Monthly Archives: February 2014

Surveillance in Sochi – A Summary of Events

Welcome to the 2014 Sochi Olympics.

Sochi – all eyes on me.

The road to the 2014 Winter Olympics in Sochi has been one paved in bathroom jokes and quips about drinking water. Those traveling abroad in the Russian city have posted pictures on their twitter accounts and other social media platforms, joking about how they are missing a door knob and willing to trade some light bulbs for one, or how stray dogs have become their companions, following them through their commute.

Accompanying the laughing, however, has been a serious feeling of paranoia – and not without merits. Before the opening ceremony had even kicked off, and as soon as some journalists and spectators had landed and connected to a nearby wireless router, they had possibly become victims of snoopers and malicious attacks.

But lets be careful here not to take the half-baked reporting route that a certain NBC special broadcast had, where a reporter and his hired techie side-hand demonstrated how their brand new laptop and cell phone were both “instantly hacked” as they entered a bar near Sochi’s airport. While I’m sure Russian hackers are taking advantage of the tourism in Sochi around now, this type of event could happen at just about any coffee shop across the globe (including your favorite Starbucks here in the states) where people with little or no understanding of security practices are connecting to public WiFi that probably isn’t properly secured itself. This stuff needs to be properly analyzed, after all.

Outside of this hyperbolic report, there has been an actual flurry of activity in Sochi in terms of eavesdropping, and not all of it should be downplayed. The fact is, while a pub in New York might have some local bad actors snooping on on internet traffic, steps have been taken in Russia to ensure that literally all of the local traffic can be vacuumed up regardless of the connection. This quickly assembled FSB surveillance campaign has been exposed in a recent Salon article:

On Wednesday, I spoke to Andrei Soldatov, a Russian investigative journalist who broke the biggest security story of the Sochi Olympics: SORM, the Russians’ virtual surveillance system. The Russian FSB (successor to the KGB) will monitor all communications between spectators, journalists, athletes and anyone else who visits (or lives in) Sochi. The U.S. State Department has warned business travelers to be careful with sensitive information, which “may be taken and shared with competitors, counterparts, and/or Russian regulatory and legal entities.” One security expert said SORM was like “PRISM on steroids.

“There’s not public outcry about these measures,” Soldatov said. “After every big terrorist attack, like Volgograd,” — where suicide bombings killed 34 people last month — “Russian society approves half-measures. And metadata seems quite innocent in comparison to what was proposed.” In October, for example, the lower house of the Russian Parliament approved a law to hold the relatives of terrorists financially responsible for crimes. Muslim women in nearby Dagestan say they have been asked to provide saliva samples to the FSB so that their body parts may be identified in the event of a suicide bombing.

Very bleak measures that need not even think of civil liberties are being taken for the event. Earlier on in the same article, we see the HUMINT capabilities of the Russian Government – 60,000 security personnel, one for every six residents of the Russian city.

And even more robust is SORM (System for Operative Investigative Activities), allowing deep packet inspection of just about anyone in the region. There’s no way out through a smaller or safer ISP either, with reports of providers refusing to install FSB software used with SORM.

Another hint of surveillance practices occurred early on before the opening ceremony. It was almost whispered in reporting from a Wall Street Journal article highlighting their tour taken of the revamped Russian city that would hold the seasons largest international athletic event:

Dmitry Kozak, the deputy prime minister responsible for the Olympic preparations, seemed to reflect the view held among many Russian officials that some Western visitors are deliberately trying to sabotage Sochi’s big debut out of bias against Russia. “We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day,” he said. An aide then pulled a reporter away before Mr. Kozak could be questioned further on surveillance in hotel rooms. “We’re doing a tour of the media center,” the aide said.

Careful there, Mr. Kozak! It’s okay, he quickly sent on of his cohorts to dispel the worry later that day:

A spokesman for Mr. Kozak later on Thursday said there is absolutely no surveillance in hotel rooms or bathrooms occupied by guests. He said there was surveillance on premises during construction and cleaning of Sochi’s venues and hotels and that is likely what Mr. Kozak was referencing. A senior official at a company that built a number of the hotels also said there is no such surveillance in rooms occupied by guest

The fact is, there is definitely a lot of surveillance going on in Russia, which one would expect with the elevated threats to their security against terrorists and other threats, but for a high ranking figure like Kozak to confidently blurt out “the westerners are wasting our water, and we know this because we watch them shower” brings the question of journalists, athletes, and other foreigners being targeted by that same surveillance apparatus to an even more physical level.

The State Department (DoS) even publicly announced that visitors in Sochi should have ‘no expectations of privacy’:

“Russian Federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including Internet browsing, email messages, telephone calls, and fax transmissions.”

So, really, this is spelled out in Russia’s law. I guess they don’t need it stamped by a judge in a secret court, even. The question comes to mind: how much of this is actively being intercepted and monitored by Russian intel agencies? Are journalists being targeted by the FSB, not just script kiddies and packet sniffers that want as many facebook credentials as possible? This could be a bigger problem on the threat level for those spending time reporting on the Winter Games. Imagine a LGBT activist in Russia has a new scoop on violent actions taken against the homosexual community in Russia – something that, if brought to the public, would surely cause an outcry against those responsible. With active targeting of plaintext communications, it could spell more than trouble for any reporter willing to talk to an activist over Sochi WiFi. Last year, the Reporters Without Borders ranked Russia 148 out 0f 179 countries on the Press Freedom Index, very close to the worst.

There is a possibility snooping through digital means has even had an impact on a key member of our very own DoS. a conference call that included Assistant Secretary of State for European Affairs Victoria Nuland. A video recently surfaced on YouTube containing audio from Secretary Nuland in which she is heard saying “..fuck the EU.” while talking about developments and strategies concerning Ukraine. Quickly after the audio was spread across the web, U.S. officials furiously claimed the conversations were intercepted by Russian hackers, which was quickly denied by an aide to the Deputy Prime Minister of the country, Dmitry Rogozin. While we don’t have verification on the who the actual culprit is (yet), the possibility of Russian involvement does seem to touch the realm of possibility. Or should we be more surprised that the conference was intercepted in the first place and not properly secured?

There are those who have come somewhat prepared, however, understanding the widening landscape of eavesdropping threats. Two of the Philelphia Flyers physicians are one example. Peter DeLuca and Gary Dorsheimer are working as medical representatives for the Olympic Mens U.S. Hockey team, and have been taking appropriate precautions. Their phones – probably full of both personal and patient/athlete’s data – have been left in at home, and they were issued “clean” new phones to be used in Sochi. The physicians are worried that someone could intercept their communications regarding the health (or lack thereof) of certain U.S. players, and they could be provided to another team to use as an advantage in the games.

Hopefully others in delicate positions are taking steps similar to these. But hey, we can’t all afford brand new “clean” phones to use for a couple of months. But did you notice how I mentioned encryption earlier? We could all do ourselves a favor if we would “Trust the math”, as Bruce Schneier would say. Encrypting every bit of data and communications possible on mobile phones and laptops with the appropriate tools is the second best bet. Second to leaving them off with their batteries out, or at home.

But what’s there to be done when you’re being watched in your hotel shower? And who knows where else? So while twitter giggles itself through the day over jamming hotel doors and other #SochiProblems, there are darker deeds being done that deserve more than a hashtag’s notice. Though many of these instances of unjustifiable surveillance have gone unverified, questions must be asked regarding possible serious privacy violations.


1 Comment

Filed under Uncategorized