The Helsinki summit between US President Donald Trump and Russian leader Vladimir Putin this month was a global event attended by hundreds of members of the press, all eager to tell the world about the surreal events taking place in front of them.
Funny thing about Helsinki: itβs also the home of Finnish cybersecurity conglomerate F-Secure. Sean Sullivan, F-Secureβs security advisor was in attendance, and as laid out in a new blog post from the company, he spotted some pretty abysmal security practices.
According to Sullivan, many reporters left their laptops unattended and unlocked while they went elsewhere β presumably to use the toilet, or grab a coffee. Security 101 guys. Donβt do that.
Sullivan wrote that theyβd tilt the lid to a 45-degree angle, in order to prevent their machines from sleeping and to deter passersbys from jumping on, but make no mistake, itβd be trivial for an attacker to gain access.
βOur consultants plus a USB device plus thirty seconds would equal a compromised machine,β Sean said.
Thatβs bad for a lot of reasons. Firstly, itβd present the opportunity for someone β say, a member of the security services β to dig into the reporterβs files, and find out who their sources are. If you care about protecting your sources, this isnβt ideal.
But it also presents the opportunity for someone to publish an article or Tweet under the reporterβs byline or name, or to edit an existing article with disinformation.
(Mental note: next time Iβm at TNWβs Amsterdam office, jump onto editor Alejandro Tauberβs computer and publish the Unabomber manifesto from his WordPress acccount.)
Sullivan saw some other shonky security practices, noticing that many computers and phones identified their owners by name, making it easier for an adversary to launch a targeted attack against a particular reporter or publication.
Many devices had Bluetooth open, which he describes as βpotentially an open door into your PC.β Unlike a USB port, however, Bluetooth opens the potential for wireless attacks.
In the run up to the event, F-Secure offered free OPSEC advice for journalists in attendance. The proof is in the pudding, and from what Sullivan found, itβs clear that not many took it up on the offer.
Get the TNW newsletter
Get the most important tech news in your inbox each week.