Sochi 2014: Cyber Threats, Security Issues and Misperceptions

The media is having a field day out of Sochi2014. However on a closer inspection, there seems to be a lot of confusion in the press over the concept of cyber security at the Winter Olympics. Let’s have a look at the main stories present in the headlines (and conveyed in a muddled perspective):

1. Russia’s cyber spooks

Source: Sydney Morning Herald

With a monitoring system described as “PRISM on steroids”, Russia has made significant changes in anticipation of the Winter Olympic Games. Investigative journalists Andrei Soldatov and Irina Borogan have uncovered that deep packet inspection software was being upgraded for new devices and that compatibility with SORM (System for Operative Investigative Activities) was re-enforced across all Russian networks.

This story has been carried across countries, networks and channels and, like any good conspiracy theory, has gathered momentum in its own right. The result was a state of general tension, especially for the journalists who went to report on the games. This picture from the Sydney Morning Herald is a good example of media fuelling the frenzy: 


Accompanied by the worrying tweets of Yahoo journalist, Charles Robinson:

Source: Sydney Morning Herald

Understandable conclusions with regards to censorship and privacy were speculated, but the reality was that this was a check-up exercise to ensure journalists were not setting up their own Wi-Fi networks which would interfere with the official ones.

2. The NBC misleading story “Hacked Within Minutes”

Richard Engel (NBC News) and Kyle Wilhoit (Trend Micro) took on an experiment to see just how dangerous the cyberspace was surrounding the Winter Olympics. Sadly the point of the experiment got lost in the NBC reportage, but important details can be found in this article posted by Kyle Wilhoit. This blog post from Robert Graham makes it very clear that the experiment has little to do with the NBC claim that coming to Sochi and turning your computer on is enough for your private data to be extracted right before your eyes. You’d have to put in a bit of effort to get hacked so efficiently.

While the NBC report implies that the attack was an extraordinary automatic compromise, the “hacking” occurred a) under very low security measures; b) by being initiated by Engel himself, with user-interaction. The noteworthy point here is the hostility of Olympic themed websites, which is expected to receive heavy media coverage and public interest.


The advice for anyone (in Sochi or elsewhere) who wants to keep up to date with the Olympics is to follow the same cyber security guidelines as you would in normal day-to-day activities: don't open attachments from unknown email senders, use updates, use an anti-virus and keep it updated, don't disable security on your phone when prompted to do so by a suspect app.  

3. Hacktivist group threats 

Threats from a hacktivist group have been made towards investors and sponsors, claiming that the games are taking place on the graves of a million Caucasians who were murdered in 1864. But as the surveillance is such a strong point, presumably SORM will keep a close eye on this affair and settle the issues as they come up.


The confusing issue with the points above is that they have all been bundled under one big Russia-spy-cyber-hacks story which is simply too unclear to follow anymore. For the average reader, the entire Sochi affair has been portrayed as the greatest nest of online dangers, teamed with hidden state surveillance (and hints at censorship) and a breeding ground for hacktivism at its worst. This FT article sums it all up pretty well, and true to the form, is entirely confusing!