Attendees at the Winter Olympics in Russia, home of unrestricted government surveillance and the world's best hackers, are being advised to toss any expectations of privacy when using electronic communications.
Americans attending the Olympics in Sochi, set to start Friday, should leave their personal smartphones, tablets and laptops at home and only take devices that are free of sensitive data and can be wiped clean to avoid taking malware back home, experts said.
"If individuals decide to bring their personal devices, consider all communications and files on them to be vulnerable to interception or confiscation," the U.S. Computer Emergency Response Team (US-CERT), a division of the Department of Homeland Security, said in an advisory issued this week.
Leave personal electronic devices at home and buy or borrow a smartphone or computer to take to Russia for the Winter Olympics.
Under Russian law, the FSB, the state security organization, can monitor, intercept and block all electronic communications, including phone conversations, and store them indefinitely, US-CERT said. In addition, Russia's national telecom operator Rostelecom has installed tools that enable government authorities to use keywords to search communications.
Encrypting data won't provide any protection, because Russian authorities have the right to confiscate any device storing data they deem as suspicious. So, people should be prepared to leave their computer at the airport when heading home.
"If you think this is a sad state of affairs, we're inclined to agree," Lysa Myers, security researcher for ESET, said in a blog post. "We started work on this blog post by looking at computer security advice we have given ahead of previous Olympics, but in the end we decided the best advice was to avoid taking devices that are not disposable, even if you are a security expert and know how to armor your devices against all known threats."
Making the situation direr are the many talented Russian hackers who infect computers with malware over public Wi-Fi networks and through malicious websites and spam.
"Assume all data on your device will be exfiltrated off the device," Drew Porter, senior security analyst with consulting firm Bishop Fox, told CruxialCIO.
Leave personal electronic devices at home to avoid hackers, government surveillance at Russian Olympics.
People should not log into their corporate networks, even with a VPN, unless arrangements have been made in advance with network and security staff, Porter said.
Instead of using a public Wi-Fi, travelers should purchase a prepaid 3G data plan before heading to Russia, Bogdan Botezatu, senior e-threat analyst for Bitdefender, said. Free Wi-Fi hotspots are the most risky because many have been rigged to capture and modify traffic to and from the mobile device.
Olympic attendees should also plan to withdraw cash from a bank each morning in order to pay for things in cash as much as possible, Botezatu said. Russian criminals often install on ATM machines and other locations devices called skimmers that steal credit- and debit-card numbers.
"Pay in cash rather than swiping cards in restaurants, gas stations and so on," he said.
At home, US-CERT warned companies sponsoring the Olympics to be prepared for cyberattacks from hactivist groups. One such organization called Anonymous Caucasus has threatened to attack any company financing or supporting the Games.