WEAR - Search Results
Sochi security: Russian mobsters and smartphone hacking
While the world focuses on the threat of terrorism to the Winter Olympic Games in Sochi, Russia this month, spectators in the Black Sea town will face a stealthier threat to their digital lives from Russian spies and tech savvy mobsters, experts and security sources told ABC News.
Russian law allows its intelligence agents to do electronic snooping on anyone inside the country, meaning the phones and personal computers of thousands of foreign visitors, including Americans, are fair game. But even outside of the law, Russian organized crime groups also are well known for hacking smartphones and email for information they use for illicit profit.
"It's the same as during the Beijing Games -- the host government, private enterprise and individuals pose a big threat to people traveling to the Sochi Games, in respect to monitoring conversations on cell phones and intercepting texts and emails," one Olympic security contractor told ABC News last week.
"It should certainly be expected," agreed a senior U.S. intelligence official, who told ABC News that the influx of tens of thousands of American spectators and dignitaries will be "an intelligence bonanza" for both Russian spies and organized crime groups.
Russian President Vladimir Putin's domestic spying agency, the Federal Security Service (FSB), will snoop for indicators of terrorist activity. His intelligence services will also target dignitaries for intelligence collection, as they do around the world.
Mobsters hack devices for passwords and data to facilitate digital larceny and, at times, can be used as proxies by the FSB for any number of tasks, sources said. For instance, a recent cybersecurity report by private firm CrowdStrike fingered Russian intelligence as likely involved with, or at least aware of, the work of a hacker group known as "Energetic Bear," which has targeted Western energy interests.
U.S. officials generally are required to trade in their regular smartphones for "clean" devices when traveling to countries such as Russia and China, which have the most sophisticated spy operations. The assumption of government security officers, based on past experience, is that smartphones operating on foreign networks are easily comprised by foreign intelligence services.
The Russian electronic surveillance program, called SORM, rivals any American domestic FBI or NSA surveillance program -- with one key difference: the Russians don't need the formality of a court order to suck up all of the targeted person's data, which is archived for three years.
Security services are, as required by law, hardwired into the communications infrastructure here so they don't need the phone and internet companies to give them the data.
NBC, which is telecasting the Games as the U.S. rights holder, has warned employees that emails sent or received while in Sochi may not be private, according to sources.
"The Russians will own your communications when you go there. The only way to guard against that is to take a clean device and use a temporary email address," Joel Brenner, who served as U.S. National Counterintelligence Executive from 2006-2009, told ABC News.
Smartphones can be penetrated and comprised anytime they are out of the owner's hands, such as passing through an airport security screening checkpoint, or remotely by hackers through compromised cell signal towers or illicit mobile relay devices.
"The risk is the theft of personal data stored on a smartphone: your contacts, banking info, etcetera," the security contractor working on the Sochi Games said. "Criminal elements have ready access to the cell towers in Russia." Several current and former U.S. officials confirmed that organized crime figures in Russia are believed to have some access to cell towers in Sochi.
"That possibility exists," a U.S. official involved in securing the Games warned last week about the threat posed by both spy and hacker. "I wouldn't say everyone who goes will be considered a high value cyber-target, but there is a high likelihood that it will happen."
Another way compromised smartphones can be exploited is by turning cameras and microphones of a hacked phone into a secret spycam in which an adversary surreptitiously and remotely watches or eavesdrops on the targeted device's owner.
Director of National Intelligence James Clapper last week called out Russian intelligence services as a "leading" cyber threat to U.S. interests in his statement to a Senate hearing on the major security challenges facing the nation.
"Sophisticated foreign intelligence entities will continue to employ human and cyber means to collect national security information," Clapper said.
But while personal information is also at risk, Shawn Henry, a CrowdStrike senior executive, said it probably won't be high on the Russian' domestic intelligence services' list of priorities because they'll be busy trying to prevent Chechen Islamist militants from attacking the Olympic venue in Sochi or other targets over the next few weeks.
"People should be aware that their data is accessible because it's traveling on infrastructure controlled by the [Russian] government," said Henry, a former FBI executive assistant director at the head of computer crime and cybersecurity. "But they have limited resources and a much bigger threat there."