Hacking threats loom over 2018 Olympics
Nation-state and criminal hackers are targeting the Winter Olympics at a rapidly increasing rate, raising fears of phishing scams, hacks and other disruptive attacks.
Organizations are cracking down on security and experts are warning those attending the games set to begin in Pyeongchang, South Korea, on Feb. 9 to be on high alert.
Experts are observing an uptick in phishing attacks orchestrated by run-of-the-mill cyber criminals that use the games as a hook to draw attendees and other would-be victims into scams.
“It’s growing at an exponential rate,” said Paul Martini, CEO of network security company iboss. “The accessibility to technology to enable criminal activity is just easier and easier.”
The Department of Homeland Security issued an alert Thursday warning travelers to the Olympics that cyber criminals could attempt to steal personally identifiable information or users’ credentials to profit financially.
“There is also the possibility that mobile or other communications will be monitored,” the alert said.
Additionally, there has been an increase in attempted attacks around the 2018 games themselves, some targeting participating organizations and sponsors and others within the infrastructure of the games.
“Behind the scenes, there’s a significant increase in attacks around Olympic supporting systems and the games themselves,” Mark Nunnikhoven, vice president of cloud research at Trend Micro, told The Hill.
Researchers at McAfee say they have identified a cyber operation that appears to be targeting South Korean organizations associated with the Olympics with spyware.
Hacks targeting organizations involved in the games have been increasingly drawn into the spotlight as a result of the activity of “Fancy Bear,” a cyber espionage group widely believed to be linked to the Russian government.
In 2016, the group released sensitive data on Olympic athletes pilfered from the World Anti-Doping Agency (WADA) after the organization recommended Russian athletes be barred from the Rio games when an investigation uncovered evidence Moscow was running a state-sponsored doping program.
There are signs that Fancy Bear, also known as APT28, is again ramping up attacks on Olympic organizations ahead of the 2018 games, from which Russia has been barred as a result of the doping allegations.
Earlier this month, a group calling themselves “Fancy Bears’ Hack Team” released purported hacked emails and documents from the International Olympic Committee and later the International Luge Federation. Cybersecurity experts believe the group is a so-called “faketivist” hacking persona associated with Fancy Bear.
Meanwhile, experts at Trend Micro identified several Olympics sport organizations among the cyber group’s targets in the second half of last year, including the Luge Federation and the European Ice Hockey Federation.
ThreatConnect, another cyber firm, has also discovered spoofed domains imitating WADA, the U.S. Anti-Doping Agency and the Olympic Council of Asia that have hallmarks of prior Fancy Bear operations.
Kyle Ehmke, a senior intelligence researcher at ThreatConnect, warned that any organizations with loose ties to anti-doping organizations or Olympics institutions should take pre-emptive steps to defend against a possible cyberattack.
“The organizations that are either related to the Olympics or related to the anti-doping organizations, they need to be cognizant of the threat posed by Fancy Bear,” Ehmke said in an interview with The Hill.
“I will say in the last two months, we’ve seen a significant increase in the number of domains that are being registered through these servers that we know Fancy Bear uses,” Ehmke said. “We’ve certainly seen an uptick — I would say since December, which would be consistent with the timing in which Russia was banned from the Olympics.”
The developments have put Olympics organizations on alert, driving them to allocate more resources and attention to cybersecurity.
Travis Tygart, CEO of the U.S. Anti-Doping Agency, said that his organization has seen an uptick in cyber threat activity as the 2018 games have approached.
“We’ve gotten indications of some efforts, spoofing and phishing efforts over the last couple of months,” Tygart said.
“We’re fools not to think it’s not the highest of all threats,” he said. “The importance of protecting our athletes, it’s the top of our list.”
A WADA spokesperson told The Hill in a statement that the organization is “constantly monitoring and strengthening” its cyber defenses and has made several improvements in recent months.
When it comes to cyberattacks directly targeting the digital infrastructure of the games themselves — such as attacks that go after time clocks — the likelihood of actual compromise is very low given the high attention to security preparations, said Nunnikhoven.
“The probability of the games being attacked is about 100 percent,” Nunnikhoven said. “They’re a very high target but the team is very well prepared.”
A spokesperson for the International Olympic Committee told The Hill in a statement that cybersecurity has long been a “top priority” at the games, but refused to disclose details of the steps the organization is taking to secure digital systems.