[BreachExchange] Why the 2018 Winter Olympics Are the Perfect Storm for Cyberattacks

Audrey McNeil audrey at riskbasedsecurity.com
Mon Feb 12 19:02:01 EST 2018


Cybersecurity has been a longstanding concern for the International Olympic
Committee (IOC) and host nations of the Games since the early 2000s.
Previous Olympic Games have had to contend with a multitude of cyber
threats, from the London 2012 Olympics—which experienced thousands of
intrusion attempts and one false-alarm threat to the power grid—to the Rio
2016 Olympics, which experienced a variety of hacks, including disclosures
of athletes' personal data.

However, the 2018 Winter Olympics in Pyeongchang, South Korea, present
further cybersecurity challenges, not just due to its location—80
kilometres from the border with North Korea—and geopolitical tensions, but
also due to major sporting events now becoming increasingly connected and
integrated with technology.

The increased connectivity and use of technology has opened the Games up to
more vulnerabilities and potential cyberattacks. Not only are the Olympic
Games available to view worldwide through a variety of broadcasting
platforms, but smart technologies are now also increasingly used in the
performance and judging of the sports themselves.

While most of the previous attacks have focused on ticket scams,
availability of IT services, and personal data, there are now more
substantial cyber threats to stadium operations, infrastructure,
broadcasting, and participants and visitors to the Games. There might also
be cyberattacks that compromise devices to spread propaganda or

More recent Olympic Games have experienced attacks on broadcast operations
and power systems seeking to limit viewer access to live broadcasts. For
example, the 2012 London Olympics were hit by Distributed Denial of Service
(DDoS) attacks from both alleged nation-state hackers and hacktivists.
While these attacks have had limited success, it is possible that
large-scale disruptions to broadcasting could have severe consequences to
events that rely on a large global audience and sponsorship.

Cybersecurity experts have already expressed concern over a number of cyber
threats to Pyeongchang, particularly in relation to nation-state activity.
South Korea has previously accused North Korea of cyberattacks on the
country, including one in 2013 that wiped numerous hard drives at South
Korean banks and broadcasters. Last month, a cybersecurity firm also
uncovered a sophisticated and targeted cyberattack aimed to steal data from
South Korean organisations associated with the Games.

There have also been warnings of the possibility that communications or
mobile networks are being monitored in the run-up to the Games.
Communications could be at risk of surveillance by nation-state actors for
either geopolitical gain—given the number of high-profile attendees from
the 92 participating nations—or to gain a competitive edge in the
competitions. Network monitoring could also be used to target individuals
or organisations in order to steal credentials or financial information.
This is particularly relevant as North Korea has recently been accused of
conducting widespread campaigns to steal cryptocurrency assets.

However, these cyber threats extend beyond North Korea. Fancy Bear, a
hacking group believed to be linked to the Russian government which rose to
prominence in 2016 after it released sensitive data on Olympic athletes
stolen from the World Anti-Doping Agency (WADA), continues to pose
problems. In January 2018, one cybersecurity firm discovered spoofed
domains imitating the WADA, the U.S. Anti-Doping Agency and the Olympic
Council of Asia, which were likely to be associated with the group.

In response to these threats, the South Korean government and Pyeongchang
organising committee have invested around £850,000 into cybersecurity
measures, as well as hiring a number of external cybersecurity firms during
the Games. However, these investments are dwarfed by the overall investment
into the Games and its associated infrastructure, which has exceeded £7
billion. The cyber threat has also prompted organisations such as Discovery
Communications, the European broadcaster for the Games, to take out cyber
insurance to cover in case of a cyberattack.

However, deploying cybersecurity measures across an event as large as the
2018 Winter Olympics is an exceedingly difficult task. Previous Olympics
have shown that information-sharing across the government, organising
committees, IOC, media companies, IT service delivery firms and other
organisations is incredibly challenging, but at the same time crucial to
security. For example, both the 2012 London and 2016 Rio de Janeiro
Olympics set up dedicated organisational structures to coordinate security
work and facilitate information exchange, but it is still unclear whether
the South Koreans have followed this practice.

It will also be the responsibility of individuals that are taking part in
the Games, either as spectators or participants, to ensure that they are
not compromised. Simple measures such as switching off the Wi-Fi and
Bluetooth connections of devices when not in use, using a credit card to
pay for online goods and services, updating the software of devices, and
using strong PINs and passwords can all help.

The Olympic Games could invite the most severe cyber threats to a major
sporting event in recent years. The location of the Games and increased
connectivity, both among the public and infrastructure, make them a prime
target for cyberattacks. For the IOC, successful cyberattacks could have
severe consequences and bring harm to attendants, participants, and
sponsors of the Olympics. A precedent of impactful cyber incidents at one
of the Olympic Games could also invite further adversary interest in future
events, making it increasingly difficult to adequately secure the Olympics
in the future.

More importantly for South Korea, one of the world's most technologically
advanced and digitally connected countries, the 2018 Winter Olympics come
at a time of heightened geopolitical tensions. Therefore, the stakes are
high. A successful cyberattack during the Olympics would result in immense
reputational loss for a nation that prides itself on being at the forefront
of technology.

South Korea has also taken several steps to stabilise relations with its
northern neighbour during the Olympics, for example by having North and
South Korean athletes competing together. An attack or incident involving
North Korea could further destabilise relations and prompt a diplomatic
crisis—particularly in light of recent North Korean nuclear tests. Having a
cyber-safe Olympics is therefore not only in the best interest of South
Korea, but in the interest of us all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180212/f92642a1/attachment.html>

More information about the BreachExchange mailing list