Recently, I was asked by NBC to participate in an experiment to deploy honeypots in Moscow, Russia, to see how fast they would be compromised. Taking a few steps from my previous blog, this post is intended to clarify some items; in addition an accompanying white paper will discuss the technical details behind the incidents that occurred. Click here to read “Experiment Shows Russia is Still a Hotbed of Nefarious Digital Activity: Part 1.”
First, all the attacks required some kind of user interaction. Whether to execute “applications” or to open a Microsoft Word document, all the attacks shown required user interaction in order to compromise the device.
Second, these attacks could happen anywhere. They would not just happen in Moscow, nor did it require us to be in Moscow. Whether those attacks occur while you are sitting in a coffee shop in Berlin, or your home in Tokyo, these types of attacks can and do occur, on a worldwide scale.
Third, the infections occurred on newly unboxed hardware. Had basic security precautions such as updating the operating system or not opening emails from unrecognized sources been done, these attacks could have been prevented. A more detailed NBC video explaining these precautions can be seen here.
Finally, to reiterate, while all three devices looked like they had been compromised with no user interactions that was just not the case. Incorrect impressions may have been formed due to the editing process; no zero-days were used and all infections required plenty of risky behavior to succeed.
This blog post and the accompanying white paper both recommend various security best practices that most experts follow, and have been part of our advice to the general public for many years.