CyberSecurity at Sochi and at Home

Several news articles have referred to Russian surveillance at the just-concluded Sochi Olympics as “Prism on Steroids.” Surely they jest. Prism, the NSA’s widely cast surveillance net, is practically the definition of (cybersurveillance) steroids. One big difference would be which of the monitored give their consent to be monitored. Here in the USA where we are, in theory, governed by consent, we are surveilled secretly, whereas in Russia, there seems to be little effort at hiding government surveillance.

The Federal Security Service of the Russian Federation (FSB), the successor to the widely-feared KGB, had deep-packet inspection filters installed by every telephone company, wireless carrier, and Internet service provider that serves Sochi. The system can track sensitive phrases and intercept any data and voice traffic in and out of Sochi.

The NSA only has free reign with that kind of data going to or coming from outside the USA or from individuals who originated outside the USA, but only metadata for domestic users who only communicate domestically with domestics. Unless FISA has okayed it. Which has approved 99.97% of all surveillance requests made of it. Considering that the Olympics is an international event with thousands of international athletes and travelers, it would seem that most of the communications traffic at an American Olympics could expect about the same level of privacy as we saw at Sochi.

So, what’s a person who wants their communications to stay private to do? We could do like Julia Angwin, author of “Dragnet Nation” and buy a burner phone with cash, try to have multiple uncrackable passwords, create a false identity, use a shielded wallet. You could use private browsing of websites, anonymizers, proxy servers, and stay off of social networks – and use encryption for your emails. Still, in many places, and certainly at Sochi, that data – encrypted and not – is still getting sucked into storage.

But the rest of us, who like our Internet communications, friendships, and purchases without too much effort, can still take some precautions. Update your operating system regularly. Install, use, and update anti-malware software. Don’t click on links in any emails – instead, go to the website of the company by typing it in manually through a browser. Don’t use your Social Security number as ID. If someone asks you for passwords or SS# over the phone, call them back at the company’s main phone line that you yourself look up. Make your online purchases with a low-limit credit card (not a debit card) that you keep just for that purpose. Be aware of social hacking efforts.

Use fairly unguessable passwords and don’t use the same one on every website – and make sure that you at least do not use anybody’s name, any dates, any dictionary words, or any easy patterns of letters or numbers.

Finally, while taking prudent steps will go a long way toward not having your life be an open book to every Tom, Dick & Hacker that comes along, an assumption that your communications are completely private is likely an inaccurate assumption. Perhaps cyber-protection will one day become bulletproof. On the other hand, some prominent thinkers, like David Brin in The Transparent Society, believe that the solution is in spying on the spies – surveilling the surveillers.

As for returning from your trip to Sochi, it would not be a bad idea to do a factory reset of the devices you took along with you. After you save your pictures!

Subscribe to our free and informative weekly forensics newsletter!


Pin It on Pinterest

Share This