Hacking the Olympics demands greater attention to connected-device risk

By Erin Ayers on January 15, 2018

Hackers targeted organizations involved in planning next month’s Winter Olympic Games in South Korea, according to recent reports from security researchers, an incident that illustrates the wide reach of cyber risk as connectedness increases.

According to McAfee Labs, the primary targets of the hacking campaign – which involved malicious documents attached to emails – were organizations associated with Olympic ice hockey competition. Other Olympic-related hacks have also been reported — Russian cyberespionage group Fancy Bear released emails stolen from the International Olympic Committee as suspected retaliation over the Russian Federation’s ban from the Pyeongchang Olympics in February.

The targets of the hacking campaign uncovered by McAfee seem more aimed at stealing sensitive information and McAfee did not speculate on attribution for the attack.

“With the upcoming Olympics, we expect to see an increase in cyberattacks using Olympics-related themes. In similar past cases, the victims were targeted for their passwords and financial information. In this case the adversary is targeting the organizations involved in the Winter Olympics by using several techniques to make it more tempting to open the weaponized document,” noted McAfee in an analysis of the hacking attempt. The techniques included making it seem as though the email came from South Korea government bodies including the anti-terrorism agency, as well as requesting that recipients download the “protected” document.

“The attackers appear to be casting a wide net with this campaign,” McAfee said in its analysis.

The possible scenarios associated with hacking the Olympics are limited only by the imaginations of cybercriminals. The Center for Long-term Cybersecurity at University of California at Berkeley issued a report in October 2017 with examples such as hacking into digital displays to incite panic in packed stadiums, or hacking into timing and scoring devices to derail athletes’ outcomes. Other imagined hacks including harnessing smart devices in athletes’ dormitories in the Olympic Village for surveillance.

eayers@advisen.com'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at eayers@advisen.com.