Journalists arriving for the Winter Olympics in Sochi filed thousands of reports, tweets and blogs about shoddily built hotels, putrid water and packs of stray dogs. They appear to be paying far less attention to another menace.
Russia has implemented what is perhaps the most invasive electronic surveillance operation in the history of the Olympic games, with special emphasis on monitoring foreign news agencies and journalists. Top Russian officials gave their stamp of approval in November, signing into law a decree giving the Federal Security Service, a successor to the KGB, a green light to collect telephone and Internet data on anyone connected with the Olympics.
While the Russians are not revealing details of their Sochi surveillance program, digital stalkers for SORM (System of Operative-Investigative Measures) the country’s electronic surveillance system, are known to be adept at intercepting cell phone conversations, e-mails, text messages and satellite communications.
Foreign media have highlighted aspects of the official snooping in Sochi, which appears to be a multi-pronged effort involving electronic surveillance, Internet communication and possibly even spy cams.
In what some saw as a slip of the tongue, Dmitry Kozak, deputy prime minister responsible for overseeing Olympic planning, told the Wall Street Journal in an interview last week, “We have surveillance video from the hotels that shows people turn on the shower, direct the nozzle at the wall and then leave the room for the whole day.”
An aide yanked the reporter away before he could ask a follow up question, and Kozak’s spokesman later denied that there were cameras in guests’ hotel rooms or shower stalls.
The Prague Review posted a photo of a shower nozzle in the shape of a camera on Twitter.
The technology enabling surveillance has been years in the making. Two Russian journalists described their country’s all-pervasive electronic spy system in the fall 2013 issue of World Policy Journal, writing that it not only collects and stores metadata – information about calls and destinations and durations – but also their content. “Over the last two years, the Kremlin has transformed Russia into a surveillance state—at a level that would have made the Soviet KGB (Committee for State Security) envious,” wrote Andrei Soldatov and Irina Borogan.
The Guardian’s Shaun Walker reported last fall that Russia was installing a controversial technology called deep packet inspection, “which allows intelligence agencies to filter users by particular keywords, across its network, and requiring that it be compatible with the SORM system.” The system tracks people who use certain words.
Fake phishing emails are another common technique used by cyber snoops. Imagine this scenario: A reporter receives an email about a gay rights demonstration in Sochi, instructing her to click on a link for time and place.
The moment she does, a keylogger is installed on the user’s computer, providing access to keystrokes, password files, screen shots and email texts. The information is transmitted back to whoever is controlling the spy operation. In the cyber world, it is known as malware, masquerading as a legitimate file or link.
The Russians have signaled they want every online connection to be available to their secret services.
The Committee to Protect Journalists warns, “There is no guarantee that the metadata would not be used a long time after the Games to separate journalists loyal to the state from critical ones.” Already, dozens of journalists covering Russia have been expelled or denied visas based on their reporting.
Are journalists in Sochi paying attention?
A random check of tweets by 125 foreign journalists in Sochi on Feb. 7 found no chatter about electronic devices being hacked or how to keep malicious software from turning their computers into espionage tools.
Instead, tweets focused on the breaking news of the moment: The grandeur of the opening ceremonies and parade of the world’s premier athletes; a would-be bomber attempting to divert a plane to Sochi, the stunning mountain scenery and pleasant weather.
“Journalists could be concerned about repercussions of tweeting or reporting about these issues while in Russia,” said Frank Smyth, executive director of Global Journalists Security, a private consulting and training firm in Washington, D.C.
“When surveillance is done well, it is invisible. They might suspect it, but it would be hard for them to verify.”
Last week, NBC News’ Richard Engel tested the waters with the help of a computer expert who set him up with new computers and a phony identity.
When Engel connected to the Internet in Sochi, he quickly received a suspicious email message. Upon opening it, his computer was immediately hacked. Engel reported that his computers and cell phone had been invaded within 24 hours, giving unknown entities the power to monitor his electronic activities.
Russia’s November decree authorizing surveillance was “not classified or passed quietly,” according to CPJ. Instead it was published in the state newspaper Rossilskaua Gazeta “as a warning and deterrent to journalists” and to promote self-censorship, especially among Russian media.
Before the games started, the U.S. State Department issued a warning: Travelers [to Sochi] “should have no expectation of privacy.”
CPJ and other international media watchdogs offer guidelines to help journalists secure electronic devices.
As journalists headed to Sochi, the European Federation of Journalists asked Alan Pearce, a cyber security and counter-surveillance expert, to provide “spy-proof measures.”
Among his advice: “Never let your devices out of your sight and this includes leaving them unattended in hotel rooms. It is very easy to scan the memory or plant malware inside.
“With laptops and tablets, place a sticker over any opening parts so you can see if the device has been tampered with. Better still, apply a coating of glitter nail polish and then take a photo of it with your smart phone. The glitter provides a unique pattern that cannot be replicated and which can later be compared to the photo.”
Pearce stressed: “Never open attachments or click on links if you are suspicious.”
Journalists who are concerned about cyber safety should check out the myriad of online resources such as the Portland, Oregon-based Small World News and its “Guide to Safely Using Satphones” (satellite phones) and other guidelines.
In 2012 CPJ added a chapter on cyber threats to its Journalist Security Guide posted on cpj.org. The BBC’s College of Journalism website posts tips on how to secure electronic devices.
Security expert Smyth warns, “The danger can be anywhere and everywhere. It’s up to journalists to be vigilant.”