How fast will the Russian Hackers takedown the tourists?

Oh my. Well, it is NBC. But still, it's sort of scary.

So, I'm not technical enough and they sort of elide over some of the details---but how precisely is the sniffing of the MacBook Air running Maverick happening (no, this isn't the "but Macs don't get viruses" statement, it's a "how do Macs get viruses" question)?

Is that happening because someone signs onto a public WiFi network and then, as they zip around, they give up their passwords as they sign in and out? And the HTTPS encryption is not secure enough to keep the hackers out? and voila, they're hacked?

And how could the Android-based phone, having done nothing at all except hop on a network, start downloading malware? Doesn't it need permissions or some user action?

Wish I understood these things.
As it is, I carry my own WiFi hotspot in the United States for exactly this reason---if it's not my network, I'm not signing on.
siftbotsays...

Self promoting this video and sending it back into the queue for one more try; last queued Wednesday, February 5th, 2014 7:41pm PST - promote requested by original submitter SFOGuy.

spawnflaggersays...

really need more details about this... When they had brand new devices, does that mean they were un-patched for known security holes? Or are all these exploits the Russians use unknown, and there are currently no patches, such that a completely patched/updated device is still vulnerable?

Any WiFi captive-portal "login" page could inject known browser exploits into the html - If you use your own MyFi (personal hotspot), and are willing to pay huge for roaming international data, then this form of attack isn't possible.

And the coffee shop owner probably doesn't know that their wireless access point is serving up malicious code. It was either hacked by who they bought it from, or whoever installed it, or by some hacker who went to the shop. But shame on the airport's IT security - if they have official WiFi that was also hacked. (but the criminals might have set up their own wireless and called it "Free Airport WiFi")

Every OS on every device (not just Windows) has security holes, Mac OS X included. The hole gets exploited to allow running some piece of software that the user didn't intend, and that software (malware/virus) collects user data and uploads it back to the criminals servers on the network (these 'data collection' servers are also usually attacked/compromised computers, so they can't be traced directly back to the criminals).

My advice to tourists would be to bring a "dumb" phone for voice calls. (keep bluetooth turned off though) Then you'll remember how great it was to only charge it once a week

BicycleRepairMansays...

Too little detail in this story, they never specify what kind of "hack" this is. My bet is on wifi hotspots set up by the hackers, which means you have to take the bait first, in order to be "hacked". In reality, when you log on to some complete stranger's wifi, you're basically saying "you're welcome to steal anything from me". Never, ever log on to a wifi-network you know nothing about. of course, this simple piece of good advice isnt as sexy as a "HACKERS WILL HACK YOU!!" headline

schlubsays...

#1) It's called fear-mongering and the media loves it
#2) There are various exploits available to intercept wireless communications.
#3) New computers are set up for the lay-person who doesn't know the first thing about security and thus has many security features turned off.
#4) It's EASY to spoof 802.11 WiFi access points and act as a man-in-the-middle
#5) 3G/4G are not very secure protocols and are similar to 802.11/802.16
#6) I really doubt there are legions of hackers standing at the ready to take all UR DATAZ. These are most certainly automated attacks.
#7) Apple computers suck bloated donkey balls.

SFOGuysays...

It seems that they go onto someone's ostensibly free WiFi and the malware happens.

Not sure how or why; browser based?
Roger

spawnflaggersaid:

really need more details about this... When they had brand new devices, does that mean they were un-patched for known security holes? Or are all these exploits the Russians use unknown, and there are currently no patches, such that a completely patched/updated device is still vulnerable?

Any WiFi captive-portal "login" page could inject known browser exploits into the html - If you use your own MyFi (personal hotspot), and are willing to pay huge for roaming international data, then this form of attack isn't possible.

And the coffee shop owner probably doesn't know that their wireless access point is serving up malicious code. It was either hacked by who they bought it from, or whoever installed it, or by some hacker who went to the shop. But shame on the airport's IT security - if they have official WiFi that was also hacked. (but the criminals might have set up their own wireless and called it "Free Airport WiFi")

Every OS on every device (not just Windows) has security holes, Mac OS X included. The hole gets exploited to allow running some piece of software that the user didn't intend, and that software (malware/virus) collects user data and uploads it back to the criminals servers on the network (these 'data collection' servers are also usually attacked/compromised computers, so they can't be traced directly back to the criminals).

My advice to tourists would be to bring a "dumb" phone for voice calls. (keep bluetooth turned off though) Then you'll remember how great it was to only charge it once a week

coolhundsays...

Has already been proven as BS. They got random malware from infected websites, and were never in Sochi (Moscow instead - 1000 miles away) and blamed Russian hackers. You cant prove any better that you have no clue about what you are talking about and have a different agenda than objective news and reports.

SFOGuysays...

So, for all three platforms (Lenovo, Macbook Air, Android phone), it did indeed appear to need some or all of the following actions:
1) You had to not update the OS's
2) You had to go to "bad" websites, at least one connected to Sochi duping
3) You had to click on things and do deeply unwise stuff once you were on the site.

That makes me feel better.
A little.

http://motherboard.vice.com/blog/how-nbcs-russian-hack-actually-happened-according-to-the-security-expert-who-set-it-up

coolhundsaid:

Has already been proven as BS. They got random malware from infected websites, and were never in Sochi (Moscow instead - 1000 miles away) and blamed Russian hackers. You cant prove any better that you have no clue about what you are talking about and have a different agenda than objective news and reports.

Send this Article to a Friend



Separate multiple emails with a comma (,); limit 5 recipients






Your email has been sent successfully!

Manage this Video in Your Playlists




notify when someone comments
X

This website uses cookies.

This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our Privacy Policy.

I agree
  
Learn More