Travelers bringing phones and computers to the Winter Olympics should be wary of hacking and surveillance, but taking cybersecurity precautions will dramatically lower the dangers of emailing and posting photos online in Sochi, Russia.
The State Department warns that travelers going to the Olympics should be aware of scams including fake Olympic ticket websites, and that travelers should be wary not to expect digital privacy in Russia.
“Travelers should be aware that Russian federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including Internet browsing, email messages, telephone calls, and fax transmissions,” according to a State Department travel advisory.
Russia is a country where travelers face “a high level of effort and expertise” to target high-profile people including business leaders, politicians and journalists, but the average person can take precautions and lower their risk of traps set by hackers, says Peter Singer, a cybersecurity researcher at The Brookings Institution. Spearfishing attacks, sending emails tailored to fool specific high-profile people into clicking links or sending information, are still the most popular online attack, so people can be vigilant using basic cybersecurity methods traveling internationally, says Singer, author of “Cybersecurity and Cyberwar.”
“If you wanted 100 percent security you would not bring anything with you,” Singer says. “On the other hand you would not be able to link with your company back home or share cool photos on Facebook."
When most large businesses travel to countries like Russia their staff do not bring devices with sensitive information on them and don’t access accounts with sensitive information on the cloud, or they use systems including encryption or special networks that decrease the risk of communicating with the U.S., Singer says.
A story by NBC reported the risks of surveillance and hacking people face while attending the Olympics, explaining that security firm Kaspersky Lab would be monitoring the digital traffic at the Games but there may be too many devices to filter hacking attempts. During the story NBC reporter Richard Engel browsed for information about the Olympics and downloaded malicious software that targeted a fake online account he created for the report.
This risk of hacking in Sochi is not as high as portrayed in the NBC story, said a blog post by Robert Graham, a cybersecurity researcher with Errata Security. Being tricked into downloading malware from deceptive ads or messages that mention Olympic-related websites could happen more frequently in Russia, but it could also happen anywhere in the world and simply using the Internet in Russia will not result in immediate hacking. Visitors to Sochi would be safer using a virtual private network to bypass the risks of public Wi-Fi in Russia, which is also a popular option of Americans using the Internet in China, where high-profile Westerners are also targeted by hacking and surveillance.
“The only increased danger
from being in Russia is geolocation,” Graham said, explaining that Google tracks a user’s location to increase the frequent appearance of local sites. “You'll
see more dodgy Russian sites in the results. You can disable this feature in
your Google account settings.”