Fake Computer Security Stories Don’t Help Anyone

I first saw this the weekly standard blog post stating NBC: All Visitors to Sochi Olympics Immediately Hacked after a retweet by John Siracusa regarding the ridiculous way the ‘computer security expert’ opened a MacBook Air box. The premiss of the story was exactly as per the headline: that all visitors to the Sochi Olympics are getting hacked as soon as their electronic devices connect to any Russian network.

I thought the story was hyperbole when I saw it, and didn’t end up watching it all the way through, but today noticed [Daring Fireball] highlighting a blog post by Robert Graham titled That NBC story 100% fraudulent. In part that post notes:

The story shows Richard Engel “getting hacked” while in a cafe in Russia. It is wrong in every salient detail.

  1. They aren’t in Sochi, but in Moscow, 1007 miles away.
  2. The “hack” happens because of the websites they visit (Olympic themed websites), not their physical location. The results would’ve been the same in America.
  3. The phone didn’t “get” hacked; Richard Engel initiated the download of a hostile Android app onto his phone.
  4. …and in order to download the Android app, Engel had to disable a lock that prevents such downloads – something few users do [update].

Stories like this don’t do anything to help anyone. Computer security is a real issue that is significantly contributed to by many computer users not having a basic understanding of how the technology they are using actually works. This story perpetuates the belief that there is nothing individuals can do to be safe, which in turn kills any motivation to learn.