Winter Olympics’ Security on Alert, but Hackers Have a Head Start



Who was doing it and why they were doing it could take several months to figure out. Ryan Sherstobitoff, a senior analyst at McAfee, said the hacks had appeared to be well organized and backed by substantial resources, with “the hallmarks of a nation state.” What that nation state planned to do with the stolen data and its foothold in victims’ machines, Mr. Sherstobitoff said, was still anyone’s guess.

A spokesman for the International Olympic Committee declined to comment on how the organization was addressing the heightened threats.

Security researchers often discuss risks with a level of informed paranoia. Some of their warnings are based on what is possible but has not actually occurred in the real world. On other occasions, their warnings are based on what has already happened, and where those incidents could lead.


Curling mixed doubles matches at the Gangneung Curling Center in Pyeongchang, South Korea, on Thursday, the day before the opening ceremony for the 2018 Winter Olympics.

Hilary Swift for The New York Times

But cyberattacks on international events have become common. The 2015 nuclear negotiations in Geneva and the 2009 climate talks in Copenhagen, for example, were plagued by hackers from various nation states. The Olympics are another alluring target — but with wall-to-wall television coverage.

“The Olympics involve so many countries, and so many sports, many of which have their own infrastructure, that it has become a rich target environment for many adversaries,” said John Hultquist, director of threat intelligence at the security firm FireEye.

He has been tracking the activities of Russian hackers and other groups as they lay the groundwork for attacks on Olympic organizations. In the past few months, Mr. Hultquist said, his team at FireEye has seen several examples of Russian groups tampering with the computers of Olympic-related organizations. The activity is “obviously meant to drag Olympics-related organizations through the mud and discredit them,” he said.

The Russian cyberespionage group known as Fancy Bear, which has been tied to the 2016 hack of the Democratic National Committee and has links to Russia’s main military intelligence unit, has already started posting hacked emails intended to highlight discord among global sports officials and investigators who exposed systemic Russian doping.

Last month, the group posted emails and other documents online from the International Luge Federation, claiming they demonstrated violations of antidoping rules. And earlier in January, the group released hacked emails and documents from the International Olympic Committee, which it advertised as proof “the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world.”

Trend Micro, the Tokyo-based security company, said its researchers had also witnessed Fancy Bear attacks on the International Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, and the International Bobsleigh and Skeleton Federation in the final months of 2017. The attacks occurred while an International Olympic Committee disciplinary panel was preparing bans for dozens of Russian athletes caught doping in the 2014 Winter Olympics in Sochi, Russia.

“The Kremlin has its fingerprints on cyberattacks that were retribution for exposing the Russians’ Sochi games doping scheme, which was a fraud on the purity of sport,” said Doug DePeppe, a founder of Sports ISAO, a nonprofit cybersecurity organization in Colorado Springs. The group is trying to help sports associations, including Olympic organizations, combat threats.

“Their goal is to say, ‘No one is following the rules, and Russia shouldn’t be singled out,’” Mr. DePeppe said.

FireEye, McAfee and other security companies said that over the past few months they had seen attack groups from Russia, and others of unknown origin, dispatch hundreds of “spearphishing” emails, laced with malicious links and attachments, to target Olympic-related groups.

They also have seen the groups set up computer servers under the names of some of their targets and seemingly innocuous organizations like the South Korean Ministry of Forestry. They warn that those activities could be a prelude for a broader Russian campaign.

In 2016, Russian hackers targeted the World Anti-Doping Agency after it recommended that Russian athletes be banned from the 2016 Rio Games because of doping. The personal data of more than 40 athletes was leaked not long after.

The worst-case scenario would be attacks in which hackers tried to shut off lights in a stadium during an event, or perhaps even tampered with electronic timing results, warned Betsy Cooper, the executive director at the Center for Long-Term Cybersecurity at the University of California, Berkeley.

To protect the Olympics, South Korea has mobilized tens of thousands of security personnel, including cybersecurity analysts and 50,000 soldiers, in what has been described as one of the most militarized security forces in Olympic history.

Over the past few weeks, the United States State Department has set up a temporary security monitoring operation on one floor of its embassy in Seoul. Analysts from the State Department, the intelligence community and the Department of Homeland Security are scheduled to arrive there this week.

But an official who was briefed on the State Department-led operation, and who was not allowed to discuss it publicly, worried that the operation was too focused on combating traditional threats like physical attacks on venues.

The State Department did not reply to a request for comment.

Elsewhere in Pyeongchang, an alliance of security personnel from South Korea, various Olympic sponsors, technology suppliers and cybersecurity sleuths from around the world are monitoring computer screens and potential threats at the unmarked Security Command Center.

Each country participating in the Olympics also has its own security delegation on the ground, with those from the United States and Israel among the largest. Those delegations are busy conducting their own threat assessments and receiving daily threat briefings from South Korean law enforcement authorities.

While cybersecurity experts believe the North Korean threat was lessened by the last-minute addition of a North Korean delegation to the Games, they have not ruled out that North Korea may be looking to embarrass its southern neighbor.

“One thing is for certain: We can’t simply rely on these actors to behave themselves in this context,” Mr. Hultquist said. “They’ve proven, again and again, over the past few years that they are not afraid to flout international norms and create chaos.”

Continue reading the main story


Source link


This site uses Akismet to reduce spam. Learn how your comment data is processed.