Aggressive Hackers Are Targeting Rio's Olympics (fastcompany.com) 71
The Daily Dot is warning about fake wi-fi hubs around Rio, but also networks which decrypt SSL traffic. And Slashdot reader tedlistens writes:
Steven Melendez at Fast Company reports on the cybercrime threat in Rio, and details a number of specific threats, from ATMs to promotional USB sticks to DDoS attacks [on the networks used by Olympic officials]... "Last week, a reporter for a North Carolina newspaper reported that his card was hacked immediately after using it at the gift shop at the IOC press center. And on Friday, two McClatchy reporters in Rio said their cards had been hacked and cloned soon after arrival."
Even home viewers will be targeted with "fraudulent emails and social media posts" with links to video clips, games, and apps with malware, as well as counterfeit ticket offers -- but the threats are worse if you're actually in Rio. "In an analysis last month of over 4,500 unique wireless access points around Rio, Kaspersky found that about a quarter of them are vulnerable or insecure, protected with an obsolete encryption algorithm or with no encryption at all."
Even home viewers will be targeted with "fraudulent emails and social media posts" with links to video clips, games, and apps with malware, as well as counterfeit ticket offers -- but the threats are worse if you're actually in Rio. "In an analysis last month of over 4,500 unique wireless access points around Rio, Kaspersky found that about a quarter of them are vulnerable or insecure, protected with an obsolete encryption algorithm or with no encryption at all."
Re: (Score:2)
Re: (Score:1)
Welcome to the 3rd world (Score:4, Insightful)
Welcome to the third world. I suspect this will give some pause to even those corrupt Olympic committee members who accepted the bribes to give the nod to Rio.
People will look fondly back to where the major inconvenience was to put the toilet paper in a trash bin rather than flush it down in Sochi. Brasil has consistently snatched defeat from the jaws of victory at every turn.
I'm all for spreading around the wealth, but there should be some basic litmus test of "you can or cannot achieve even the most rudimentary accommodations for both athletes and visitors. It was pretty clear that Brasil wasn't in a position to pull this off, yet here we are.
Re: (Score:2)
Well I don't know about Brazil but that's the custom in Argentina, because of poor plumbing which will clog the pipes.
Re: (Score:2)
Well I don't know about Brazil but that's the custom in Argentina, because of poor plumbing which will clog the pipes.
Same in Brazil - at least it was the last time I was in Rio.
Re:Welcome to the 3rd world (Score:5, Funny)
If their toilets can't even take down some toilet paper, how will they take down my footlong American-sized turd?
Re: (Score:2)
I don't know what shitty slum you stayed at when you visited Argentina and tried to save a few bucks staying with AirBNB... but I've lived here all my life and I have never heard of pipes clogging because of toilet paper. We flush paper down the toilet where I live.
Of course, that's when we actually use toilet paper. I use the bidet.
Re: (Score:1)
Yeah, hackers would never get anywhere [theregister.co.uk] at a high-profile event in America.
It doesn't spread the wealth though (Score:4, Interesting)
The Olympics is rarely a net gain for the country hosting it. Despite lots of tourism and lucrative media contracts, the cost is so high that usually they are coming out behind on the deal. Now that's ok for a country with a lot of money, who doesn't mind spending some on this kind of thing and maybe has a plan for the facilities after the games. However for a country like Brasil it is basically just a loss.
Re: (Score:2)
I suspect this will give some pause to even those corrupt Olympic committee members who accepted the bribes to give the nod to Rio.
Really? Bankrupting a struggling 3rd world country, hosting an Olympic event in such filth that some teams have pulled out, going ahead against threats of spreading 3rd world viruses to places where that virus doesn't exist, and you think a bit of cybercrime prominent in tourist destinations will give them pause?
I'm all for spreading around the wealth
Wait are we still talking about the Olympics?
I hate to say it (Score:5, Informative)
But it's a fucking shambles over there at the moment. Tech failures, controlled explosion of a bomb(least it was caught I guess), a media tent got a bullet through it, security failing miserably allowing people without credentials to get in, Swedish rowing coaches got mugged apparantly, a media cameraman had his camera stolen, unsafe bike track and a few foreigners were apparantly kidnapped a day ago. Pretty poor turnout for a lot of events as well.
Let's hope there's no more issues.
I dont hate to say it (Score:1)
I hope they have more issues. i hope the Rio Olympics are such a huge disaster that no country will ever again cowtow to the IOC to bring their unholy mess to their city. I hope this puts a permanent end to the Olympics as we know them so that maybe someday decades in the future some less corrupt organization can resurrect the idea into something thats actually about athletics.
Oh Really? (Score:3)
"The Daily Dot is warning about fake wi-fi hubs around Rio, but also networks which decrypt SSL traffic."
No shit? I thought this was a given in Rio. Or any large city.
Re: (Score:2)
Well yes. But we're hating on Rio nowadays. And on Pokemon Go.
Get with the program, man.
Internet access (Score:2)
open wi-fi (Score:2, Interesting)
in 7 years in Brasil I have never seen an open wi-fi.
an open wi-fi in Rio is an obvious honeypot
Re: (Score:2)
How then would you properly secure a wireless network?* WPA-Enterprise with a RADIUS server?
* The correct answer is obviously to use a cable, but a lot of devices are badly designed with no ethernet ports. For shame.
Re: (Score:2)
So the most secure option is still to hop on a VPN immediately after connecting to wifi, no matter which security protocol it uses.
They can't do that (Score:4, Funny)
The Olympic committee has issued a decree that hackers cannot hack them. Also, if hackers do try to hack them they are not allowed to use any of the trademarks - including the word "Olympic" or the 5 rings symbol - in reference to their planned hacks.
Re: (Score:2)
Also, if hackers do try to hack them they are not allowed to use any of the trademarks - including the word "Olympic" or the 5 rings symbol - in reference to their planned hacks.
That's the only reason the IOC cares... they used the #Rio2016 hashtag in their ransom note
Re: (Score:3)
I'm waiting for /. to report that it's been served a lawsuit for using the word "Olympic" in an article.
Assuming /. isn't an official supporter, that is.
Undoing secure sockets layer (SSL) traffic (Score:4, Informative)
Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection [cisco.com] device.
Re: (Score:2)
"the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link [dailydot.com]
Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection [cisco.com] device.
I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?
Re: (Score:2)
Only if they found a universal method of cracking SSL, which is very unlikely.
Re: (Score:2)
@acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"
Only if they found a universal method of cracking SSL, which is very unlikely.
My Palo Alto firewall already does it. So what is stopping others from doing it using a mirrored port?
Safe (Score:2)
Not attending, watching, or even vaguely interested in the Olympics. OIympic-related e-mails are deleted unread...
Card hacked? (Score:3)
that his card was hacked
You don't hack a card any more than you bake a car.
At best you can call it a colloquialism based on a gross misunderstanding. I prefer to call it ignorance and irresponsibility.
The "hack" in this case is just reading the card number, expiry date and name from the card. You can get that information in a variety of ways, hijacked/fraudulent card readers, RFID chips, just reading the front of the card. This is information the card gives out freely. So you have to be sure that where you use your card is secure.
Its not a hack, it's fraud.
This guy had his card details stolen because he was stupid. He wasn't paying attention to where he is (I will only use my card in an ATM in developing nations, everywhere else gets cash... and I'm very selective about my ATMs too). Its not Rio's fault he got scammed, it's his fault for not knowing how to handle Rio.
Beyond that, he'll refuse to take responsibility for himself thinking "the bank will take care of me" meanwhile the bank is trying to figure out how to make someone else pay for it.
Regarding using cards in Rio (Score:2)
I visit Rio frequently. My cards have been hacked twice there, I believe both times from swiping the magnetic stripe at the handheld terminals used in restaurants, shops, etc.
My rule now when I visit is to NEVER use a magnetic stripe at one of those portable terminals down there. ATMs are generally ok, especially if you check for skimmers, cover your PIN, use ATMs in bank lobbies, etc. Using a chip card at a portable terminal should also be ok, but I generally try to just use cash there whenever I can.