The first time I was exposed to the IT security concerns of the Olympics was in 2003 when a delegation from China visited the US to garner advice on protecting the 2008 Summer Olympics in Beijing. Their concern was primarily with protecting the results data from each event as it was recorded onsite and transmitted back to a central database.
There is a lot riding on Olympic results, not the least being the reports sent to “off-track” betting sites. Even early knowledge of official results would be valuable for certain parties able to make fast wagers, let alone the advantage from corrupting those results, even for a short time.
It seems evident that the most likely motivation behind the infamous hack of the Ericsson cell phone switches belonging to Vodafone Greece during the Summer 2004 Olympics was criminal in nature. That sparsely reported event involved multiple software updates loaded into the switches that eventually turned on the lawful intercept functionality that exists in most telecom switches but is not required in Greece. The first reports of the incident claimed that 104 officials of the International Olympic Committee (IOC), US diplomats, and athletes, had their cell phones tapped. The still unexplained death by hanging of the engineer responsible for the switches leads credence to the assumption of criminal motivation.
The Summer 2008 Olympics in Beijing are famous, not for any attacks on score reports, but for the first cyberwar. The connection was temporal only. While Presidents George W. Bush and Vladimir Vladimirovich Putin sat next to each other in the Olympic stands, Russian tanks poured across the border into South Ossetia, a disputed territory of democratic Georgia in the Caucasus. Simultaneously, massive attacks on government and commercial websites, and backbone connections into Georgia, prevented the Georgian President from communicating to the Western world. If you agree with my definition of cyberwar, the coordinated use of computer network attacks (CNA) with physical armed attacks, the 2010 Summer Olympics are forever linked to the beginning of the age of cyber conflict.
The 2012 Summer Games in London were without major cyber incident. A report in the Washington Times claimed:
“There was a credible [threat of] attack on the electricity infrastructure supporting the Games,” Olympic cyber-security head Oliver Hoare told the British Broadcasting Corp. in the first revelation of such a plot.”
Yet that turned out to be a false alarm. Five other attacks had little or no impact.
The organizers of the Sochi Winter Olympics have IT security concerns on several fronts. Cyber criminals will seek to get access to information that could give them an edge in betting operations. The usual attempts to steal payment transaction information are ever present. The US State Department warns travelers to take precautions to protect their sensitive information.
This Olympics is already drawing more than the usual amount of controversy. Vocal controversy is often the precursor to cyber attacks that can take the form of web defacement with political messages or those of other causes. Russia’s actions against gay athletes and the horror being expressed in Europe and the US are reason alone to expect this type of attack. On top of that, reports that the city of Sochi is exterminating stray dog will certainly raise the ire of animal rights groups.
But by far the greatest threat comes from internal political struggle in the Caucasus. While terrorist attacks outweigh concerns of cyber attack, as they should, the low risk, low cost opportunities available to the same groups raises the possibility of Distributed Denial of Service (DDoS) attacks and defacement.
The US State Department has published an informative guide for US citizens traveling to Sochi. It highlights the terrorist threat and somewhat ironically includes:
“Personal Privacy Note: Travelers should be aware that Russian Federal law permits the monitoring, retention and analysis of all data that traverses Russian communication networks, including internet browsing, e-mail messages, telephone calls, and fax transmissions.”
Reportedly the FSB has stepped up surveillance, ostensibly to discover and deny terrorist actions.
Threats from a group identifying themselves as Anonymous Caucasus have appeared online. They warn:
“We will launch the largest cyber war [that ever was] against the Russian government.”
NATO suffered effective Denial of Service (DoS) attacks during the 1990s conflict in the region from Serbia and Kosovo. Chechen sites have been the targets of DDoS attacks too. With blame being assigned to Russia.
The Sochi Olympics are fraught with danger from many angles. Cyber attacks taking the form of DDoS, defacement, and breaches are to be expected.