Doubts Raised Over NBC's Story About Getting Hacked in Sochi

This article is from the archive of our partner .

NBC may be the latest culprit in disseminating fake “crazy Sochi,” stories, according to one cyber security firm, which claims that the news outlet’s recent report on hacking in Sochi is pretty much totally false. (Update: NBC has responded to this story below.)

This week, NBC aired a segment of Richard Engel allegedly showing his computer being hacked upon connecting to the Internet in a cafe in Sochi. According to Engel, “it doesn’t take long here for someone to try to tap into your laptop, cellphone, or tablet.” When introducing the segment, Brian Williams says:

As tourists and families of athletes arrive in Sochi, if they haven't been warned and if they fire up their phones at baggage claim it's probably too late to save the integrity of their electronics and everything inside them. Visitors to Russia can expect to be hacked, and as Richard Engel found out upon his arrival there it's not a matter of if, but when.

The message is pretty clear. In Sochi, the Internet hacks you.

Engel and security expert Kyle Wilhoit set out for a cafe, where they browse an Olympic website using a mobile device. According to Engel, the phone began to download malware “almost immediately,” and “hijacked our phone before we even finished our coffee, stealing my information and giving hackers the option to tap and record my phone calls.”

Wilhoit adds that Engel’s computers were infiltrated in “less than one minute,” and that hackers started stealing data within 24 hours. To avoid a breach, Engel recommends avoiding public wifi and unnecessary devices, which is a tall order for visitors who are likely fearing a terrorist attack, and may want access to their state department sites.

It’s easy to take the story at face value. Conditions in Sochi are (in some cases) genuinely concerning -- with journalists telling of open manholes, dangerous hotel water, and double-booked rooms -- and a major hack on U.S. retailer Target has been traced back to Russia. But reporters in Sochi have been exaggerating the extent of their troubles, and a number of fake images and stories have emerged online. And security expert Robert Graham thinks this story should be taken with a very large grain of salt.

Graham writes on his website that Engel is extremely misleading in presenting his case, listing three major offenses:

1. They aren't in Sochi, but in Moscow, 1007 miles away.

2. The "hack" happens because of the websites they visit (Olympic themed websites), not their physical location. The results would've been the same in America.

3. The phone didn't "get" hacked; Richard Engel initiated the download of a hostile Android app onto his phone.

According to Graham, Engel did, indeed, get hacked in the cafe -- but not because he connected to their wifi. Graham argues that he would have only been at more risk of the breach in Russia than in the U.S. because Google promotes home-country sites, so he is more likely to have been directed to a fake Olympics site in a Russian cafe than an American one. But other than that, any breach could have been avoided by basic Internet safety measures like, in Graham’s words, “don’t click on stuff.” Graham says the only other thing he learned from Engel is "don't let Richard Engel borrow your phone,” but that Wilhoit did offer some helpful information -- although the NBC segment didn’t broadcast it:

[Wilhoit is] working on a blog with the full technical details. I'm sure it'll be great, with lots of details about what hackers can find with Maltego, the dangers of hostile websites, and so on -- the sort of great information totally lost in the nonsense that is the NBC story.

According to CNET, NBC has yet to respond to the allegation. But some techies on Twitter have already sided with Graham and are favoring his perspective.

Seriously embarrassing for NBC and Richard Engel. If a Russian journo was this unprofessional in America we'd laugh. http://t.co/oSUQR7hP3E
— Tom Gara (@tomgara) February 7, 2014

Just saw the NBC News story on Sochi hacking. So… Engel clicked on malware and installed it on his phone? Seems kind of FUD-dy
— Mat Honan (@mat) February 6, 2014

Errata Security makes a compelling case that Richard Engel's hacking report was misleading at best, false at worst http://t.co/cxCYeiizWH
— Alex Weprin (@alexweprin) February 7, 2014

Even if Engel's story is false, people in Sochi should probably be careful about how they use their devices. You wouldn't want a dancing mall bear to take off with your personal information.

Update: NBC has responded to Graham's blog post, calling it "completely without merit." In a statement, an NBC News representative issued a point-by-point reaction:

1- From the very first frame it was made absolutely clear that the piece was taped in Moscow. Richard welcomed the expert to Moscow on camera, in front of a well-known Moscow landmark.

2- Of course this type of cyber attack can happen anywhere in the world, but the point we were demonstrating is that a user is more likely to be targeted by hackers while conducting search in Russia, and that such attacks happen with alarming speed from the moment a user goes online.

3- The story was designed to show how a non-expert can easily fall victim to a cyber attack when they are deceived into downloading a piece of malicious software that is disguised as a friendly message or alert. Just like any regular user, Richard went online, searched sites and was very quickly targeted and received a tailored fake message designed to trick him into downloading the software.

The representative added that "we also simultaneously published a 3-minute video on nbcnews.com for viewers more interested in the technical details, and it goes into more depth about how we conducted the experiment and what the results were."

This article is from the archive of our partner The Wire.

About the Author

Danielle Wiener-Bronner is a former staff writer for The Wire. Her work has appeared in The Huffington Post and Reuters.

More comfortable online than out partying, post-Millennials are safer, physically, than adolescents have ever been. But they’re on the brink of a mental-health crisis.

One day last summer, around noon, I called Athena, a 13-year-old who lives in Houston, Texas. She answered her phone—she’s had an iPhone since she was 11—sounding as if she’d just woken up. We chatted about her favorite songs and TV shows, and I asked her what she likes to do with her friends. “We go to the mall,” she said. “Do your parents drop you off?,” I asked, recalling my own middle-school days, in the 1980s, when I’d enjoy a few parent-free hours shopping with my friends. “No—I go with my family,” she replied. “We’ll go with my mom and brothers and walk a little behind them. I just have to tell my mom where we’re going. I have to check in every hour or every 30 minutes.”

Those mall trips are infrequent—about once a month. More often, Athena and her friends spend time together on their phones, unchaperoned. Unlike the teens of my generation, who might have spent an evening tying up the family landline with gossip, they talk on Snapchat, the smartphone app that allows users to send pictures and videos that quickly disappear. They make sure to keep up their Snapstreaks, which show how many days in a row they have Snapchatted with each other. Sometimes they save screenshots of particularly ridiculous pictures of friends. “It’s good blackmail,” Athena said. (Because she’s a minor, I’m not using her real name.) She told me she’d spent most of the summer hanging out alone in her room with her phone. That’s just the way her generation is, she said. “We didn’t have a choice to know any life without iPads or iPhones. I think we like our phones more than we like actual people.”