The Only Gold Russia Can Win at the Winter Olympics Is for Cyber-Hacking

Friday, February 09, 2018

Ross Rustici


Russia has already come out swinging against the IOC and WADA in attempted retaliation for being banned from the 2018 Olympics. Unfortunately, their old tricks appear to be decreasing in effectiveness. Each time Russia leaks information in connection to doping commissions, it garners less news attention and is increasingly being viewed as a failed operation.

Stumbling into the games makes Russia the most unpredictable threat actor vying for the title of “most disruptive to the Olympic games” this year. Other major contenders? Non-state actors and organized crime groups. Absent from this list, despite popular opinion, is who many view as the heavy favorite going into 2018, North Korea.

Likely to win Bronze: Your second runner up this year is likely to be organized crime. In the past decade or so they have made a consistent appearance with fraud and scams going after the visitors to the games. This year has the potential for them to expand their operations into match fixing, due to the increased reliance on electronic measurements to determine winners. This years judging scandal might be centered around a hacked timer rather than judges from Old Europe.

Reaching for the Silver: The safe money is on non-state actors (hacktivists, cyberterrorists, and fame seekers) to be the cause of the largest cyber disruptions to the games. They usually use large global events as a springboard for their agendas and are unusually hard to predict and model because of the relative obscurity of most of these actors. Having the element of surprise, a swashbuckling attitude, and a successful outcome being defined as any disruption, makes these actors the hardest to stop and generally the most prolific.

And the outside contender for Gold: We have the wild card Russia. They have the technical sophistication to out perform these other two groups but the question is - Is their heart really in the competition? The declining effectiveness of doxing, combined with recurring punishments could push the Kremlin to up its game. They have proven a willingness to unleash destructive malware in multiple countries for multiple reasons. Even if they just repackaged the self-propagating principles of the NotPetya attack with the payload concepts of the TV5Monde attack. They have the capability to shut down the broadcast of the games. If they decide that the Olympics is no longer a neutral arbiter of friendly competition but rather a politicized organization dominated by anti-Russian sentiments, Moscow could very well debut a few cyber tricks never before seen.

Who’s not taking home any honors? Noticeably absent from this list is North Korea. Cyber threats from groups linked to North Korea have been in the news practically every month in the run up to the games, so if anyone has a shot of pulling off something spectacular it was this group of well-funded and motivated actors. Fortunately for the South Korean defenders they appear to have withdrawn themselves from contention. Kim Jong Un’s strategy of rapprochement means that if negotiations are going where he wants them to, the DPRK cyber menace is likely in standby mode. South Korea, by sacrificing part of its women’s hockey team, made the overall games significantly safer.

Will South Korea prevent any of these threat groups from gaining the notoriety they seek? The country’s capability to deal with these types of intrusions far exceeds that of Brazil during the 2016 Rio games. From a vulnerability and defensive capabilities standpoint, the overall cyber interruption to the 2018 Winter Olympics should be low compared to previous games.

However, given the onslaught of high caliber tools and exploits released over the last year, the ability of the security teams to keep up with all of the needed patches and other security controls will still be a big challenge for South Korea and will be more difficult than in past years.

Like all good competitions, this one will likely be decided by which groups have focused more on the fundamentals. If South Korea has kept their house in order and focused on the fundamentals of network security, they stand a good chance of surviving the short duration of the Olympic games. If they have focused too much on elaborate concepts and advanced skills at the detriment of those fundamentals, they stand a strong chance of falling short when the real games begin.

About the author: Ross is the Senior Director for Intelligence Services at Cybereason. Before joining Cybereason in 2016, he served as a Technical Lead and Cyber Lead for the United States Department of Defense.

Possibly Related Articles:
Infosec Island Security Awareness Breaches
cyber-attack Olympics Games Pyeongchang nation-state state-sponsored actors
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.