Despite claims by security experts that its story was “misleading” and “fraudulent,” NBC News on Friday defended its report that electronics taken to the Winter Olympics in Sochi can be instantly hacked -- telling FoxNews.com its story was designed to show in general how easily a non-expert can fall victim.
The report was introduced earlier this week by NBC anchor Brian Williams, who explained that people attending the Games in Sochi are at heightened risk of cybercrime.
“As tourists and families of athletes arrive in Sochi, if they haven’t been warned and if they fire up their phones at baggage claim, it’s probably too late to save the integrity of their electronics and everything inside them,” Williams said. “Visitors to Russia can expect to be hacked … and it’s not a matter of if, but when.”
Wednesday’s main report featured Richard Engel, speaking live from Sochi, revealing how a phone and several laptops set up by a threat researcher were hacked almost immediately after visiting several Olympic-themed websites.
But online malware is a real problem everywhere -- and not any more so in Sochi -- several leading security experts said after the report aired.
“In my view, this NBC News report went too far in deliberately misleading its audience,” wrote Graham Cluley, an independent security who formerly worked at companies like Sophos and McAfee. “The truth was that the ‘hacks’ had nothing to do with being in Sochi, Moscow, or any other part of Russia. The hacks would have worked just as well from any other part of the world, as they were dependent on visiting malicious Sochi-related websites rather than the user’s physical location.
“It really was a load of scaremonger nonsense,” Clulely told FoxNews.com on Friday.
Robert Graham, who blogs about security issues at Errata Security, went even further:
“That NBC story [is] 100 percent fraudulent,” he wrote. “It is wrong in every salient detail.”
NBC News spokeswoman Ali Zelenko defended the report, saying “the claims made on the blog are completely without merit." And while cyberattacks can happen anywhere, she said, they are “more likely” to occur in Russia.
"Of course this type of cyberattack can happen anywhere in the world, but the point we were demonstrating is that a user is more likely to be targeted by hackers while conducting search in Russia, and that such attacks happen with alarming speed from the moment a user goes online."
But Kyle Wilhoit, the Trend Micro security expert NBC interviewed in the segment, and who acknowledged on Twitter that he was never in Sochi (“They wouldn’t let me leave Moscow”), suggested that the report went too far.
“You just browsed to a Olympic-themed website -- the results would've been the same had you done it in the U.S.?” Graham asked him on Twitter.
“Agreed,” Wilhoit replied.
Wilhoit told FoxNews.com he was unable to comment further, but Thomas Moore, a spokesman for Trend Micro, said Wilhoit will write a paper that further details the security threats users face online.
Cluley said the same general rules for safety apply for Olympics fans from Russia to Rhode Island:
- Keep your computer and phones updated with the latest patches and anti-virus software.
- If you don’t need it, turn it off or remove it entirely from your computer. (Yes, I’m thinking of Java primarily, but the more programs and technology you have running on your computer, the greater the chance that one of them will have a vulnerability that could be exploited.)
- Don’t open unsolicited attachments or blindly click on links without thinking about where you might be going.
- If you’re going to use public Wi-Fi, make sure you’re using a VPN to hide your online activity from snoopers.
Mikko Hypponen, chief research officer at the security company F-Secure, took it a step further, noting that there may be no threat related to the Olympics at all.
“While there are some real security concerns, most coverage of cyber attacks during Olympics end up to be incorrectly reported or just hype,” Hypponen blogged in response to the NBC report.
He cited a report he wrote 20 years ago about a virus known as Olympic that had reportedly infected computers at the 1994 Winter Olympics in Lillehammer, Norway.
Those reports were false, he noted.