
NBC Story about Hacking at Sochi is 100% Fraudulent - julespitt
http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html
======
NathanKP
The longer version of the report shows more details:

[http://www.nbcnews.com/watch/nbc-news-web-extra/honeypot-
tes...](http://www.nbcnews.com/watch/nbc-news-web-extra/honeypot-tests-
likelihood-of-hackings-in-russia-137595971642)

On the phone they went to a website and ignored warnings in order to download
and execute a malicious APK. On the PC they followed a link in a scammy
looking phishing email to download and open a malicious Office document. On
the Mac they visited a website that had an ad suggesting that they needed an
"antivirus program" so they downloaded and installed it.

So the devices were hacked not because Sochi is especially dangerous, but
because of pure stupidity. Nothing can help you if you deliberately ignore
warnings, and deliberately install Trojan horse malware. The exact same thing
would have happened in the US.

~~~
osipov
A bit offtopic but the recent "Russian anti-gay law" media coverage is as
credible as this hacking story:
[http://www.blacklistednews.com/The_Olympics_of_Hate_in_a_Nat...](http://www.blacklistednews.com/The_Olympics_of_Hate_in_a_Nation_of_Anti-
Gay_Laws%3F_/32494/0/38/38/Y/M.html)

~~~
chimeracoder
That analysis isn't entirely accurate either. For example:

> Since 1993 gay sex was made legal in Russia, in 12 US States gay sex is a
> crime.

The law is still on the books, but ever since _Lawrence v. Texas_ [0], gay sex
is legal in all 50 states (and all US territories). They're on the books
simply because of inertia - there's no impetus to pass a new law repealing a
law that's already been invalidated.

Others include:

> In Russia you cannot be fired from your job for being an LGBT individual, in
> the United States you can

This depends highly on the state. Some states even protect transgender
individuals.

Also, comparing Russia's laws to the US's laws is inherently flawed. For
example, I could mention that Iran conducts more sex reassignment operations
than any other country in the entire world, except Thailand![1]

But before we go ahead and praise Iran for being progressive with regard to
transgender rights, let's understand that they do this because they assume
that homosexuality and being trans are the same thing, and the government pays
for forced gender reassignment of gay people[2].

So it's very easy to make the US look bad in comparison to other countries,
especially since the US is more federated than many other countries (ie,
states have more leeway), _and_ the US is larger (so it's easier to cherry-
pick examples). But that doesn't mean the US is actually worse.

[0]
[https://en.wikipedia.org/wiki/Lawrence_v_texas](https://en.wikipedia.org/wiki/Lawrence_v_texas)

[1]
[https://en.wikipedia.org/wiki/Transsexuality_in_Iran](https://en.wikipedia.org/wiki/Transsexuality_in_Iran)

[2] There's some subtlety to this (we could debate the exact nature of the
word "forced"), but that's basically how it works.

~~~
mercurial
> This depends highly on the state. Some states even protect transgender
> individuals.

Are you seriously saying that you can legally fire somebody for being gay in
some US states? Wouldn't you get sued for discrimination if you did that?

~~~
auctiontheory
_Are you seriously saying that you can legally fire somebody for being gay in
some US states?_

Yes. I'm surprised that you're surprised. Under Obama the tide has definitely
turned in favor of gay rights, but gay people are still very far from being
equally protected under the law nationwide.

And if the next US President is a Republican, many Obama-era gay rights
advances might very well be rolled back.

~~~
mercurial
I'm European, this might explain my surprise. My understanding was that
employers were usually very careful to avoid lawsuits for wrongful termination
when firing people. I had not understood that in some places, discrimination
against people with the wrong sexual orientation is fair game, while
discrimination against people with the wrong skin colour isn't.

~~~
jedrek
Not to mention that most states have moved to at will employment, which means
that you can be fired for no reason.

~~~
beagle3
But "at will" means you can be fired for any reason _except_ if the reason is
"being in a protected class". Those include pregnant women, for examples.

It is so ridiculous it is funny. In the US, the law guarantees NO paid
maternity leave, but you can't fire a pregnant lady. So, as soon as she gives
birth, you can stop paying her (but not fire her), and then, two weeks after
she comes back from maternity leave, you can fire her (because she is no
longer in a protected class). So, basically, all this protection amounts to is
... about two extra weeks of severance.

US is pretty sad when it comes to labour law and employee rights - and most
people living in the US are somehow under the illusion that it is better for
them.

Does anyone know if sexual preference or sexual orientation is a recognized
protected class?

~~~
sailfast
It is true that the US does not guarantee maternity / paternity leave, however
many companies do have it, and some are very generous. It's a great incentive
to get good people on board.

While I agree that a minimum is a good idea (though not sure how it would be
legislated in practice) I also appreciate that the lack of labor regulation in
the US results in a labor force and companies that are more responsive to
change than in Europe and other places that are heavily regulated.

As for protected classes, it seems that sexual preference is kind of covered
under Title VII, but it's flimsy (this is at the Federal level):
[http://www.eeoc.gov/federal/otherprotections.cfm](http://www.eeoc.gov/federal/otherprotections.cfm)

~~~
beagle3
In european countries you get between 3 and 12 months of paid
maternity/paternity leave by law (in some countries, maternity only, in
others, 12 months divide between parents). In some countries you can extend
this by 3-6 month of unpaid leave while still protected against termination.

> I also appreciate that the lack of labor regulation in the US results in a
> labor force and companies that are more responsive to change than in Europe
> and other places that are heavily regulated.

companies that are more "responsive to change"? What does this mean? Yes, they
respond more easily to quarterly results by firing, but I don't know of anyone
outside of Wall Street that considers this a good thing.

The US labour situation is all f _cked up, sorry - up until last year, health
insurance was tied to employers (meaning people kept working in places they
hated, or did not start a new venture, for health coverage). Now, it 's just
ultra expensive and tied to a location. (Moved? unlikely you can keep your
coverage)

Some places in Europe are f_cked up in the other extreme - e.g. I've heard
from people in Austria and in Denmark that they won't hire employees because
they won't be able to fire them without a year's notice.

But the e.g. UK, Northern Ireland, Sweden and Germany are doing fine on the
both the health care and labour law fronts.

------
afreak
One of the things that I think is going on here is that there is a bias (and
for very good reason) towards Russia and other Eastern European countries due
to the number of malicious activity encountered from the likes of malware and
security attacks.

However, one thing that everyone should keep in mind is that Russians do not
"shit where they eat". It is not very common for any Russian group to
specifically target people within their own borders as that would bring upon a
lot of attention.

It is 100% likely that their connections are being monitored and 100% likely
that a dossier is being built on reporters and officials visiting the country,
but it is 100% for sure that they're not being specifically targeted with
malware. If they are, the person initiating the attack is going to find
themselves in a lot of heat.

Engel's Wikipedia article is quite fluffy on that note:

[http://en.wikipedia.org/wiki/Richard_Engel](http://en.wikipedia.org/wiki/Richard_Engel)

~~~
tomphoolery
That's really interesting. I assumed a lot of this "hacker fear" was due to
the fact that a lot of these "professional" hackers happen to exist in Russia
and Eastern Europe, there have to be a few who are just not that good and do
it for fun or internet points. Wouldn't imagine the professionals to be caught
up in this mess, as I'm sure they have more lucrative things to work on, but
maybe a younger hacker or hacker group might step up and try to fuck around?

This is, of course, assuming all of this is being perpetrated by regular
civilians, not the Russian government. Seems that a "dossier built on
reporters and officials" would be more interesting to a government rather than
a hacker group, don't you think? Is the Russian government being accused
of/watched for this kind of shit?

~~~
mkempe
During ethnographic research on security perceptions in business environments,
we found that most Americans in the IT domain imagine hackers to be evil
foreigners -- usually Russian or Chinese. A similar research program across
Europe showed the total absence of such projections in the mind of IT security
professionals.

It all came back to me as I watched the American media in the last few weeks,
bringing a number of negative stories on Sochi and Russia -- much more so than
in the European media I monitor.

~~~
smsm42
Is this baseless? I.e. it is known that both China and Russia (together with
other ex-USSR space) has extensive and flourishing cybercrime economy, and
enforcement there in that area is very weak. So I wonder for a random victim
of cybercriminal what is the chance the latter is indeed a foreigner?

Also I assume the research was done before Snowden revelations, where it was
known that foreign governments engage in cyberwarfare, but there was not known
US government does the same and the US government denied it does. Reinforcing
the image of the threat as the foreign one.

------
agwa
At 2:37 in the video, the "special software" that allegedly showed that the
computers had been hacked is a tcpdump revealing nothing but pings and DNS PTR
queries.

~~~
jamesbritt
This is like a 60 Minutes report on "hacking" where a guy from Symantec ran
Windows Task Manager for a credulous Leslie Stahl and postured about how all
that activity could be viruses.

~~~
sdegutis
Reminds me of VB GUI IP tracking[1] and double keyboarding[2].

[1]:
[http://www.youtube.com/watch?v=hkDD03yeLnU](http://www.youtube.com/watch?v=hkDD03yeLnU)

[2]:
[http://www.youtube.com/watch?v=u8qgehH3kEQ](http://www.youtube.com/watch?v=u8qgehH3kEQ)

~~~
fuzzix
>
> [http://www.youtube.com/watch?v=u8qgehH3kEQ](http://www.youtube.com/watch?v=u8qgehH3kEQ)

So this is what the pair programming experience is like!

I like to imagine the next scene is the two >1000 hacksaws explaining ssh,
remote X and basic Cisco admin to the yank-happy cord monster.

Ever been on IRC? It's exciting stuff:

[http://www.youtube.com/watch?v=O2rGTXHvPCQ](http://www.youtube.com/watch?v=O2rGTXHvPCQ)

~~~
dzhiurgis
Not to forget classic coding scene from Swordfish:

[http://www.youtube.com/watch?v=cmR3wIBJZbk](http://www.youtube.com/watch?v=cmR3wIBJZbk)

------
powertower
Can we please get back to discussing how Russia is abusing the US yogurt
company Chobani by not letting its yogurt cups into the country.

This is all over the news wire, every outlet is reporting on it, the Obama
administration has intervened, and it needs to be on top page of HN like now.

[http://www.nytimes.com/2014/02/06/nyregion/russia-
blocking-a...](http://www.nytimes.com/2014/02/06/nyregion/russia-blocking-a-
yogurt-shipment-from-reaching-us-olympians.html)

(*sarcasm)

Is there any story about Russia right now that's not actively searching to
criticize something?

~~~
microcolonel
The U.S. blocks the spontaneous import of goods which haven't been certified
for the U.S. market all the time, yet when russia applies the same criteria,
they're somehow differently evil and/or unsporting?

Sounds like freedom hating.

------
Demiurge
You can see huffingtonpost and drugereport post completely opposite,
manipulative, news as far as American politics go. However, when it comes to
international news, stories on both align perfectly, there is never a story
that's off of the USA-party line. Russia bad! Putin bad! Olympics bad! I
haven't seen a single positive thing, and I very much doubt there isn't a
single positive to report. I read plenty in Russian press, even anti-
establishment.

~~~
smsm42
There are many things I am sure they would agree on. Murder is bad. Theft is
bad. I haven't read any positive thing in the press about murder or theft. Is
it because they are all bought by anti-theft cabal or is it because they
actually agree on it being bad? Maybe they just think Putin is bad and the
preparation for Olympics was completely messed up.

As for positive reports - news usually aren't positive. It always has been so.
Nobody reports positive things unless they are exceptionally positive. Fireman
saves the lives of ten - news. Drunk driver plows into a tree - news. Drunk
man decides not to drive but walk and safely arrives home - not news. A man
comes from work, meets his wife and kisses her - not news.

~~~
br78
Murder is bad but was George Zimmerman justified? Is the death penalty just?

Never underestimated the news media's ability to split the American public in
half.

News isn't usually positive, but what do you think the tone of this coverage
is compared to the coverage of the London olympics?

I personally strongly dislike the way gay people are treated in Russia and I
am enjoying the drubbing they're getting from Western media.

But the parent comment is right, it's eerie to suddenly hear partisan media
singing from the same hymn sheet.

~~~
smsm42
Maybe in London when you get a hotel room doorknobs do not fall off?

~~~
aquadrop
Or maybe they do, but nobody makes international issue from that?

~~~
smsm42
Sure, everybody has agreed to hide leaking toilets and falling off doorknobs
in London but emphasize it in Russia. I'm sure Elders of Zion or reptiloid
Martians are behind that. Keep wearing that tinfoil hat.

------
GigabyteCoin
It's quite obvious that old habits die hard when it comes to North America vs.
Russia. We can't seem to manage to utter a single decent word about them via
public media.

I wasn't even aware that sports competition begins today, until today.

~~~
osipov
Old habits change quickly. Remember the 90s when we were friends? What does
not change are geopolitical realities of land vs. sea power.

------
pieterhg
What does he think he's doing with that MacBook box! @ 1m10s

~~~
hrrsn
I found that very strange. It doesn't even look like the original box.

~~~
andreyf
Perhaps they bought it in Russia and it has a different kind of packaging than
what you get in the US? I'm pretty sure opening the thick cardboard boxes I've
seen that way would be quite difficult.

------
znowi
I yet to see a single positive report on the Sochi Olympics. If I was a
conspiracy theorist, I might think there's a semi-hidden agenda to discredit
the games.

~~~
smsm42
You mean when you come to the hotel you booked months in advance and they say
there's no room for you and then when you finally get one you have the
bathroom leaking and the curtains falling down - and then you complain about
it, it must be the hidden agenda to discredit?

The guys there at Sochi obviously screwed up the hospitality part. If they
didn't screw up the games part, as soon as the games open, the tone would
change. If they screwed up that too, the tone would stay.

~~~
sp332
If Shaun White is complaining about your course being unsafe, it's probably
really bad
[http://abclocal.go.com/wls/story?section=news/sports&id=9420...](http://abclocal.go.com/wls/story?section=news/sports&id=9420235)

------
primitivesuave
Most news stories about technology where a technologically-illiterate reporter
relies on a so-called "leading expert" to tell him what to report are 100%
fraudulent. They did this for a surprisingly long time with Bitcoin, where the
"expert" would inform the reporter about SHA 256 collisions and the reporter
would twist that around into a statement like "so you're saying that Bitcoins
can be stolen?" Obviously, they can and have been stolen, but not by some
lucky bastard finding a SHA256 collision.

In the end, it is the general public that ends up with these ridiculous
misconceptions, while only a handful of people (e.g. the readers of HN)
actually see through these ridiculous stories.

~~~
judk
Next, apply this analysis to the cases where you watch some news about
medicine or politics or crime or whatever you are not expert in -- it is
likely just as wrong. (Gell-Mann Amnesia)

------
memracom
So many of the news stories about Russia recently have been fraudulent. Like
the uproar about the child protection law that is called an "anti-gay" law,
but nobody has found any evidence of the law being enforced. How many silly
laws get passed in the USA that never get enforced? That's what democracy is
all about. There is no wise all-knowing king who can rule by proclamation;
instead we muddle through with a crowd of flawed human beings who got
themselves elected by a bigger crowd of citizens who are at least as flawed as
the legislators.

And how come the haters of that Russian law, never target any of their venom
at the Russian legislators who wrote and passed that law with a large
majority?

Investigative journalism is dead. Journalists are now bought and paid for by
rich patrons. If you want to find a source of reliable news that you can
trust, then sorry, you are out of luck. That era has long since passed.

~~~
voyou
> nobody has found any evidence of the law being enforced

And yet:

"A Russian court has fined a newspaper editor for publishing an interview with
a gay school teacher who was quoted as saying 'homosexuality is normal.'"
[http://www.theguardian.com/media/greenslade/2014/feb/01/russ...](http://www.theguardian.com/media/greenslade/2014/feb/01/russia-
gay-rights)

~~~
arethuza
That reminds me of the daft "Section 28" law that the Conservatives introduced
in the UK (excluding NI) in the late 80s (now repealed):

 _The amendment stated that a local authority "shall not intentionally promote
homosexuality or publish material with the intention of promoting
homosexuality" or "promote the teaching in any maintained school of the
acceptability of homosexuality as a pretended family relationship"_

[http://en.wikipedia.org/wiki/Section_28](http://en.wikipedia.org/wiki/Section_28)

------
wildcardww
The NBC video definitely started to lose credibility when the security expert
proved he couldn't even open a box normally...

~~~
dublinben
That was actually the reporter.

~~~
wildcardww
Right you are - video credibility restored!

------
protomyth
Well, its not like they haven't lied before. The whole Chevrolet C/K-Series
pickup trucks Dateline story showed what they think of actual journalism. In
technology, they had that DEF CON fun from a while back.

------
stevewilhelm
The story wasn't 100% fraudulent:

"Personal Privacy Note: Travelers should be aware that Russian Federal law
permits the monitoring, retention and analysis of all data that traverses
Russian communication networks, including internet browsing, e-mail messages,
telephone calls, and fax transmissions." [1]

"Additionally, cyber criminals may use the games as a lure in spam, phishing
or drive-by-download campaigns to gain personally identifiable information or
harvest credentials for financial gain. Lastly, those physically attending the
games should be cognizant that their communications will likely be monitored."
[2]

Basically, while at Sochi, you will have very little digital privacy and if
you visit Olympic game related websites, they may attempt to (broadly
speaking) "hack" your computer.

[1]
[http://travel.state.gov/content/passports/english/go/Sochi.h...](http://travel.state.gov/content/passports/english/go/Sochi.html)

[2] [https://www.us-cert.gov/ncas/tips/ST14-001](https://www.us-
cert.gov/ncas/tips/ST14-001)

~~~
rhizome
That must be why the TSA just banned all liquids on carry-ons to there.

[http://www.foxnews.com/politics/2014/02/06/tsa-bans-carry-
on...](http://www.foxnews.com/politics/2014/02/06/tsa-bans-carry-on-liquids-
on-russia-flights-after-olympics-toothpaste-threat/)

~~~
shitlord
What does that have to do with anything in the parent post?

------
colinbartlett
The security researcher posted a followup:

[http://blog.trendmicro.com/russia-experience-
part-2/](http://blog.trendmicro.com/russia-experience-part-2/)

------
freshyill
The real scandal is the way that jackass opened that MacBook Air. What the
hell!

Also I'd _really_ like to know exactly _how_ they hacked Mac OS X. Because if
he downloaded something and then gave it his administrator password, that
doesn't count as being hacked.

~~~
smsm42
If you're an average journalist, it does. That looks exactly like in those
hacker movies, after all.

------
darkrabbi
It's disheartening that in 2014 the original article wasn't unanimously
dismissed as the sensationalist click-bait that it is.

------
downandout
It's sad that this investigation was misleading at best, fraudulent at worst.
But let's be serious for a moment. Using the local Wifi in Sochi, during the
Olympics or or more likely than not at any other time, probably isn't all that
safe of a thing to do. MITM, content modification, etc is quite likely to
occur at drastically higher rates than in many other parts of the world.
Russia is a hotbed of this kind of thing, and the vast influx of relatively
wealthy Olympic visitors make a prime target.

------
smsm42
I was immediately suspicious when I heard that, and when I watched the clip
which actually showed Moscow and not Sochi I just realized it's some baloney
of which news is full now and stopped watching. Good to confirm my decision
was correct.

------
jccalhoun
NBC has a comment at the end of CNET's story about it:
[http://news.cnet.com/8301-1009_3-57618533-83/sochi-hack-
repo...](http://news.cnet.com/8301-1009_3-57618533-83/sochi-hack-report-
fraudulent-security-researcher-charges/) " NBC, for its part, defended its
report.

'The claims made on the blog are completely without merit,' according to a
representative from NBC News."

------
jccalhoun
I just saw a tech news organization mention this and it just seemed entirely
too alarmist to be true. Turns out it was...

------
JTenerife
This is hilarious. And the winner of the Olympic Gold medal for FUD is ...
NBC.

But wait ... no need to be afraid:

"So what can you do?"

"Purchase ... antivirus software ... before you leave the country"

LOL

I can't wait coming to the US. Then I finally can connect to a US WiFi and go
to these famous websites named facebook.com and google.com.

------
josefresco
While I appreciate the debunking effort (the original article smelled fishy
and lacked details), the advice at the end is laughable. "don't click on
stuff" _really_? That's your security advice?!

------
frkncngz
i think they just removed that hilarious unboxing scene. original here:
[http://youtu.be/CNfQwrtKxWk?t=1m10s](http://youtu.be/CNfQwrtKxWk?t=1m10s)

------
jmnicolas
This is what happens when there's no consequence when public figures are
lying.

Politicians and journalists should lose their job / title FOREVER when they
are caught lying.

------
Geee
Well, I thought it was very fishy. It looked like propaganda.

~~~
Mikeb85
Pretty much everything we hear about Russia through English-speaking media is
propaganda...

~~~
breser
Here let me help you here. Your comment should read. "Pretty much everything
we hear through the media is propaganda." There much better now.

~~~
Mikeb85
Can't say I disagree... A lot of distraction techniques too.

------
jpswade
I don't think you mean Fraudulent.

adjective 1\. obtained, done by, or involving deception, especially criminal
deception.

I think you mean "inaccurate".

------
pje
> The only thing that can be confirmed by the story is "don't let Richard
> Engel borrow your phone"

------
sehugg
Leno's quip tonight: "I didn't know they had Target stores over there!"

------
commander_ahab
Not surprised from NBC, this wouldn't be the first time they were wrong.

------
rhizome
All in a day's work.

------
Houshalter
That's not 100% fraudulent, that's like 80% fraudulent.

------
zacinbusiness
Wtf is up with how that guy opens the MBA box?

------
shangxiao
lol all 4 comments on that article are about the way the guy opens the MacBook
box...

------
jackhulsom
You never know there, could've actually happened. it's he said she said ..

------
curious123
Side note: The story is not fraudulent, it is false.

------
Cowicide
My GF was watching that Comcast-NBC story and I stopped to look and I was very
much perplexed by the end of it. It just screamed of ridiculous FUD and I
loudly scoffed at it and walked away from the idiot box incredulous of what
I'd just witnessed.

I've seen a lot of sensationalized bullshit via the corporate mass media
before, but this took the cake. I wondered if it was "just me", but now I'm
seeing many others online and offline also noting how ridiculous it was with
more than obvious, dishonest fear mongering at play.

It got me thinking about how much Comcast must serve others in order to
maintain its corrupt, despised, anti-competitive oligopoly. Considering the
fact that multiple polls show that Comcast is one of the most despised
corporations in America, I don't think it would be too difficult to get many
Americans behind breaking up their oligopoly if the issue was pushed.

But, the government never pushes it. Comcast owes a great... no, massive debt
to the government for its very existence, incredible anti-competitive growth
and ability to continue to plunder Americans by becoming an increasingly
gargantuan oligopoly and near monopoly (when it comes to higher speed Internet
access in many areas).

I also don't think anyone who's been paying attention doubts that war
profiteers have taken over our government from the outside (via lobbying) and
the inside via their own politicians with Washington’s revolving door –
legislators and their staff members becoming lobbyists, and vice versa.

That said...

Russia deserves a lot of criticism to say the least, but the anti-Russian
propaganda from the mass media coming from the USA, etc. is getting pretty
thick, heavy and over the top. It's almost palpable at this point and it's
obviously stressing our relations with Russia. Between that and some
interesting issues with the Ukraine I'm starting to think the war profiteers
would very much like to push for and ramp up a new, profitable Cold War
between Russia and the USA again.

The war on terror thing is getting old and harder to justify with limitless
money and wars. With the Internet and average citizens utilizing it to spread
info to each other, it's becoming increasingly difficult to start deceptive,
profitable (open) wars or even just air strikes on places like Syria, for
example.

I'm not saying any of this is true and I sure hope it's not true, but the
propaganda is really getting laid on thick lately and I'm not sure what the
end-game is here. Even though many of the criticisms are certainly true
against Russia, it seems like it's really getting "poured on" in the last few
years and it's increasing tension with Russia on a scale I haven't seen since
our last Cold War with them.

I know it seems like I'm wearing a tinfoil hat and I'll understand if anyone
thinks I'm sounding looney... but, I think the risk is something to watch for
even if it is remote.

I mean, for all I know this is simply a bunch of geopolitical pushing around
that has nothing to do with any long term war profiteer agenda. I sincerely
hope that's true. But, if there's something else going on, I hope we've all
got our eyes wide open here and make sure we're not being led (yet again) into
something that sucks away lives and treasure for the benefit of the very few.
It's happened before (see Iraq) and I see no reason why the war profiteers
won't keep trying and trying again.

------
mlvljr
Finally, thanks from Saint-Petersburg :)

------
fuckpig
So does this mean that NBC is fraudulent?

We should remember that... around the time of the next election.

