As the city prepares to receive tens of thousands of visitors, so do opportunistic hackers. Several major news networks are reporting that the smartphones and computers of visitors were being hacked within minutes of being turned on in Sochi.
NBC Nightly News – Hacked Within Minutes: Sochi Visitors Face Internet Minefield
ABC News – The Other Sochi Threat: Russian Spies, Mobsters Hacking Your Smartphones
The potential risks have also warranted the attention of the US Computer Emergency Readiness Team (US-CERT), who has issued warning to travelers.
The Risk to Organizations
While the media coverage is primarily focused on the theft of personal information that is on the devices, individuals that take computers or devices that are used for work can pose a threat to their employers and customers as well. Modern day malicious software (malware) is often designed to capture the login credentials that are used to access both personal online accounts as well as company networks and systems. In addition, a compromised system or device can provide hackers a “beach head” into an organization, once the person returns home and reconnects their devices to their company networks.
Steps Organizations Can Take to Reduce Their Risk:
- Identify individuals traveling to Sochi and ensure they are aware of the threats
- Try to limit the number of devices and systems that are taken
- Remove any sensitive/personal data from devices
- Ensure devices are protected prior to traveling (e.g. running antivirus protection and firewalls)
- Be vigilant for suspicious account activity
- After users return, their devices should be analyze signs of compromise prior to being connected to company networks
