The Other Sochi Threat: Russian Spies, Mobsters Hacking Your Smartphones
Sources: American Olympic spectators' communications likely to be monitored.
Feb. 5, 2014 — -- While the world focuses on the threat of terrorism to the Winter Olympic Games in Sochi, Russia this month, spectators in the Black Sea town will face a stealthier threat to their digital lives from Russian spies and tech savvy mobsters, experts and security sources told ABC News.
Russian law allows its intelligence agents to do electronic snooping on anyone inside the country, meaning the phones and personal computers of thousands of foreign visitors, including Americans, are fair game. But even outside of the law, Russian organized crime groups also are well known for hacking smartphones and email for information they use for illicit profit.
"It's the same as during the Beijing Games -- the host government, private enterprise and individuals pose a big threat to people traveling to the Sochi Games, in respect to monitoring conversations on cell phones and intercepting texts and emails," one Olympic security contractor told ABC News last week.
"It should certainly be expected," agreed a senior U.S. intelligence official, who told ABC News that the influx of tens of thousands of American spectators and dignitaries will be "an intelligence bonanza" for both Russian spies and organized crime groups.
Russian President Vladimir Putin's domestic spying agency, the Federal Security Service (FSB), will snoop for indicators of terrorist activity. His intelligence services will also target dignitaries for intelligence collection, as they do around the world.
Mobsters hack devices for passwords and data to facilitate digital larceny and, at times, can be used as proxies by the FSB for any number of tasks, sources said. For instance, a recent cybersecurity report by private firm CrowdStrike fingered Russian intelligence as likely involved with, or at least aware of, the work of a hacker group known as "Energetic Bear," which has targeted Western energy interests.
U.S. officials generally are required to trade in their regular smartphones for "clean" devices when traveling to countries such as Russia and China, which have the most sophisticated spy operations. The assumption of government security officers, based on past experience, is that smartphones operating on foreign networks are easily comprised by foreign intelligence services.
The Russian electronic surveillance program, called SORM, rivals any American domestic FBI or NSA surveillance program -- with one key difference: the Russians don't need the formality of a court order to suck up all of the targeted person's data, which is archived for three years.
Security services are, as required by law, hardwired into the communications infrastructure here so they don't need the phone and internet companies to give them the data.
NBC, which is telecasting the Games as the U.S. rights holder, has warned employees that emails sent or received while in Sochi may not be private, according to sources.
"The Russians will own your communications when you go there. The only way to guard against that is to take a clean device and use a temporary email address," Joel Brenner, who served as U.S. National Counterintelligence Executive from 2006-2009, told ABC News.
Smartphones can be penetrated and comprised anytime they are out of the owner's hands, such as passing through an airport security screening checkpoint, or remotely by hackers through compromised cell signal towers or illicit mobile relay devices.
"The risk is the theft of personal data stored on a smartphone: your contacts, banking info, etcetera," the security contractor working on the Sochi Games said. "Criminal elements have ready access to the cell towers in Russia." Several current and former U.S. officials confirmed that organized crime figures in Russia are believed to have some access to cell towers in Sochi.
"That possibility exists," a U.S. official involved in securing the Games warned last week about the threat posed by both spy and hacker. "I wouldn't say everyone who goes will be considered a high value cyber-target, but there is a high likelihood that it will happen."