Researchers warn about possible cyberthreats to Tokyo Olympics
WASHINGTON — Amid a rise in cyberattacks and ransomware incidents, security experts are looking out for digital threats to the Olympic Games, scheduled to start next week in Tokyo.
Because major geopolitical events are a prime opportunity for global attention, it’s possible Tokyo will be in the sights of malicious actors hoping to disrupt the proceedings or make money, according to cybersecurity experts.
“This is an opportunity to operate on a world stage,” said O’Shea Bowens, the founder and CEO of cybersecurity firm Null Hat Security, during an interview with Yahoo News.
The Japanese Olympic Committee identified cybersecurity as a priority in planning the event, and it’s likely that international representatives, including from the U.S. government, will be present to advise it on preventing and responding to threats. However, it’s impossible to guarantee nothing will go wrong.
This wouldn't be the first time the Olympics have been targeted. The British government in 2020 accused Russia’s military intelligence service, the GRU, of targeting organizations involved in planning and hosting that year’s Games. The 2020 Olympics were ultimately postponed due to the coronavirus pandemic, but the digital access may give the Russians the opportunity to interfere with them.
Cybersecurity experts say Russian or other potential hackers could do any number of things to interfere with the Olympics, which hold a significant symbolic value for countries. Those actions include stealing information, leaking or spreading damaging or false information, and actively disrupting organizers or live broadcasts.
In its statement, the U.K. pointed a finger at the same GRU unit for attempts to disrupt the 2018 Winter Olympics in South Korea, attempts it concluded were intended to disguise Russian hackers as North Korean, “wipe data” and cause damage — but ultimately were largely unsuccessful.
According to new research from the cybersecurity firm Recorded Future, the “high profile and international nature” of the Olympics make it a prime target for “those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation.” A copy of the firm’s new report on digital threats to the Tokyo Olympics was provided to Yahoo News.
The researchers point at the Kremlin as a likely perpetrator, given grievances over the exclusion of Russian athletes from the Games due to illegal doping. The authors make it clear, however, that they have not yet identified “any direct threats, planned attacks, or cyber operations against the Tokyo Olympic Games.”
John Hultquist, vice president of analysis at the cyberintelligence firm FireEye’s Mandiant Threat Intelligence, agrees that the “No. 1 concern for the Olympics is disruption by the GRU.”
Mandiant tracks digital threats, including potential nation-state hacks, to major events like the Olympics. “We do believe they were going after resources associated with Tokyo,” Hultquist said during an interview.
According to Hultquist, it’s possible the coronavirus pandemic or ongoing posturing from the Biden administration might change Moscow’s calculus about targeting the Olympics, but the Games could still prove tempting. “I don’t think it’s guaranteed, but we can’t rule it out,” he said.
Jonathan Condra, the director of strategic and persistent threats at Recorded Future, agreed. “The grievances between Russia and the Olympic Committee are long-standing and haven’t been resolved,” said Condra, who led the company’s report on the threats to this year’s Games. “There’s still motivation there to engage in some kind of disruptive activity.”
The Cyber Threat Alliance, a group of cybersecurity experts from across the industry, published a report on threats to the Olympics that identified nation-state actors as the likeliest culprits for cyberattacks on the Games “based on their sophisticated capabilities and past operations.”
Other cybersecurity experts have speculated that the lack of international spectators might reduce the impact of any operations and lead the GRU to sit this one out.
For Juliet Okafor, the CEO of cybersecurity firm Revolution Cyber, which advises international clients including the United Nations on defending large events, the Olympics are vulnerable to “reputational risk at all levels.”
“Any hack that would happen at the Olympics would be about making a statement, damaging the pageantry of the overall event, damaging the reputation of Japan itself,” she said during a phone interview.
Beyond the threat posed by Russia, Okafor suggested she is worried about disinformation campaigns on social media to cast doubt on the legitimacy or safety of the Games, and about theft of data from athletes to potentially leak and damage their reputations. The Olympics are “a great place to collect data,” she continued, which might be helpful to a country hoping to make a bid to host the Games in the future or pilfer information about visiting athletes and politicians.
Condra, the lead researcher on the Recorded Future report, agreed that the threat of disinformation and misinformation is a serious one for the Olympics, though he suggested the primary target might be the Japanese people. Hundreds of thousands of Japanese people have signed petitions hoping to put a permanent halt to the Olympics amid the pandemic and gaps in access to vaccines, while the country's leaders have gone ahead with plans.
“Given how unpopular the Olympics are in Japan, we’re likely to see a ramp up in those types of campaigns aimed at the Japanese populace in particular,” Condra said.
And given that the Chinese and Russian governments might have an interest in undermining the Japanese government, disinformation operations might be an easy, low-cost way to do that, he maintained.
The Olympics also might be a convenient target for criminals hoping to make money, researchers suggest. While not every expert agreed that a big event like the Olympics would be on the radar of opportunistic cybercriminals, Condra noted that his team identified two dark web marketplaces where data connected to the Games is being sold.
According to the Recorded Future report, “ransomware likely poses the greatest cybercriminal threat to the Olympics-nexus organizations,” though researchers noted not seeing specific “chatter” about targeting the Olympics on criminal forums.
Regardless, for criminals hoping to get a big payday, disrupting broadcast networks or other similar targets in the middle of the Games might encourage victims to pay up.
Recently, newspapers in Japan revealed that the Japanese Olympic Committee was the target of ransomware back in April 2020. Given the availability of ransomware tools for purchase and the vulnerability of networks as people work from home during the coronavirus pandemic, the rate of ransomware attacks has exploded in recent years.
Additionally, Recorded Future researchers identified a number of website URLs that appeared to mimic Tokyo Olympics sites in an effort to trick people into logging on and giving up personal information.
“That’s a bigger worry, because the average person, unfortunately, falls for it,” said Bowens of Null Hat Security. “If you didn’t enter into a lottery for tickets to the Olympics, if it seems too good to be true, it probably is.”
____
Read more from Yahoo News: