter is fake "right".

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Feb 2014 @ 5:27am

          Re: NBC also messed with Zimmerman's 911 phone call

          I don't even have a tv and don't want one. why would I if it's just going to be used to try and program and persuade me and tell me what to think and how to think and tell me what tastes good, what's funny etc...? "TBS, very funny"

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Feb 2014 @ 5:34am

            Re: Re: NBC also messed with Zimmerman's 911 phone call

            don't get me wrong though. I'm not looking to argue either. I'd probably lose anyway. I just personally don't have or want a tv and those are just my views and opinions.

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Feb 2014 @ 10:23am

          Re: NBC also messed with Zimmerman's 911 phone call

          If by "fake" you mean their stories are completely biased then yeah.

          Fox News is right wing no doubt, but I wouldn't say NBC is left, more like schizophrenic.

          link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 8 Feb 2014 @ 9:08am

    NBC in Russia

    I think that NBC is not going to be welcomed in Russia very much in the future, barring a VERY large bribe to appropriate federal officials...

    link to this | view in chronology ]

  • identicon
    Anonymous, 8 Feb 2014 @ 9:58am

    But...but...toothpaste tubes!

    link to this | view in chronology ]

  • icon
    btrussell (profile), 8 Feb 2014 @ 10:01am

    They have to do this fear-mongering in order to scare people from broadcasting events. This way, they can televise it "live" three days after the event.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2014 @ 4:47am

      Re:

      What? I'm listening to the reports of olympics every hour live on CBC Radio One and I actually know somebody who's there as an athlete, he finished 9th in the snowboard half-pipe competition, canadian.

      link to this | view in chronology ]

      • icon
        btrussell (profile), 10 Feb 2014 @ 2:05am

        Re: Re:

        Do they televise on CBC Radio One?

        Not sure what I was saying. Not like they have ever done anything like that in the past.

        link to this | view in chronology ]

  • identicon
    jarfil, 8 Feb 2014 @ 10:31am

    NBC: wrong
    Techdirt: sorry, but wrong too

    Downloading a virus is not the same as sideloading. Any browser will download files automatically, no matter if they are JPGs, PDFs or viruses. But this act of downloading doesn't mean the malware will ever get installed or executed.

    So it's correct to say "it is downloading". You visit a website, and it starts downloading all of itself.

    Implying that this means you are infected, is the wrong part.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Feb 2014 @ 11:29am

      Re:

      While it is true that downloading is different than side loading, on Android and many other devices, when a browser downloads a file, it often assumes that the user intends to open the file and looks for an appropriate means of doing so. If the file is a native app that appropriate means is the installation of the app and if the source is not the sanctioned source such as Google Play or Apple's App Store, then that app's installation if successful is by definition, side loaded. On Android devices the setting in that they refer to controls apps whether apps are allowed to be side loaded or not and thus would prevent this from happening if set appropriately.

      link to this | view in chronology ]

  • icon
    ysth (profile), 8 Feb 2014 @ 11:13pm

    I think they meant:

    if there's anything particularly and uniquely important on your computer or phone, banking information or photographs, remove it before

    trying to re-enter the US.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Feb 2014 @ 10:26am

      Re:

      Yeah, they like to wag their finger at everyone else while totally ignoring the hypocrisy.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Feb 2014 @ 9:50am

    Amended/corrected version for NBC:

    >> back at the hotel will hoyt was using specialized software (Internet Explorer 6) to monitor my two computers. and sure enough, they had also been hacked (someone installed the ask.com toolbar).

    link to this | view in chronology ]

  • identicon
    Pat, 10 Feb 2014 @ 6:39am

    News?

    You're treating this as if it were news?

    The American US media's job hasn't been to report news in over a decade. Their job is to either entertain or scare people.

    Period.
    Expecting Facts, investigations and or news out of the American media these days is like expecting a TSA agent to laugh at a bomb joke and wave you through...

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 Feb 2014 @ 7:54am

      Re: News?

      "Their job is to either entertain or scare people."

      And .... spread propaganda, misinformation and outright lies.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Feb 2014 @ 10:16am

    If our country's "news" services have slumped to the point of falsehood and deception as a means of selling ads or papers or clicks, then it is no longer news, but simply more fiction. NBC and the NYT are not the National Enquirer or the Sun, so why do they feel it necessary to act like them?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 10 Feb 2014 @ 1:51pm

      Re:

      You're late to the party. Our country's news services slumped to that point decades ago. It happened due to, and as the inevitable consequence of, CNN discovering that news can be a profit center, and the consolidation of the newspapers into the hands of a few major corporations.

      This is why I say there is no mainstream journalism in the US, and hasn't been for quite a long while. It's all propaganda and lies. (And, I maintain, this is the real reason that newspapers are dying.)

      link to this | view in chronology ]

  • icon
    John85851 (profile), 10 Feb 2014 @ 2:36pm

    Corporate synergt at work

    So NBC Sports pays billions of dollars to exclusively air the Olympics in the US, but the news division is actively scaring people away from the Olympics. Great corporate synergy there!

    I don't remember NBC running these kinds of scare stories during the Beijing Olympics. Is that because Russians are evil hackers and the Chinese aren't?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.