The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) has issued security guidance for the Olympic Games in Sochi, Russia, which include warnings about hacktivist threats, spam, phishing, drive-by-download campaigns, and protecting your personal information.
US-CERT is a branch of of DHS’ National Cybersecurity and Communications Integration Center (NCCIC), and “leads efforts to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the Nation.”
The security guidance provided is both for those attending the games, and those who seek to follow the happenings by way of the internet, and warns that events of this magnitude provide an exceptional opportunity for criminals, as well as cautioning travelers that their communication will undoubtedly be monitored by the Russian Government.
Included in the guidance are the following:
A number of hacktivist campaigns may attach themselves to the upcoming Olympics simply to take advantage of the on-looking audience. For example, the hacktivist group, Anonymous Caucasus, has launched what appears to be a threat against any company that finances or supports the winter games. This group states the Sochi games infrastructure was built on the graves of 1 million innocent Caucasians who were murdered by the Russians in 1864. According to Trusted Third Party analysis, the group has been linked to distributed denial of service (DDoS) attacks on Russian banks in October 2013. Therefore, the group is likely capable of waging similar attacks on the websites of organizations they believe financed Olympic related activities; however, no specific threat or target has been identified at the time of this report.
Whether viewing live coverage, event replays, or checking medal statistics online, it’s important to visit only trusted websites. Events which gain significant public interest and media coverage are often used as lures for spam or spearphishing campaigns. Malicious actors may also create fake websites and domains that appear to be official Olympic news or coverage that can be used to deliver malware to an end user upon visiting the site (also known as drive-by downloads or wateringholes).
NBCUniversal offers exclusive coverage of the games for viewers via NBC, NBCSN, MSNBC, USA Network, NBCOlympics.com and corresponding Twitter, Facebook and Instagram accounts. Viewers should be wary of any other source claiming to provide live coverage. As always, it is best to visit trusted resources directly rather than clicking on emailed links or opening attachments.
Purchasing tickets or merchandise at the Games
According to the official Winter Olympics website: http://www.sochi2014.com, Visa will be the only card accepted for all purchases including tickets and merchandise at the Games. Tickets may only be purchased through Authorized Ticket Resellers (ATR). Individuals can validate the authenticity of an ATR offering tickets by using the “Website Checker” tool available on the official Sochi website. The designated ATR in the United States is CoSport, and at the time of this report, individuals purchasing tickets through CoSport may only pick up their tickets at CoSport’s Host City Collection Center in Sochi, Russia. Any ticket offer from a site not recognized as an ATR or accepting payment methods outside of VISA are likely fraudulent and should be met with skepticism.
Traveling to Sochi
When traveling abroad it’s important to know your host countries laws and policies, particularly when it comes to privacy. Russia has a national system of lawful interception of all electronic communications. The System of Operative-Investigative Measures, or SORM, legally allows the Russian FSB to monitor, intercept, and block any communication sent electronically (i.e. cell phone or landline calls, internet traffic, etc.). SORM-1 captures telephone and mobile phone communications, SORM-2 intercepts internet traffic, and SORM-3 collects information from all forms of communication, providing long-term storage of all information and data on subscribers, including actual recordings and locations. Reports of Rostelecom, Russia’s national telecom operator, installing deep packet inspection (DPI ) means authorities can easily use key words to search and filter communications. Therefore, it is important that attendees understand communications while at the Games should not be considered private.
Russia also retains broad inbound encryption license requirements. Taking laptops and other devices into the country is unrestricted; however software may be inspected upon departure. This means, any computer or software containing sensitive or encrypted data may be confiscated by Russian authorities when individuals depart from the country . Travelers may want to consider leaving personal electronic devices (e.g. laptops, smartphones, tablets) at home or alternatively bring loaner devices that do not already store sensitive data on them and can be wiped upon return to your home country. If individuals decide to bring their personal devices, consider all communications and files on them to be vulnerable to interception or confiscation.