During the 2018 Winter Olympics taking place in Seoul, South Korea, a cyber attack took down Wi-Fi connections, internet-linked television monitors, electronic access to security gates, and digital ticketing. The Wi-Fi was especially troubling as the Olympic’s phone app, which contained information such as maps, schedules, and reservations, meant for both fans and athletes suddenly was rendered useless without access. The South Korean cybersecurity team did a magnificent job of sequestering their network from the rest of the intranet, but in the end, investigators determined the “how” part of the equation – a worm (which is a self-replicating type of malware that bounces from server to server as it goes through computers to other computers).
Cyber Attack in 2018 Olympics
Worms are a great way to instigate denial of server attacks as they overload system resources and stop necessary functions of the servers, spreading quickly before defenders start to notice or mitigate. This attack was named Olympic Destroyer. While the “how” part of the puzzle was understood quickly, the “who” was not clear.
Hackers use different tunneling and masking techniques to make it very difficult and nearly impossible to find the geographic point of the attacker. Thus, forensic experts must rely on malware signatures, threat intelligence, and political motivations to determine the source and goals of the hack.
In the case of Olympic Destroyer, understanding the motives of the attacker became a puzzle in and of itself. The incident appeared to be one of hacktivism and not instigated for profit. North Korea was the obvious choice as it has been the nemesis of Seoul for roughly 75 years. China was another suspect due to different philosophies, and then there is Russia; because… well Russia likes to meddle in just about anything that could directly or indirectly affect its power and influence in the world.
Without getting into the forensics (which is even beyond me as explained), it was determined by many experts that a Russian group was behind the attack, however, they had done everything in their power to make it look like North Korea or China was responsible, otherwise known as a ‘false flag’ operation. The motive behind this specific false flag was possibly the fallout from Russia being banned from the Seoul Olympics due to doping allegations or simply because they are from Russia… and like to meddle and provoke chaos.
The Cybercrime Threat
Why is this type of attack a concern in the 2024 Summer Games? Financially based cybercrime is a threat to anyone at any time and is obviously troubling to anyone defending a cyber-network. However, as I have discussed before and learned from informed sources such as The Hacker News, hacktivism/cyber terrorism is on the rise and has become an effective part of an instrument of power in nation-state conflicts. From exposing sensitive information to misinformation to stopping information from flowing to the intended receiver, the damage the attack could do even at a strategic level is immense.
Why Paris 2024 is Vulnerable
The potential of false flag operations in hacktivism just increases its paradoxical complexity. France recently made it clear that they have unwavering support for Ukraine, while North Korea and China see French alliances with the West as a threat. You just add the fact that France is split as to the sides taken in the Israel-Palestinian conflict and they have become lukewarm in collaborating with Iran due to human rights violations. It sounds like a recipe for disaster. Another daunting sign of things to come is the X account of the French Sports Minister was recently hacked.
According to Olympic officials, they have 500 event locations to cover both physically and electronically. France has enlisted the help of mega tech giants Eviden and Cisco to increase their readiness posture and undoubtedly has been working with allies in garnering support from them.
The organizers of the 2021 Tokyo Games stated that there were over 400,000 attempted security events during preparation and the Games themselves. It is inevitable and attempts will occur. However, if they can be prevented or even correctly attributed is another matter entirely.
