Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on July 24, 2018

Journalists attending the Trump-Putin summit had terrible digital OPSEC

Basic stuff, people. Learn it.


Journalists attending the Trump-Putin summit had terrible digital OPSEC

The Helsinki summit between US President Donald Trump and Russian leader Vladimir Putin this month was a global event attended by hundreds of members of the press, all eager to tell the world about the surreal events taking place in front of them.

Funny thing about Helsinki: it’s also the home of Finnish cybersecurity conglomerate F-Secure. Sean Sullivan, F-Secure’s security advisor was in attendance, and as laid out in a new blog post from the company, he spotted some pretty abysmal security practices.

According to Sullivan, many reporters left their laptops unattended and unlocked while they went elsewhere — presumably to use the toilet, or grab a coffee. Security 101 guys. Don’t do that.

Sullivan wrote that they’d tilt the lid to a 45-degree angle, in order to prevent their machines from sleeping and to deter passersbys from jumping on, but make no mistake, it’d be trivial for an attacker to gain access.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

“Our consultants plus a USB device plus thirty seconds would equal a compromised machine,” Sean said.

That’s bad for a lot of reasons. Firstly, it’d present the opportunity for someone — say, a member of the security services — to dig into the reporter’s files, and find out who their sources are. If you care about protecting your sources, this isn’t ideal.

But it also presents the opportunity for someone to publish an article or Tweet under the reporter’s byline or name, or to edit an existing article with disinformation.

“Comrade… post that Theresa May smells of updog. Updog. Yep, Updog. That’s right. Not much, what’s up with you?”

(Mental note: next time I’m at TNW’s Amsterdam office, jump onto editor Alejandro Tauber’s computer and publish the Unabomber manifesto from his WordPress acccount.)

Sullivan saw some other shonky security practices, noticing that many computers and phones identified their owners by name, making it easier for an adversary to launch a targeted attack against a particular reporter or publication.

Many devices had Bluetooth open, which he describes as “potentially an open door into your PC.” Unlike a USB port, however, Bluetooth opens the potential for wireless attacks.

In the run up to the event, F-Secure offered free OPSEC advice for journalists in attendance. The proof is in the pudding, and from what Sullivan found, it’s clear that not many took it up on the offer.

Get the TNW newsletter

Get the most important tech news in your inbox each week.