Olympics Tap Big Data To Enhance Security

Olympics crime fighters are using big data analysis techniques to identify suspicious activity, imminent threats, and unexpected holes that attackers could exploit.
"If someone has NFC turned on, an attacker in close proximity can pick up every signal to gather private information or payment information on an athlete's device," Siciliano wrote in the McAfee blog post. "It is almost like pick pocketing, but they don't even have to touch you."

Even limiting the NFC exchanges to one device, the Samsung Galaxy III, does little to minimize the risk, Siciliano said.

The Android Beam data-transmission protocol and the NFC broadcast ability on which it depends are both enabled by default in Android 4.0 and have no automatic restrictions to keep them from opening malware sites or accepting virus-riddled files when a surreptitious RFID tag or hidden smartphone asks them to, according to Miller.

Nokia's N9 smartphone automatically accepts any NFC connection request, in fact, practically begging hackers to deliver doctored .doc, PDF, or other files that can give hackers root access to the phone.

Security software vendor Kaspersky Labs has warned that phishing scams, DDoS attacks, penetration attempts on Olympic Committee websites, and other examples of cybercrime are almost impossible to prevent, even at a high level of alertness.

Attackers could go after London Olympic Committee servers publishing information about the games or go after internal-network servers running timers and other Olympic logistical systems, according to Kaspersky researcher David Emm.

Hackers could also just set up at Olympic venues with fake Wi-Fi hotspots designed to lure unwary users into divulging private login or other information, he said.

A host of other email scams are also circulating, taking advantage of the high level of interest in the Games to try to slip through the guard of both onsite and remote spectators, according to a warning issued earlier this month by the U.K. Department of Human Services.

It's impossible for any Olympic Committee to completely eliminate security risks, but the British government has "been going to great pains to avoid" the most direct digital threats, not to mention the physical risks, according to Kaspersky's Emm.

However, neither the digital precautions, nor the 3,500 British troops added to the 27,000-person private security staff, delivered security tight enough to prevent even obvious gaffes in physical security.

Directors at Wembley Stadium, where the Olympic soccer competition will be held, had to replace all the locks at the 90,000-seat arena after police lost a set of keys while checking security.

Less ominously but more obviously, the security net was too loose to keep an Indo-British woman from slipping into the parade of nations during the opening ceremonies and march uninvited with the Indian national team. The intrusion by 25-year-old Madhura Nagendra wasn't subtle; the red hoodie and blue jeans she wore clashed obviously with the blazers, saris, and yellow turbans worn by the Indian marchers.

"She was very brazen and walked alongside our flag bearer Sushil Kumar and everybody took her to be an official or something," Indian Olympic Committee official Harpal Singh Bedi told the British Evening Standard.

The Indian delegation is demanding an explanation from the London Organizing Committee.

Nagendra didn't "just walk in off the street," according to Sebastian Lord Coe, chair of the London Olympic Organizing Committee. She was one of hundreds of dancers, actors, and singers performing earlier portions of the opening ceremony who decided to expand her role.

"She shouldn't have been there, but she clearly started in that venue," Coe said at a press conference after the event. "She was a cast member who got slightly over-excited."

Editors' Choice
Robert Lemos, Contributing Writer, Dark Reading
Shikha Kothari, Senior Security Adviser, Eden Data