Aggressive Hackers Are Targeting Rio's Olympics

The Daily Dot is warning about fake wi-fi hubs around Rio, but also networks which decrypt SSL traffic. And Slashdot reader tedlistens writes: Steven Melendez at Fast Company reports on the cybercrime threat in Rio, and details a number of specific threats, from ATMs to promotional USB sticks to DDoS attacks [on the networks used by Olympic officials]... "Last week, a reporter for a North Carolina newspaper reported that his card was hacked immediately after using it at the gift shop at the IOC press center. And on Friday, two McClatchy reporters in Rio said their cards had been hacked and cloned soon after arrival."
Even home viewers will be targeted with "fraudulent emails and social media posts" with links to video clips, games, and apps with malware, as well as counterfeit ticket offers -- but the threats are worse if you're actually in Rio. "In an analysis last month of over 4,500 unique wireless access points around Rio, Kaspersky found that about a quarter of them are vulnerable or insecure, protected with an obsolete encryption algorithm or with no encryption at all."

Slavic founders of the Hellenistic perio

Ah. The Olympics. According to NBC the founders of the Hellenistic period were antihellenic Slavs from ancient Paeonia. Pure genius.

Re:Slavic founders of the Hellenistic perio

Has no editorial cartoonist yet given us that giant Jesus statue atop the mountain, doing a facepalm? or a hands-over-gut-and-mouth near-barf at what's happening down there?

Re:Slavic founders of the Hellenistic perio

Yeah, let's not talk about death by dysentery.

Re:Slavic founders of the Hellenistic perio

[K.+S.+Kyosuke]

Seriously, do you have a link? This is pure gold.

Re: Slavic founders of the Hellenistic perio

Goes to show why the country is in such catastrophic condition. Maybe fewer sex jokes and more basic stuff like getting the fish human remains the water would help. But no, you'll make sex jokes instead. Never mind the crime, pollution, corruption, and misery.

Fortunately, I know actually intelligent people in Brazil.

Re:Slavic founders of the Hellenistic perio

[ketomax]

What if Hacking was included in the Olympics? I bet Russia would be the world champions. But, then again they might be banned for enhancing their skills and good ol' China could walk away with the gold.

Re:Slavic founders of the Hellenistic perio

China could walk away with the gold

china would be disqualified for bribing judges and using ineligible 12-year-olds posing as 16-year-olds.

Re:Slavic founders of the Hellenistic perio

Brazil's IDH is higher than your beloved China, you prick, The IDH of the 350,000-dweller town I live in upstate Sao Paulo [which you never could conceive as exiting, because all your 1930's Hollywood induced jungle fantasies/delusions] is as high as the US. The last person to die from dysentery in Brazil must have been some Jap immigrant arriving on a dirty 'maru' in the 19th century. Your envy and incomprehensible hate of all things Brazilian blind you to the fact that this is an awesome country on the cusp of fulfilling its Manifest Destiny, which is to rule over the 21st century. Be used to that.

By the way, you didn't see that beautiful opening ceremony coming, did you? [of course not].

Re:Slavic founders of the Hellenistic perio

You mean the rip-off of the London Ceremony, just not as good?

Re:Slavic founders of the Hellenistic perio

Similar to this?

Re:Slavic founders of the Hellenistic perio

So would the FBI (US entry).

what a shit show

It is such a spectacle to watch Rio's inhabitants try to eat anyone dumb enough to travel there.

Welcome to the 3rd world

[Ritz_Just_Ritz]

Welcome to the third world. I suspect this will give some pause to even those corrupt Olympic committee members who accepted the bribes to give the nod to Rio.

People will look fondly back to where the major inconvenience was to put the toilet paper in a trash bin rather than flush it down in Sochi. Brasil has consistently snatched defeat from the jaws of victory at every turn.

I'm all for spreading around the wealth, but there should be some basic litmus test of "you can or cannot achieve even the most rudimentary accommodations for both athletes and visitors. It was pretty clear that Brasil wasn't in a position to pull this off, yet here we are.

Re:Welcome to the 3rd world

[ChunderDownunder]

the major inconvenience was to put the toilet paper in a trash bin rather than flush it down

Well I don't know about Brazil but that's the custom in Argentina, because of poor plumbing which will clog the pipes.

Re:Welcome to the 3rd world

[starless]

the major inconvenience was to put the toilet paper in a trash bin rather than flush it down

Well I don't know about Brazil but that's the custom in Argentina, because of poor plumbing which will clog the pipes.

Same in Brazil - at least it was the last time I was in Rio.

Re:Welcome to the 3rd world

Yeah, hackers would never get anywhere at a high-profile event in America.

Re:Welcome to the 3rd world

[pete6677]

If their toilets can't even take down some toilet paper, how will they take down my footlong American-sized turd?

Re:Welcome to the 3rd world

If their toilets can't even take down some toilet paper, how will they take down my footlong American-sized turd?

Pfft...that's a lightweight. My cable is so long and fat that it takes three flushes just to get everything down. Damn low flow toilets.

Re:Welcome to the 3rd world

That's OK. Your turd will be nothing but a watery mess after you eat the local food.

Re:Welcome to the 3rd world

[thegarbz]

I suspect this will give some pause to even those corrupt Olympic committee members who accepted the bribes to give the nod to Rio.

Really? Bankrupting a struggling 3rd world country, hosting an Olympic event in such filth that some teams have pulled out, going ahead against threats of spreading 3rd world viruses to places where that virus doesn't exist, and you think a bit of cybercrime prominent in tourist destinations will give them pause?

I'm all for spreading around the wealth

Wait are we still talking about the Olympics?

Re:Welcome to the 3rd world

It will refuse delivery on flush, and send it back to you.

Where it belongs :P

Re:Welcome to the 3rd world

Hmm, just for the record, we Brazilians are not happy to host and be used as a hub for a lot of viruses coming from abroad, either.

It is not like we had Zika here before the !@#$!@#$ Wolrd Cup. Or Chikungunya before our dumbas commanders got rid of the mandatory three-week quarantine on peace force soldiers coming back from hell/Haiti/Africa.

Re:Welcome to the 3rd world

that will not be a problem once you start eating the food and drinking the water.

Re:Welcome to the 3rd world

[hjf]

I don't know what shitty slum you stayed at when you visited Argentina and tried to save a few bucks staying with AirBNB... but I've lived here all my life and I have never heard of pipes clogging because of toilet paper. We flush paper down the toilet where I live.

Of course, that's when we actually use toilet paper. I use the bidet.

Re:Welcome to the 3rd world

Same in Brazil - at least it was the last time I was in Rio.

So, the same in RIO, not BRAZIL. I got 8-inch plumbing in Sao Paulo. It can take the turd of the fattest redneck in the US with room to spare.

BRAZIL IS NOT RIO.

BRAZIL IS WAY **BETTER** THAN RIO.

BRAZIL IS A GIGANTIC AND DIVERSE NATION.

STOP CONFUSING BRAZIL AND RIO.

Re: Welcome to the 3rd world

Yea I bet you like stuff tickling your asshole you fucking faggot.

I hate to say it

But it's a fucking shambles over there at the moment. Tech failures, controlled explosion of a bomb(least it was caught I guess), a media tent got a bullet through it, security failing miserably allowing people without credentials to get in, Swedish rowing coaches got mugged apparantly, a media cameraman had his camera stolen, unsafe bike track and a few foreigners were apparantly kidnapped a day ago. Pretty poor turnout for a lot of events as well.

Let's hope there's no more issues.

Re:Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

Someone sure sounds bitter, upset because you dedicated your life to sports, failed and realized you have nothing of value to contribute society?

Oh Really?

[JustAnotherOldGuy]

"The Daily Dot is warning about fake wi-fi hubs around Rio, but also networks which decrypt SSL traffic."

No shit? I thought this was a given in Rio. Or any large city.

Re:Oh Really?

[hjf]

Well yes. But we're hating on Rio nowadays. And on Pokemon Go.

Get with the program, man.

Internet access

[rmdingler]

Free WIFI is the new candy!

open wi-fi

in 7 years in Brasil I have never seen an open wi-fi.

an open wi-fi in Rio is an obvious honeypot

Re:open wi-fi

Correct. Standard modus-operandi around here is to have the Wifi password taped to a sign to the wall where "free wifi" is available (restaurands, bars, etc). It is WPA2-CCMP-PSK (sometimes also TKIP, whatever), never "open" (not that TKIP is really too different from open, but still...)

The only exception are the very few government-provided "free wifi" services, like the one in São Paulo public parks/squares (about 150), and the one in Copacabana beach. Those are implemented and operated by the private industry, BTW, the government only pays for it (at least in São Paulo).

Protected with obsolote encryption

Public access points are almost always protected with "an obsolete encryption algorithm". PSK-WPA and PSK-WPA2 with AES are both obsolete algorithms which give an attacker an easy way to capture all the data which is transmitted to and from a Wifi access point using those algorithms. If the key in these PSK algorithms is public information, anyone can decrypt your encrypted communication. They only need to make sure to get the complete handshake, which consists of the first two frames in each direction. These attack are completely automated and trivially simple to use.

Re:Protected with obsolote encryption

[KozmoStevnNaut]

How then would you properly secure a wireless network?* WPA-Enterprise with a RADIUS server?

* The correct answer is obviously to use a cable, but a lot of devices are badly designed with no ethernet ports. For shame.

Re:Protected with obsolote encryption

Yes, WPA(2)-Enterprise establishes individual keys securely through the use of a proper key exchange algorithm. Unfortunately WPA-Enterprise is an abomination of things tacked onto other things. It's not really just one protocol, but a collection of protocols. The configuration isn't for the faint of heart. Besides, it needs far too many frames before the connection is established, so you get to choose between inefficient and highly complex but potentially secure, and easy but insecure.

Re:Protected with obsolote encryption

WPA2-Enterprise cannot properly protect the group key, it is shared. There are ways around this, of course, but they waste air time for *each* station (thus, scales worse than O(n)), which basically are: 1. filter all broadcast/multicast traffic that is not essential (hint: a lot of it *is* essential); 2. change all essential broadcast/multicast traffic into replicated unicast traffic (thus destroying scalability even worse than it already is in Wifi).

Re:Protected with obsolote encryption

WPA2-Enterprise is not flawless, but Hole196 is a much less severe vulnerability than the key recovery possible with the PSK modes. The group temporal key is only used for broadcast traffic, which isn't really secret in the first place. You can cause some problems, but you can't decrypt unicast traffic.

Re:Protected with obsolote encryption

[KozmoStevnNaut]

So the most secure option is still to hop on a VPN immediately after connecting to wifi, no matter which security protocol it uses.

Use gift credit cards or cash

Guess all those security chips and other crap in credit cards do nothing

What else are a 1000 spies to do?

Probably some of those fake wifi hubs and decrypting ssl traffic networks are run by some of the 1000 US "spies" sent down to Rio to protect the Olympics.

Re: Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

Confirming that technical people have never created anything - all inventions in the world have come from jocks.

Re:Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

its. only. been. a. few. days. viruses. and. disease. take. a. little. longer. to. gestate. you. insipid. fucktard.

Re: Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

Wow. The height of human contribution. Drinking and womanizing. Please don't breed.

Re:Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

You sound like a typical American white cuckold slob whose wife makes him suck her lover's cock every day.
Enjoy your life bringing up other mens' children, Bitchboy!

Re:Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

The only part of that i found offensive was "American"

So them doobies

are takin it to the streets, down in rio?

They can't do that

[Trailer+Trash]

The Olympic committee has issued a decree that hackers cannot hack them. Also, if hackers do try to hack them they are not allowed to use any of the trademarks - including the word "Olympic" or the 5 rings symbol - in reference to their planned hacks.

Re:They can't do that

[drinkypoo]

Also, if hackers do try to hack them they are not allowed to use any of the trademarks - including the word "Olympic" or the 5 rings symbol - in reference to their planned hacks.

That's the only reason the IOC cares... they used the #Rio2016 hashtag in their ransom note

Re:They can't do that

[dwywit]

I'm waiting for /. to report that it's been served a lawsuit for using the word "Olympic" in an article.

Assuming /. isn't an official supporter, that is.

Re: Waaah! Waaah! Waaah! Olympics! Waaah! Waaah!

so that sure sounds like a yes.

Undoing secure sockets layer (SSL) traffic

[khz6955]

"the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link

Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection device.

Re:Undoing secure sockets layer (SSL) traffic

[acoustix]

"the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link

Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection device.

I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?

Re:Undoing secure sockets layer (SSL) traffic

[khz6955]

@acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"

Only if they found a universal method of cracking SSL, which is very unlikely.

Re:Undoing secure sockets layer (SSL) traffic

[acoustix]

@acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"

Only if they found a universal method of cracking SSL, which is very unlikely.

My Palo Alto firewall already does it. So what is stopping others from doing it using a mirrored port?

It doesn't spread the wealth though

[Sycraft-fu]

The Olympics is rarely a net gain for the country hosting it. Despite lots of tourism and lucrative media contracts, the cost is so high that usually they are coming out behind on the deal. Now that's ok for a country with a lot of money, who doesn't mind spending some on this kind of thing and maybe has a plan for the facilities after the games. However for a country like Brasil it is basically just a loss.

Do your worst!

Come at me Lvrboy666!

Notice from IOC

Notice of cease and desist:

It has come to our attention that Slashdot.com has used the word 'Olympics' in an article posted on it site. The use of this word, as well as the letter 'O', is not allowed by any company that is not an official Olympic sponsor. We demand that either the article in question be removed or the the offending word and letter be removed from the post.

With warmest regards,

The IOC

Safe

[MitchDev]

Not attending, watching, or even vaguely interested in the Olympics. OIympic-related e-mails are deleted unread...

Re:Safe

Also, McAffe can't scan for Zika.

Re:Safe

Also, McAffe can't scan for Zika.

So, Miami is screwed, eh?

Card hacked?

[mjwx]

that his card was hacked

You don't hack a card any more than you bake a car.

At best you can call it a colloquialism based on a gross misunderstanding. I prefer to call it ignorance and irresponsibility.

The "hack" in this case is just reading the card number, expiry date and name from the card. You can get that information in a variety of ways, hijacked/fraudulent card readers, RFID chips, just reading the front of the card. This is information the card gives out freely. So you have to be sure that where you use your card is secure.

Its not a hack, it's fraud.

This guy had his card details stolen because he was stupid. He wasn't paying attention to where he is (I will only use my card in an ATM in developing nations, everywhere else gets cash... and I'm very selective about my ATMs too). Its not Rio's fault he got scammed, it's his fault for not knowing how to handle Rio.

Beyond that, he'll refuse to take responsibility for himself thinking "the bank will take care of me" meanwhile the bank is trying to figure out how to make someone else pay for it.

Re:Card hacked?

>hacked
    Yes, the overuse of that word continues to cringe me. I mean it's also used ie: "life hacks", really? Hacking is hobbling something together from mismatched or unorthodox means... but the kiddies these days use it to mean anything 'sneaky'.

>meanwhile the bank is trying to figure out how to make someone else pay for it.
Exactly.

Regarding using cards in Rio

[Optic7]

I visit Rio frequently. My cards have been hacked twice there, I believe both times from swiping the magnetic stripe at the handheld terminals used in restaurants, shops, etc.

My rule now when I visit is to NEVER use a magnetic stripe at one of those portable terminals down there. ATMs are generally ok, especially if you check for skimmers, cover your PIN, use ATMs in bank lobbies, etc. Using a chip card at a portable terminal should also be ok, but I generally try to just use cash there whenever I can.

__WELL GEE BEAVER__

I guess all we have left to do is get the FBI and CIA to help us out by protecting us more? Protect us to death eh mother fuckers?

Maybe they will hack the Olympics so hard it smashes skyscrapers with planes flown by miscellaneous villagers in the middle east?

Uh.. uh... Maybe they would also hack the Olympics harder than that and steal 20 trillion dollars from US Tax payers?

Maybe FBI didn't eat their fucking Wheaties this morning?

I dont hate to say it

I hope they have more issues. i hope the Rio Olympics are such a huge disaster that no country will ever again cowtow to the IOC to bring their unholy mess to their city. I hope this puts a permanent end to the Olympics as we know them so that maybe someday decades in the future some less corrupt organization can resurrect the idea into something thats actually about athletics.

Re:I dont hate to say it

I hope they have more issues. i hope the Rio Olympics are such a huge disaster that no country will ever again cowtow to the IOC to bring their unholy mess to their city. I hope this puts a permanent end to the Olympics as we know them so that maybe someday decades in the future some less corrupt organization can resurrect the idea into something thats actually about athletics.

So the cup is almost empty for you. I genuinely pity you. I can almost see a sad fat American who hasn't laid down for months or years. Get out of the basement. See the world and the Sun. Be happy as the Brazilians do.

Re:I dont hate to say it

"Be happy as the Brazilians do." And drink Budweiser, the official beer of the 2016 olympic games!

Sorry, im confused now, am i supposed to "get out of the basement, & see the world and the sun" by staying in & watching the olypmics on teevee?

I think i'll go out & do something fun instead.

You know... like i usually do.