In the past few weeks, we’ve seen reports that hackers have been attacking the 2018 Winter Olympics. I don’t doubt that for a second. But I doubt very much that the Olympics are the cybercriminals’ true target.
The big cyber news so far out of Peyongchang has been a spearphishing campaign directed against organizations that are running logistics. McAfee Advanced Threat Research discovered the attack and wrote about it last month.
That campaign, as reported, carries many of the marks of a nation-state cyberattack. Specifically, it appears the attackers researched and identified targets, created emails those people were likely to open and quickly customized an open-source tool that allowed them to hide malicious code in images.
All that suggests the strategy and resources that nation-states typically deploy in their long-term cyber campaigns. And while there are many reasons hackers might want to attack the Olympics, I’d wager the attackers aren’t very much interested in the games themselves. It’s more likely they are using the event as a pathway to something else — something like stealing the digital identities of powerful people, getting access to the networks they use, or spying on their organizations.
Whatever the attackers want, the Olympics are an opportune time to get it. Because when it comes to cybercrime, you don’t get a much more target-rich environment than this.
Think about it. You have a temporary city equipped with all the things that make the world move — transportation, telecommunications, energy, health care, finance. And you have all manner of people — athletes, doctors, dignitaries, heads of state, celebrities, all in the same place.
All those people, and the support staff they bring, are using computers, tablets, smartphones and any number of mobile devices like watches and fitness trackers. And those devices are operating on unfamiliar networks — most likely without the highly customized firewalls and threat-detection tools that would ordinarily protect them.
That opens a window of vulnerability — exactly the kind of opportunity a nation-state hacker needs to execute an attack and advance a long-term campaign.
Given the variety of targets, there are many ways an attacker could go. Compromising an athletic trainer’s computer, for example, could help hackers spy on the universities or hospitals that person works for — or it could lead straight to a trove of medical records. Hacking the fitness trackers of a diplomat’s staff could help unlock their phones and expose sensitive emails, texts and geolocation information.
And the breaches wouldn’t just go away once the closing ceremonies wrap up. So, in that respect, cybersecurity at the Olympics becomes less about what happens during the games and more about what happens afterward.
If I’m running IT in Peyongchang, I’m doing everything I can to segment the networks by function. I’m making sure medical personnel’s data flow is nowhere near retail point of sale, for example. And if I’m a CTO whose organization is sending people to the games, I’m reminding them all that simply being there makes them a target. I’m telling them to look very skeptically at anything that hits their inbox. And, if I haven’t already, I’m moving my company from a system where people still share files over email to one that uses an alternative like a cloud-based app.
Any one of these steps can help thwart the hackers’ spearphishing campaigns. The attackers won’t go away, but they will have to resort to harder, more expensive tactics.
For sure, some of the cybercriminals here are playing a short game. They want to cause chaos, make a political statement, steal money or pilfer data from people who are there simply trying to enjoy one of the world’s great spectacles. But what I’m most concerned about are those who have no interest in the Olympics at all — those who are simply using the event as an easy means to a bigger end.
Mark Orlando is the chief technology officer for cyber services at Raytheon.