Cybersecurity experts say the Games are ripe targets for hackers, whether seeking information or looking to manipulate scoring or lighting. More than 300 Olympics-related systems have already been hit, with many of them compromised.

Share story

The Department of Homeland Security is warning Americans planning to attend the 2018 Winter Olympic Games in Pyeongchang, South Korea, that cybercriminals are likely to be targeting the games.

Officials in South Korea are facing a double threat. At the Olympic Committee’s Security Command Center in an unmarked facility in Pyeongchang, security experts from around the world are monitoring threats from North Korean hackers who have been probing the computer networks that manage South Korean finance, media and critical infrastructure systems for years.

And while some people believe that diplomatic efforts may have eased the North Korean threat to the games, others are bracing for the impact of a hacking campaign by Russian groups retaliating for a ban on Russian athletes. Security companies said these groups had successfully targeted the computer systems of Olympic-related organizations months ago.

Just how those hacks could lead to broader attacks is not clear. But cybersecurity researchers said the Olympic Games — more digitized than ever — are ripe targets for hackers searching for embarrassing information on everyone from athletes to organizers or simply looking to cause trouble by manipulating scoring or lighting systems.

More than 300 Olympics-related computer systems have already been hit, with many of them compromised, the security company McAfee said last month, in what its investigators described as a preliminary hacking campaign. On Friday, the second stage of that attack appeared to be underway, as assailants siphoned data from victims’ machines back to their own computers systems, McAfee’s researchers said.

Who was doing it and why they were doing it could take several months to figure out. Ryan Sherstobitoff, a senior analyst at McAfee, said the hacks had appeared to be well organized and backed by substantial resources, with “the hallmarks of a nation state.” What that nation state planned to do with the stolen data and its foothold in victims’ machines, Sherstobitoff said, was still anyone’s guess.

A spokesman for the International Olympic Committee declined to comment on how the organization was addressing the heightened threats.

Cyberattacks common at events

Security researchers often discuss risks with a level of informed paranoia. Some of their warnings are based on what is possible but has not actually occurred in the real world. On other occasions, their warnings are based on what has already happened, and where those incidents could lead.

But cyberattacks on international events have become common. The 2015 nuclear negotiations in Geneva and the 2009 climate talks in Copenhagen, Denmark, for example, were plagued by hackers from various nation states. The Olympics are another alluring target — but with wall-to-wall television coverage.

“The Olympics involve so many countries, and so many sports, many of which have their own infrastructure, that it has become a rich target environment for many adversaries,” said John Hultquist, director of threat intelligence at the security firm FireEye.

He has been tracking the activities of Russian hackers and other groups as they lay the groundwork for attacks on Olympic organizations. In the past few months, Hultquist said, his team at FireEye has seen several examples of Russian groups tampering with the computers of Olympic-related organizations. The activity is “obviously meant to drag Olympics-related organizations through the mud and discredit them,” he said.

The Russian cyberespionage group known as Fancy Bear, which has been tied to the 2016 hack of the Democratic National Committee and has links to Russia’s main military intelligence unit, has already started posting hacked emails intended to highlight discord among global sports officials and investigators who exposed systemic Russian doping.

Last month, the group posted emails and other documents online from the International Luge Federation, claiming they demonstrated violations of anti-doping rules. And earlier in January, the group released hacked emails and documents from the IOC, which it advertised as proof “the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world.”

Trend Micro, the Tokyo-based security company, said its researchers had also witnessed Fancy Bear attacks on the International Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, and the International Bobsleigh and Skeleton Federation in the final months of 2017. The attacks occurred while an IOC disciplinary panel was preparing bans for dozens of Russian athletes caught doping in the 2014 Winter Olympics in Sochi, Russia.

“The Kremlin has its fingerprints on cyberattacks that were retribution for exposing the Russians’ Sochi Games doping scheme, which was a fraud on the purity of sport,” said Doug DePeppe, a founder of Sports ISAO, a nonprofit cybersecurity organization in Colorado Springs, Colorado. The group is trying to help sports associations, including Olympic organizations, combat threats.

“Their goal is to say, ‘No one is following the rules, and Russia shouldn’t be singled out,’ ” DePeppe said.

FireEye, McAfee and other security companies said that over the past few months they had seen attack groups from Russia, and others of unknown origin, dispatch hundreds of “spearphishing” emails, laced with malicious links and attachments, to target Olympic-related groups.

They also have seen the groups set up computer servers under the names of some of their targets and seemingly innocuous organizations like the South Korean Ministry of Forestry. They warn that those activities could be a prelude for a broader Russian campaign.

In 2016, Russian hackers targeted the World Anti-Doping Agency after it recommended that Russian athletes be banned from the 2016 Rio Games because of doping. The personal data of more than 40 athletes was leaked not long after.

Fears of tampering with lights or results

The worst-case scenario would be attacks in which hackers tried to shut off lights in a stadium during an event, or perhaps even tampered with electronic timing results, warned Betsy Cooper, the executive director at the Center for Long-Term Cybersecurity at the University of California, Berkeley.

To protect the Olympics, South Korea has mobilized tens of thousands of security personnel, including cybersecurity analysts and 50,000 soldiers, in what has been described as one of the most militarized security forces in Olympic history.

Over the past few weeks, the U.S. State Department has set up a temporary security monitoring operation on one floor of its embassy in Seoul. Analysts from the State Department, the intelligence community and the Department of Homeland Security are scheduled to arrive there this week.

But an official who was briefed on the State Department-led operation, and who was not allowed to discuss it publicly, worried that the operation was too focused on combating traditional threats like physical attacks on Olympic venues.

The State Department did not reply to a request for comment.

Elsewhere in Pyeongchang, an alliance of security personnel from South Korea, various Olympic sponsors, technology suppliers and cybersecurity sleuths from around the world are monitoring computer screens and potential threats at the unmarked Security Command Center.

Each country participating in the Olympics also has its own security delegation on the ground, with those from the United States and Israel among the largest. Those delegations are busy conducting their own threat assessments and receiving daily threat briefings from South Korean law enforcement authorities.

While cybersecurity experts believe the North Korean threat was lessened by the last-minute addition of a North Korean delegation to the games, they have not ruled out that North Korea may be looking to embarrass its southern neighbor.

“One thing is for certain: We can’t simply rely on these actors to behave themselves in this context,” Hultquist said. “They’ve proven, again and again, over the past few years that they are not afraid to flout international norms and create chaos.”