It didn’t take long for the 2018 Winter Olympics to be hacked.
News of the first hack broke shortly after the Opening Ceremonies were majestically unveiled for U.S. viewers the evening of Feb. 9.
What’s worth contemplating for cyber experts who track such threats was that the Winter Olympic Games cyber attack had its origins well before the Pyeongchang Games began.
Even with the Games’ $20 million cybersecurity apparatus— based on its gargantuan $13 billion total operating budget — seeds of the planned attack went undetected for at least several months — as far back as December 2017 and likely before.
The situation is similar to the Equifax cybersecurity meltdown, which also involved months of preparation prior to the actual cyber attack against a seemingly well-prepared and funded company.
The suspected culprit, in this case, a destructive wiper malware dubbed “Olympic Destroyer,” wreaked havoc in a number of ways, led by the crash of the Winter Olympics website, slowing ticket sales as the Games got underway.
The crisis was averted and went largely un-noticed.
Potential to Destroy Data
Luckily, the impact was relatively minor. Left uncontained, the Olympic Games cyber attack reportedly had the potential to destroy mass quantities of data and cause massive computer failures that conceivably could’ve brought the Games to a halt.
Following the opening ceremonies, Atos, the Paris-based IT provider hosting the Olympics’ cloud infrastructure, announced that the hack had been minimal and sufficiently contained.
But according to Cyberscoop, samples of the “Olympic Destroyer” malware indicated the hackers also gained access to large swaths of personal information for Atos’ thousands of on-site employees.
How could that happen?
Common Tactic Used by Criminal Hackers
Most likely the cyberthieves targeted one of Atos’ supply-chain vendors and penetrated systems, a common tactic used by both nation-state and criminal hackers.
As for the hack’s geographic origins, early indications pointed to France (home of Atos) and Romania, where many of Atos’ security team are headquartered. The usual culprits — Russia, China, and North Korea — are also suspected, though, as with virtually all cyber attacks, finding such sites is often impossible to pin down.
For its part, the Russian foreign ministry issued a statement that denied any involvement, claiming in part:
“We know that Western media are planning pseudo-investigations on the theme of ‘Russian fingerprints’ in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea. Of course, no evidence will be reported to the world.”
Meanwhile, cyber-researchers are keeping in mind that:
- The 2018 Winter Games are being staged only 50 miles from the border with North Korea, one of the world’s most belligerent nation-states.
- Technically, North Korea remains at war with South Korea since their 1950-1953 war ended in a truce rather than a peace treaty.
- In the Opening Ceremonies, the teams marched together at an Olympics opening ceremony for the first time since 2006.
Which is among the many reasons the International Olympic Committee (IOC) took out insurance protection estimated at around $800 million to cover a range of calamitous events – ranging from cyber attacks to declaration of war, actual war or acts of war.
Is hacking the next Olympic sport?
- CRN, Feb. 16: “Olympic Solution provider Atos; Cyberattack causes no data leakage, infrastructure damage”
- Gizmodo, Feb. 16: “IT Firm Supporting Pyeongchang Olympics Reportedly Hacked Months Ago”
- New Atlas, Feb. 12, “Olympic Destroyer malware attack on Winter Olympics opening confirmed”
- Insurance Journal, Feb. 9: “North-South Korea Tensions, Cyber Threats Worry Insurers of Olympics”
Be in the know.
Get industry insights on cybersecurity delivered right to your inbox.