ST14-001: Sochi 2014 Olympic Games

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

ST14-001: Sochi 2014 Olympic Games [ https://www.us-cert.gov/ncas/tips/ST14-001 ] 02/04/2014 10:20 AM EST 
Original release date: February 04, 2014

  

_Overview:_

Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there 
are several cyber-related risks to consider. As with many international level media events, hacktivists may attempt to 
take advantage of the large audience to spread their own message. Additionally, cyber criminals may use the games as a 
lure in spam, phishing or drive-by-download campaigns to gain personally identifiable information or harvest 
credentials for financial gain. Lastly, those physically attending the games should be cognizant that their 
communications will likely be monitored.

_Hacktivists _

A number of hacktivist campaigns may attach themselves to the upcoming Olympics simply to take advantage of the 
on-looking audience. For example, the hacktivist group, Anonymous Caucasus, has launched what appears to be a threat 
against any company that finances or supports the winter games. This group states the Sochi games infrastructure was 
built on the graves of 1 million innocent Caucasians who were murdered by the Russians in 1864. According to Trusted 
Third Party analysis, the group has been linked to distributed denial of service (DDoS) attacks on Russian banks in 
October 2013. Therefore, the group is likely capable of waging similar attacks on the websites of organizations they 
believe financed Olympic related activities; however, no specific threat or target has been identified at the time of 
this report. 

 _Olympic coverage _

Whether viewing live coverage, event replays, or checking medal statistics online, it’s important to visit only trusted 
websites. Events which gain significant public interest and media coverage are often used as lures for spam or 
spearphishing campaigns. Malicious actors may also create fake websites and domains that appear to be official Olympic 
news or coverage that can be used to deliver malware to an end user upon visiting the site (also known as drive-by 
downloads or wateringholes).

NBCUniversal offers exclusive coverage of the games for viewers via NBC, NBCSN, MSNBC, USA Network, NBCOlympics.com and 
corresponding Twitter, Facebook and Instagram accounts. Viewers should be wary of any other source claiming to provide 
live coverage. As always, it is best to visit trusted resources directly rather than clicking on emailed links or 
opening attachments. 

_Purchasing tickets or merchandise at the Games_

According to the official Winter Olympics website: http://www.sochi2014.com [ http://www.sochi2014.com/ ], Visa will be 
the only card accepted for all purchases including tickets and merchandise at the Games. Tickets may only be purchased 
through Authorized Ticket Resellers (ATR). Individuals can validate the authenticity of an ATR offering tickets by 
using the “Website Checker” tool available on the official Sochi website. The designated ATR in the United States is 
CoSport, and at the time of this report, individuals purchasing tickets through CoSport may only pick up their tickets 
at CoSport’s Host City Collection Center in Sochi, Russia. Any ticket offer from a site not recognized as an ATR or 
accepting payment methods outside of VISA are likely fraudulent and should be met with skepticism.

_Traveling to Sochi _

When traveling abroad it’s important to know your host countries laws and policies, particularly when it comes to 
privacy. Russia has a national system of lawful interception of all electronic communications. The System of 
Operative-Investigative Measures, or SORM, legally allows the Russian FSB to monitor, intercept, and block any 
communication sent electronically (i.e. cell phone or landline calls, internet traffic, etc.). SORM-1 captures 
telephone and mobile phone communications, SORM-2 intercepts internet traffic, and SORM-3 collects information from all 
forms of communication, providing long-term storage of all information and data on subscribers, including actual 
recordings and locations. Reports of Rostelecom, Russia’s national telecom operator, installing deep packet inspection 
(DPI ) means authorities can easily use key words to search and filter communications. Therefore, it is important that 
attendees understand communications while at the Games should not be considered private.

Russia also retains broad inbound encryption license requirements. Taking laptops and other devices into the country is 
unrestricted; however software may be inspected upon departure. This means, any computer or software containing 
sensitive or encrypted data may be confiscated by Russian authorities when individuals depart from the country . 
Travelers may want to consider leaving personal electronic devices (e.g. laptops, smartphones, tablets) at home or 
alternatively bring loaner devices that do not already store sensitive data on them and can be wiped upon return to 
your home country. If individuals decide to bring their personal devices, consider all communications and files on them 
to be vulnerable to interception or confiscation.

  

 

References

  * Message from Caucasus Anonymous on Operation Pay Back for Sochi 2014 to Russian government [ 
http://www.kavkazcenter.com/eng/content/2013/12/30/18723.shtml ] 
  * NBC Olympics [ http://www.nbcolympics.com/ ] 
  * NBC Sports Pressbox [ 
http://nbcsportsgrouppressbox.com/2013/12/19/nbcuniversal-to-provide-unprecedented-coverage-of-2014-sochi-olympics/ ] 
  * CoSport [ https://www.cosport.com/ ] 
  * As Sochi Olympic venues are built, so are Kremlin's surveillance networks [ 
http://www.theguardian.com/world/2013/oct/06/sochi-olympic-venues-kremlin-surveillance ] 
  * How deep packet inspection works [ http://www.wired.co.uk/news/archive/2012-04/27/how-deep-packet-inspection-works 
] 
  * Use Caution When Traveling With Encryption Software  [ 
http://www.nationaldefensemagazine.org/archive/2013/August/pages/UseCautionWhenTravelingWithEncryptionSoftware.aspx ] 
________________________________________________________________________

Author: NCCIC Watch & Warning________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]