Source: National Cyber Awareness System email list (US-CERT – US-CERT@ncas.us-cert.gov)
- ST14-001: Sochi 2014 Olympic Games
- 02/04/2014 10:20 AM EST
- Original release date: February 04, 2014
Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many international level media events, hacktivists may attempt to take advantage of the large audience to spread their own message. Additionally, cyber criminals may use the games as a lure in spam, phishing or drive-by-download campaigns to gain personally identifiable information or harvest credentials for financial gain. Lastly, those physically attending the games should be cognizant that their communications will likely be monitored.
A number of hacktivist campaigns may attach themselves to the upcoming Olympics simply to take advantage of the on-looking audience. For example, the hacktivist group, Anonymous Caucasus, has launched what appears to be a threat against any company that finances or supports the winter games. This group states the Sochi games infrastructure was built on the graves of 1 million innocent Caucasians who were murdered by the Russians in 1864. According to Trusted Third Party analysis, the group has been linked to distributed denial of service (DDoS) attacks on Russian banks in October 2013. Therefore, the group is likely capable of waging similar attacks on the websites of organizations they believe financed Olympic related activities; however, no specific threat or target has been identified at the time of this report.
Whether viewing live coverage, event replays, or checking medal statistics online, it’s important to visit only trusted websites. Events which gain significant public interest and media coverage are often used as lures for spam or spearphishing campaigns. Malicious actors may also create fake websites and domains that appear to be official Olympic news or coverage that can be used to deliver malware to an end user upon visiting the site (also known as drive-by downloads or wateringholes).
NBCUniversal offers exclusive coverage of the games for viewers via NBC, NBCSN, MSNBC, USA Network, NBCOlympics.com and corresponding Twitter, Facebook and Instagram accounts. Viewers should be wary of any other source claiming to provide live coverage. As always, it is best to visit trusted resources directly rather than clicking on emailed links or opening attachments.
Purchasing tickets or merchandise at the Games
According to the official Winter Olympics website: http://www.sochi2014.com, Visa will be the only card accepted for all purchases including tickets and merchandise at the Games. Tickets may only be purchased through Authorized Ticket Resellers (ATR). Individuals can validate the authenticity of an ATR offering tickets by using the “Website Checker” tool available on the official Sochi website. The designated ATR in the United States is CoSport, and at the time of this report, individuals purchasing tickets through CoSport may only pick up their tickets at CoSport’s Host City Collection Center in Sochi, Russia. Any ticket offer from a site not recognized as an ATR or accepting payment methods outside of VISA are likely fraudulent and should be met with skepticism.
Traveling to Sochi
When traveling abroad it’s important to know your host countries laws and policies, particularly when it comes to privacy. Russia has a national system of lawful interception of all electronic communications. The System of Operative-Investigative Measures, or SORM, legally allows the Russian FSB to monitor, intercept, and block any communication sent electronically (i.e. cell phone or landline calls, internet traffic, etc.). SORM-1 captures telephone and mobile phone communications, SORM-2 intercepts internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations. Reports of Rostelecom, Russia’s national telecom operator, installing deep packet inspection (DPI ) means authorities can easily use key words to search and filter communications. Therefore, it is important that attendees understand communications while at the Games should not be considered private.
Russia also retains broad inbound encryption license requirements. Taking laptops and other devices into the country is unrestricted; however software may be inspected upon departure. This means, any computer or software containing sensitive or encrypted data may be confiscated by Russian authorities when individuals depart from the country . Travelers may want to consider leaving personal electronic devices (e.g. laptops, smartphones, tablets) at home or alternatively bring loaner devices that do not already store sensitive data on them and can be wiped upon return to your home country. If individuals decide to bring their personal devices, consider all communications and files on them to be vulnerable to interception or confiscation.