On Wednesday, NBC News' reporter Richard Engel gave a jarring report of just how bad the problem of hackers is in Sochi, reporting that his phone was hijacked "before we even finished our coffee."
The report was pretty scary, but the technical details simply aren't adding up, according to cyber security researchers. In one of the most incredible moments of his report, Engel's smartphone seemingly downloads a piece of malicious software that "hijacks" his phone.
But there are a number of holes, as Robert Graham lays out on his blog at Errata Security:
- They aren't actually in Sochi (they are in Moscow).
- The "hack" happens because of the websites they visit (Olympic themed websites), not their physical location. The results would've been the same in America.
- The phone didn't "get" hacked; Richard Engel initiated the download of a hostile Android app onto his phone.
I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day. But the story was nothing of the sort.
Put more simply: Engel basically visited a bad website, clicked a button he shouldn't have, and downloaded malicious software himself. That's far different from a hacker actually working to crack a password or worse.
"In this case, he would have been hit in Russia; just the same way he would if in Philadelphia," tweeted security researcher Kyle Wilhoit, who was in the report with Engel.
That's also the case for the "hacked" computers, which were apparently not hacked in the true sense, but compromised due to browsing malicious websites or receiving phishing emails.
Wilhoit, who works for Trend Micro, also criticized the editing of the report. "Unfortunately, the editing got the best of the story," he tweeted. "Cut a lot of the technical/context details out."
A full technical paper from Wilhoit on what exactly happened is due on Friday, according to his Twitter feed.
We've reached out to NBC for comment.
You can watch the full report below: