Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aggressive Hackers Are Targeting Rio's Olympics (fastcompany.com)

Posted by EditorDavid on from the going-for-the-gold dept.

The Daily Dot is warning about fake wi-fi hubs around Rio, but also networks which decrypt SSL traffic. And Slashdot reader tedlistens writes: Steven Melendez at Fast Company reports on the cybercrime threat in Rio, and details a number of specific threats, from ATMs to promotional USB sticks to DDoS attacks [on the networks used by Olympic officials]... "Last week, a reporter for a North Carolina newspaper reported that his card was hacked immediately after using it at the gift shop at the IOC press center. And on Friday, two McClatchy reporters in Rio said their cards had been hacked and cloned soon after arrival."
Even home viewers will be targeted with "fraudulent emails and social media posts" with links to video clips, games, and apps with malware, as well as counterfeit ticket offers -- but the threats are worse if you're actually in Rio. "In an analysis last month of over 4,500 unique wireless access points around Rio, Kaspersky found that about a quarter of them are vulnerable or insecure, protected with an obsolete encryption algorithm or with no encryption at all."

28 of 71 comments (clear)

  1. Welcome to the 3rd world by Ritz_Just_Ritz · · Score: 3, Insightful

    Welcome to the third world. I suspect this will give some pause to even those corrupt Olympic committee members who accepted the bribes to give the nod to Rio.

    People will look fondly back to where the major inconvenience was to put the toilet paper in a trash bin rather than flush it down in Sochi. Brasil has consistently snatched defeat from the jaws of victory at every turn.

    I'm all for spreading around the wealth, but there should be some basic litmus test of "you can or cannot achieve even the most rudimentary accommodations for both athletes and visitors. It was pretty clear that Brasil wasn't in a position to pull this off, yet here we are.

    1. Re:Welcome to the 3rd world by ChunderDownunder · · Score: 1

      the major inconvenience was to put the toilet paper in a trash bin rather than flush it down

      Well I don't know about Brazil but that's the custom in Argentina, because of poor plumbing which will clog the pipes.

    2. Re:Welcome to the 3rd world by starless · · Score: 1

      the major inconvenience was to put the toilet paper in a trash bin rather than flush it down

      Well I don't know about Brazil but that's the custom in Argentina, because of poor plumbing which will clog the pipes.

      Same in Brazil - at least it was the last time I was in Rio.

    3. Re:Welcome to the 3rd world by Anonymous Coward · · Score: 1

      Yeah, hackers would never get anywhere at a high-profile event in America.

    4. Re:Welcome to the 3rd world by pete6677 · · Score: 4, Funny

      If their toilets can't even take down some toilet paper, how will they take down my footlong American-sized turd?

    5. Re:Welcome to the 3rd world by thegarbz · · Score: 1

      I suspect this will give some pause to even those corrupt Olympic committee members who accepted the bribes to give the nod to Rio.

      Really? Bankrupting a struggling 3rd world country, hosting an Olympic event in such filth that some teams have pulled out, going ahead against threats of spreading 3rd world viruses to places where that virus doesn't exist, and you think a bit of cybercrime prominent in tourist destinations will give them pause?

      I'm all for spreading around the wealth

      Wait are we still talking about the Olympics?

    6. Re:Welcome to the 3rd world by hjf · · Score: 1

      I don't know what shitty slum you stayed at when you visited Argentina and tried to save a few bucks staying with AirBNB... but I've lived here all my life and I have never heard of pipes clogging because of toilet paper. We flush paper down the toilet where I live.

      Of course, that's when we actually use toilet paper. I use the bidet.

  2. I hate to say it by Anonymous Coward · · Score: 5, Informative

    But it's a fucking shambles over there at the moment. Tech failures, controlled explosion of a bomb(least it was caught I guess), a media tent got a bullet through it, security failing miserably allowing people without credentials to get in, Swedish rowing coaches got mugged apparantly, a media cameraman had his camera stolen, unsafe bike track and a few foreigners were apparantly kidnapped a day ago. Pretty poor turnout for a lot of events as well.

    Let's hope there's no more issues.

  3. Oh Really? by JustAnotherOldGuy · · Score: 2

    "The Daily Dot is warning about fake wi-fi hubs around Rio, but also networks which decrypt SSL traffic."

    No shit? I thought this was a given in Rio. Or any large city.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Oh Really? by hjf · · Score: 1

      Well yes. But we're hating on Rio nowadays. And on Pokemon Go.

      Get with the program, man.

  4. Internet access by rmdingler · · Score: 1

    Free WIFI is the new candy!

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  5. open wi-fi by Anonymous Coward · · Score: 2, Interesting

    in 7 years in Brasil I have never seen an open wi-fi.

    an open wi-fi in Rio is an obvious honeypot

  6. They can't do that by Trailer+Trash · · Score: 3, Funny

    The Olympic committee has issued a decree that hackers cannot hack them. Also, if hackers do try to hack them they are not allowed to use any of the trademarks - including the word "Olympic" or the 5 rings symbol - in reference to their planned hacks.

    --
    Do you have ESP?
    1. Re:They can't do that by drinkypoo · · Score: 1

      Also, if hackers do try to hack them they are not allowed to use any of the trademarks - including the word "Olympic" or the 5 rings symbol - in reference to their planned hacks.

      That's the only reason the IOC cares... they used the #Rio2016 hashtag in their ransom note

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:They can't do that by dwywit · · Score: 2

      I'm waiting for /. to report that it's been served a lawsuit for using the word "Olympic" in an article.

      Assuming /. isn't an official supporter, that is.

      --
      They sentenced me to twenty years of boredom
  7. Re:Slavic founders of the Hellenistic perio by K.+S.+Kyosuke · · Score: 1

    Seriously, do you have a link? This is pure gold.

    --
    Ezekiel 23:20
  8. Undoing secure sockets layer (SSL) traffic by khz6955 · · Score: 3, Informative

    "the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link

    Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection device.

    1. Re:Undoing secure sockets layer (SSL) traffic by acoustix · · Score: 1

      "the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic — undoing a protocol put in place to keep data protected." link

      Only if the client desktop computer is configured to accept forged certs as used in the Cisco SSL Inspection device.

      I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?

      --
      "A plan fiendishly clever in its intricacies"- Homer Simpson
    2. Re:Undoing secure sockets layer (SSL) traffic by khz6955 · · Score: 1

      @acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"

      Only if they found a universal method of cracking SSL, which is very unlikely.

    3. Re:Undoing secure sockets layer (SSL) traffic by acoustix · · Score: 1

      @acoustix: "I was thinking the same thing, but what if a person used a span port to mirror the traffic and send the mirrored traffic to a device capable of SSL decrypt? Couldn't that info be logged using that method?"

      Only if they found a universal method of cracking SSL, which is very unlikely.

      My Palo Alto firewall already does it. So what is stopping others from doing it using a mirrored port?

      --
      "A plan fiendishly clever in its intricacies"- Homer Simpson
  9. It doesn't spread the wealth though by Sycraft-fu · · Score: 3, Interesting

    The Olympics is rarely a net gain for the country hosting it. Despite lots of tourism and lucrative media contracts, the cost is so high that usually they are coming out behind on the deal. Now that's ok for a country with a lot of money, who doesn't mind spending some on this kind of thing and maybe has a plan for the facilities after the games. However for a country like Brasil it is basically just a loss.

  10. Re:Protected with obsolote encryption by KozmoStevnNaut · · Score: 1

    How then would you properly secure a wireless network?* WPA-Enterprise with a RADIUS server?

    * The correct answer is obviously to use a cable, but a lot of devices are badly designed with no ethernet ports. For shame.

    --
    Eat the rich.
  11. Re:Slavic founders of the Hellenistic perio by ketomax · · Score: 1

    What if Hacking was included in the Olympics? I bet Russia would be the world champions. But, then again they might be banned for enhancing their skills and good ol' China could walk away with the gold.

  12. Safe by MitchDev · · Score: 1

    Not attending, watching, or even vaguely interested in the Olympics. OIympic-related e-mails are deleted unread...

  13. Card hacked? by mjwx · · Score: 2

    that his card was hacked

    You don't hack a card any more than you bake a car.

    At best you can call it a colloquialism based on a gross misunderstanding. I prefer to call it ignorance and irresponsibility.

    The "hack" in this case is just reading the card number, expiry date and name from the card. You can get that information in a variety of ways, hijacked/fraudulent card readers, RFID chips, just reading the front of the card. This is information the card gives out freely. So you have to be sure that where you use your card is secure.

    Its not a hack, it's fraud.

    This guy had his card details stolen because he was stupid. He wasn't paying attention to where he is (I will only use my card in an ATM in developing nations, everywhere else gets cash... and I'm very selective about my ATMs too). Its not Rio's fault he got scammed, it's his fault for not knowing how to handle Rio.

    Beyond that, he'll refuse to take responsibility for himself thinking "the bank will take care of me" meanwhile the bank is trying to figure out how to make someone else pay for it.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.
  14. Regarding using cards in Rio by Optic7 · · Score: 1

    I visit Rio frequently. My cards have been hacked twice there, I believe both times from swiping the magnetic stripe at the handheld terminals used in restaurants, shops, etc.

    My rule now when I visit is to NEVER use a magnetic stripe at one of those portable terminals down there. ATMs are generally ok, especially if you check for skimmers, cover your PIN, use ATMs in bank lobbies, etc. Using a chip card at a portable terminal should also be ok, but I generally try to just use cash there whenever I can.

  15. I dont hate to say it by Anonymous Coward · · Score: 1

    I hope they have more issues. i hope the Rio Olympics are such a huge disaster that no country will ever again cowtow to the IOC to bring their unholy mess to their city. I hope this puts a permanent end to the Olympics as we know them so that maybe someday decades in the future some less corrupt organization can resurrect the idea into something thats actually about athletics.

  16. Re:Protected with obsolote encryption by KozmoStevnNaut · · Score: 1

    So the most secure option is still to hop on a VPN immediately after connecting to wifi, no matter which security protocol it uses.

    --
    Eat the rich.