Japan's rivals in the Asia-Pacific region will likely target the nation with cyberattacks and disinformation during the coming Summer Olympics to be held in Tokyo this July, according to an assessment published by the Cyber Threat Alliance (CTA) on February 20.
Based on past attacks against the 2018 Olympics in Pyeongchang, South Korea, disruptive cyberattacks and distributed denial-of-service (DDoS) attacks are likely to target the Olympic Games' infrastructure. In addition, attacks on organizations related to the games, such as the World Anti-Doping Agency (WADA), will likely precede the games as well, says Neil Jenkins, chief analytical officer for the CTA.
"The most concerning threats [are] disruptive cyberattacks and disinformation campaigns conducted by nation-state actors from Russia, North Korea, and China," he says, adding that disinformation is a likely tactic as well. "Disinformation campaigns could use targeted data leaks to embarrass officials or participants and spread false narratives."
The threat analysis underscores that the Olympic Games are not just an arena for athletic rivalries between nations. Political tensions also spill over to cyberattacks.
While online attacks were limited to fraud and hacktivism in the 2008, 2010, and 2012 Games, a 40-minute denial-of-service attack did target the Olympic Park's power systems in 2012, with 10 million packets hitting the servers from 90 IP addresses, according to a RAND assessment of the threat to the 2020 Games.
"The Olympic Games are a target-rich environment, drawing athletes from more than 200 nations and worldwide media coverage," RAND stated in its own assessment. "This high visibility makes the games a target for those seeking to cause politically motivated harm, enrich themselves through criminality, or embarrass the host nation on the international stage."
Russian hackers will most likely attack the games, according to Jerry Ray, chief operating officer for enterprise data security firm SecureAge, which has an office in Tokyo. Between land disputes with Japan and its ongoing feud with WADA, Russia has not just the capability but the motivation to disrupt the Olympic Games in Tokyo.
"It's only a matter of time before Russia takes action against WADA again," Ray says. "These attacks will likely come via a combination of data leaks and disinformation aimed at exposing private or medical information on participating athletes and altering it to embarrass other countries or anti-doping officials."
While nation-state rivals are the most serious cyber threat to the Olympics, the chaotic business of hosting the games is a siren call to criminals, according to the assessments. While foreign intelligence services have the highest level of sophistication and impact, criminals are equally sophisticated — and while they may not aim to disrupt the games, their financial schemes could still cause havoc.
"The most likely threats are focused around criminal activity due to the large number of potential victims leveraging online systems to conduct business," CTA's Jenkins says. "Athletes, spectators, sponsors, and officials all must be vigilant and watch out scams, phishing emails, and spoofed websites that use the Olympics as a lure."
The Cyber Threat Alliance warned that threat analysts need to gather a much evidence as possible before attributing attacks. The 2018 Olympic Destroyer attack disabled IT systems and shut down Wi-Fi at the Pyeongchang Winter Olympics, and evidence overwhelmingly pointed to North Korea as the culprit in the attack. However, a few months later, Kaspersky cited its own research to state the telltale markers left behind were actually planted as part of a false-flag operation.
"If these actors were to leverage disruptive cyberattacks or conduct disinformation campaigns, they would do everything possible to make public attribution of their attacks difficult by leveraging false-flag techniques and obscuring their tooling," CTA's Jenkins says.
In a statement on February 20, security firm FireEye has concluded that the Russian intelligence group, GRU Unit 74455, is responsible for the attack on the Pyeongchang Olympics. Also known as Sandworm, the group is thought to be behind attacks on Ukraine's infrastructure and the 2016 US elections.
"In addition to the election interference, Ukraine blackouts, and the NotPetya incidents, we believe the organization was behind an attack on the Pyeongchang Olympics," John Hultquist, senior director of intelligence analysis at FireEye, said in the statement. "Notably, they have not been publicly admonished for their attempt to disrupt the Games, and we are concerned that the actors will target the Games in Tokyo this year."
Japan has prepared for more cyber activity in the run-up to the games. As part of a 2014 law aimed at improving the cybersecurity of its infrastructure, the country created a committee to study security measures that it should undertake. In 2019, the government announced an effort to scan 200 million internet-connected devices for vulnerabilities.
"The best thing the country can do in the short term is to create a countrywide push to educate its citizens and incoming tourists about how to protect themselves and their devices," says SecureAge's Ray. "After all, it's usually the human element that ends up being the weakest link in the cybersecurity chain."
- How Hackers Could Hit Super Bowl LIII
- US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
- For Data Thieves, the World Cup Runneth Over
- 'Olympic Destroyer' Reappears in Attacks on Europe, Russia
- Olympic Destroyer's 'False Flag' Changes the Game
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Tough Questions CEOs Are Asking CISOs."