In the days before the Sochi Olympics began, when the media were reporting everything that was going wrong, an NBC reporter announced that his computer was hacked almost immediately upon arriving at the Olympics.
Let me say right up front that I have long admired the work of Richard Engel, the reporter who made this revelation. This guy goes into war zones without blinking an eye. He was kidnapped, and then told the story of what he and his colleagues went through during their ordeal. So I was very interested when he announced his hacking story, which he revealed on one of my favorite news-related programs.
What I heard made me angry. It was a setup to be hacked. First, Engel made sure that viewers understood that computers and devices were brand-new by ripping them out of their boxes. He worked with a security expert, Kyle Wilhoit, to set up a profile on the devices. Almost immediately, the devices were being pinged by potential hackers, Engel breathlessly reported. And soon thereafter, he got a spearphishing email about being in Sochi for the Olympics. What did he do next? He clicked on the link or attachment (I’m not sure which – I could have sworn he said link on the report I saw, but others have said it was an attachment), and boom, his computer was compromised.
At this point, I was yelling at my television that of course he got hacked because he did the number-one thing you aren’t supposed to do when you get an email from an unknown source. You never click on the link without verifying it. I’d like to think that most of us know that by now, but spearphishing campaigns are so good that it isn’t hard to get fooled. Russia and Eastern Europe are the world’s hotbed for spam and malware, which Engel did acknowledge in the report I saw. However, he also did everything possible to have his devices hacked (he “fell” for the fake AV scam, as well), so of course he was a “victim.”
I was disappointed that Wilhoit remained silent during the clips shown on air. He could have discussed what Engel was doing wrong in order to get hacked and how it could have been prevented. In a Fox News story, it was reported that in a Twitter conversation with security expert Graham Cluley, Wilhoit did admit that this type of hack could happen anywhere, that it was not unique to arriving in Russia.
The reporting of this story made me angry. It was inaccurate, first of all, and tried to create an illusion that the situation was dire if you tried to use your computer in Russia. But it also fed into the fears of people already wary of Russia, the NSA, spying, and hacked credit cards at Target. The story created a crisis where none existed.
It’s not that we can’t learn from the story, however. It is a good reminder that all devices are at risk the moment they connect to the Internet. Botnets are pinging me and you as I type this. But we are especially vulnerable on the road, when using public Wi-Fi. The bottom line is to be smart. Don’t click on links or attachments from unknown sources. Password protect and encrypt everything. Make sure your Internet security software is turned on and updated.
Yes, you may be thinking, I know this already. But at the same time, I wonder how many people watched or heard about Engel’s report and thought that being hacked is inevitable, that no matter what you do, someone is going to invade your computer and your privacy. And then they ignore the most basic security practices.
Engel wanted to be hacked, so he did everything possible to make that happen. The one positive point revealed in his report is that he showed how just one reckless click can create havoc on your computer and any network to which you connect.