SANS Internet Storm Center

To Merrillville or Sochi: How Dangerous is it to travel?
Our reader Rodney sent us a link to a story that apparently aired on NBC Nightly News last night: "I was wondering if someone could do a piece on the report that was on NBC's Nightly News last night (see link below) regarding connecting personal devices like smart phones and laptops to the Internet while in Sochi for the Olympics. The first video leaves out some details that the second video reveals. The first video aired on NBC, the second did not. It seems as if the first video was sensationalism. The second video revealed that the journalist had willingly clicked on links to download the malware. The first video made it look like they only had to connect to become infected. I know that it can happen, but they made it sound like it will definitely happen." The first video [1] shows how a brand new computer is infected while connected to the a hotel network in Russia. "If they fire up their phone at baggage claim, it is too late" the announcer states to introduce the story. The reporter then states that his Android Phone was hacked almost immediately hacked "before we even finished our coffee". It then states that the two computers at the hotel where hacked as well "very quickly". A second video ("Open Hunting Season for Hackers" Same URL as earlier video) clarifies things a bit. The journalist clicked on a link. However, the link does appear to have been somewhat targeted as it came to him addressing him as a journalist and promised leads for a story. We don't know if there where additional warning signs. There was also a brief twitter exchange about this story with Kyle Wilhoit, the security expert in the story: So in short, it was not "uninitiated". How dangerous is it to travel? The report states that there is no expectation of privacy. I think this is a good assumption to go with no matter where and how you use the Internet. Many privacy rules are just that: Rules. To actually have privacy, you may need to go a step further and put technical controls in place. We covered travel security before, but here some of the main points: - Patch before you go, not while on the road. - Use a VPN whenever possible - Use anti-malware / personal firewalls - Don't leave your computer unattended - encrypt your disks - Power down your system if you have to leave it in your room and setup a BIOS/Firmware password. - use hotel safes / lock down cables if you don't have another choice (yes, they can get broken into easily. But it is even easier to take a system that is not in the safe) - if you have a choice, a wired connection is a tiny bit more secure then WiFi. (also see the April 2011 edition of Ouch http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201104_en.pdf ) Will you get hacked "automatically as you have a coffee"? Who knows. But if, it may as well happen while you have the coffee at home. The risk isn't as much the location as a recent breach of PoS systems in hotels from Chicago to Merrillville shows. [2] . One of the great things about the internet is that distance doesn't really matter that much. Russian hackers can get to you while you (and they?) are in there PJs no matter where. In the end, I am not sure if "TV magic" is the right way to educate users about the risks. [1] http://www.nbcnews.com/watch/nightly-news/hacked-within-minutes-sochi-visitors-face-internet-minefield-137647171983 [2] http://www.dailyfinance.com/2014/02/04/credit-card-data-breaches-target-big-hotels/ ------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter I will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022	Johannes 4343 Posts ISC Handler Feb 5th 2014
Thread locked Subscribe	Feb 5th 2014 7 years ago
One thing you can do when travelling to risky locations, is to take throw-away laptops and other devices. No matter what country it is in, the Olympics is not the place to show off that hot new phone, tablet or computer. Only take minimal data files and keep them duplicated on multiple external storage devices to reduce the chances of data loss.	KBR 63 Posts
Quote	Feb 5th 2014 7 years ago
US-CERT sent me this yesterday: https://www.us-cert.gov/ncas/tips/ST14-001 The part about lawful interception of all electronic communications raised an ironic laugh.	David 11 Posts
Quote	Feb 5th 2014 7 years ago
I believe these were brand new PCs and devices. Likely they were infected prior to picking up the latest updates and/or Anti-Virus protections. The reporting (or lack of reporting information) in this NBC report is sad. A real report would have used fairly current devices and best practice (don't click on links/emails from unknown sources etc...), but there was NONE of this in the report. I was watching with my girlfriend and I mentioned to her that this "report" sounded extremely suspect for a number of those reasons.	David 20 Posts
Quote	Feb 5th 2014 7 years ago
I was annoyed after watching the report last night. I knew there had to be more to the story than they were giving us.	Rod 6 Posts
Quote	Feb 5th 2014 7 years ago
I knew it was going to badly when they started the segment with Engel literally tearing open the end of the MacBook Air box...I guess he has never seen a new Mac box with it's easy open lift top. I'd hate to see what he does to a box of cereal. I had to debunk half of what Richard Engel said for my wife and kids -- he is obviously NOT a tech report, much better from the war zone. Their "IT expert" also provided little useful information on the actual threat, opting instead for scrolling Wireshark traffic and maybe a copy of Karma running in the background. It was also telling that several of the "infections" they showed were PC malware which would not affect a MacBook Air in the first place.	Rod 6 Posts
Quote	Feb 5th 2014 7 years ago
There is much insight into the experiment from @lowcalspam on the TrendMicro blog -- http://blog.trendmicro.com/honeypot-russia-experience/ NBC's edit for "TV magic" obscured and obfuscated much of what was really happening. Looks like some serious stuff did go down, but was lost in the breathlessness of the reporting.	Paul 47 Posts
Quote	Feb 6th 2014 7 years ago
People need to exercise caution when traveling to any nation with electronics. Many nations will pay attention to electronics, and be aware of potential issues with encryption of your hard disks.	SasK 12 Posts
Quote	Feb 6th 2014 7 years ago

Our reader Rodney sent us a link to a story that apparently aired on NBC Nightly News last night:

"I was wondering if someone could do a piece on the report that was on NBC's Nightly News last night (see link below) regarding connecting personal devices like smart phones and laptops to the Internet while in Sochi for the Olympics. The first video leaves out some details that the second video reveals. The first video aired on NBC, the second did not. It seems as if the first video was sensationalism. The second video revealed that the journalist had willingly clicked on links to download the malware. The first video made it look like they only had to connect to become infected. I know that it can happen, but they made it sound like it will definitely happen."

The first video [1] shows how a brand new computer is infected while connected to the a hotel network in Russia. "If they fire up their phone at baggage claim, it is too late" the announcer states to introduce the story. The reporter then states that his Android Phone was hacked almost immediately hacked "before we even finished our coffee". It then states that the two computers at the hotel where hacked as well "very quickly".

A second video ("Open Hunting Season for Hackers" Same URL as earlier video) clarifies things a bit. The journalist clicked on a link. However, the link does appear to have been somewhat targeted as it came to him addressing him as a journalist and promised leads for a story. We don't know if there where additional warning signs.

There was also a brief twitter exchange about this story with Kyle Wilhoit, the security expert in the story:

first tweet about nbcnightlynews

kyle wilhoit response

So in short, it was not "uninitiated".

How dangerous is it to travel?

The report states that there is no expectation of privacy. I think this is a good assumption to go with no matter where and how you use the Internet. Many privacy rules are just that: Rules. To actually have privacy, you may need to go a step further and put technical controls in place. We covered travel security before, but here some of the main points:

- Patch before you go, not while on the road.
- Use a VPN whenever possible
- Use anti-malware / personal firewalls
- Don't leave your computer unattended
- encrypt your disks
- Power down your system if you have to leave it in your room and setup a BIOS/Firmware password.
- use hotel safes / lock down cables if you don't have another choice (yes, they can get broken into easily. But it is even easier to take a system that is not in the safe)
- if you have a choice, a wired connection is a tiny bit more secure then WiFi.

(also see the April 2011 edition of Ouch http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201104_en.pdf )

Will you get hacked "automatically as you have a coffee"? Who knows. But if, it may as well happen while you have the coffee at home. The risk isn't as much the location as a recent breach of PoS systems in hotels from Chicago to Merrillville shows. [2] . One of the great things about the internet is that distance doesn't really matter that much. Russian hackers can get to you while you (and they?) are in there PJs no matter where.

In the end, I am not sure if "TV magic" is the right way to educate users about the risks.

[1] http://www.nbcnews.com/watch/nightly-news/hacked-within-minutes-sochi-visitors-face-internet-minefield-137647171983

[2] http://www.dailyfinance.com/2014/02/04/credit-card-data-breaches-target-big-hotels/

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022

Johannes

4343 Posts
ISC Handler

Feb 5th 2014

One thing you can do when travelling to risky locations, is to take throw-away laptops and other devices. No matter what country it is in, the Olympics is not the place to show off that hot new phone, tablet or computer.

Only take minimal data files and keep them duplicated on multiple external storage devices to reduce the chances of data loss.

KBR

63 Posts

US-CERT sent me this yesterday: https://www.us-cert.gov/ncas/tips/ST14-001

The part about lawful interception of all electronic communications raised an ironic laugh.

David

11 Posts

I believe these were brand new PCs and devices. Likely they were infected prior to picking up the latest updates and/or Anti-Virus protections. The reporting (or lack of reporting information) in this NBC report is sad. A real report would have used fairly current devices and best practice (don't click on links/emails from unknown sources etc...), but there was NONE of this in the report. I was watching with my girlfriend and I mentioned to her that this "report" sounded extremely suspect for a number of those reasons.

David
20 Posts

I was annoyed after watching the report last night. I knew there had to be more to the story than they were giving us.

Rod

6 Posts

I knew it was going to badly when they started the segment with Engel literally tearing open the end of the MacBook Air box...I guess he has never seen a new Mac box with it's easy open lift top. I'd hate to see what he does to a box of cereal.

I had to debunk half of what Richard Engel said for my wife and kids -- he is obviously NOT a tech report, much better from the war zone. Their "IT expert" also provided little useful information on the actual threat, opting instead for scrolling Wireshark traffic and maybe a copy of Karma running in the background. It was also telling that several of the "infections" they showed were PC malware which would not affect a MacBook Air in the first place.

Rod
6 Posts

There is much insight into the experiment from @lowcalspam on the TrendMicro blog -- http://blog.trendmicro.com/honeypot-russia-experience/

NBC's edit for "TV magic" obscured and obfuscated much of what was really happening. Looks like some serious stuff did go down, but was lost in the breathlessness of the reporting.

Paul

47 Posts

People need to exercise caution when traveling to any nation with electronics. Many nations will pay attention to electronics, and be aware of potential issues with encryption of your hard disks.

SasK

12 Posts