author photo
By Bruce Sussman
Wed | Feb 19, 2020 | 10:33 AM PST

The 2020 Summer Olympic Games in Tokyo, Japan, are coming up fast.

Athletes have been preparing for years to stand out at the pinnacle of sporting events.

And a new threat assessment says hackers are also preparing to leave their mark on the Olympic Games.

7 potential hacking targets at the 2020 Summer Olympics

A coalition of cybersecurity industry voices known as the Cyber Threat Alliance (CTA) just issued its 2020 Summer Olympics Threat Assessment.

Nation-state backed hackers pose the greatest threats, and we'll detail the top players in a moment. But according to the report, the Olympics provide a golden opportunity for hackers to get noticed on a worldwide stage.

"Opportunistic hacktivists may perceive the Olympics to be an effective platform through which to advance their causes given the event’s media coverage and global interest. Any nefarious social media campaign or related threat activity is likely to garner much more publicity than a similar operation carried out during a lower-profile event."

After all, if you're doing the crime, why not get the most exposure possible?

Here are seven specific hacking targets the Cyber Threat Alliance detailed in its assessment:

  1. Athletes from around the world: This could include data leaks to embarrass well-known athletes or to compromise the access they have to other team related logins and sites.
  2. Anti-doping agencies and experts. See "Like a Spy Movie: How Russia Hacked Its Olympic Enemies" for a fascinating read on how this happened as part of the 2016 Olympic Games.
  3. Operations, logistics, and infrastructure providers: Can you imagine turning off the lights during an indoor competition?
    "By shutting down ticketing systems, Wi-Fi networks, or communications and broadcast operations, as threat actors did during the 2018 Winter Olympics, adversaries could easily disrupt viewers' ability to watch the games both in-person and globally."
  4. Point-of-Sale (POS) systems: Hackers can successfully install malware to grab credit card information from well-healed customers around the globe who visit the games. 
  5. Tourists and spectators: Many people do not practice good cybersecurity habits (hygiene), and they will likely connect to unsecured Wi-Fi networks, which have been used to perform Olympics related espionage. Many tourists will use public Wi-Fi to avoid data overage charges while traveling to a foreign country.
  6. Japanese officials: The threat assessment says high-ranking government officials and those involved in the event's cybersecurity are particularly attractive targets for hackers.
  7. Olympic sponsors and associated partners: Hacktivists might be the most likely to target this group, according to the threat assessment. This includes the possibility of various disruptions, suggestions of boycott, etc.

Top nation-state hacker threats to the 2020 Olympics

The 2020 Summer Olympics Threat Assessment focuses in on something we've reported on previously: political tensions often lead to cyberattacks. Read "Trump and Kim: Magnets for Malware Attacks" for what we've seen in the past.

And in the case of the summer games, the CTA's threat analysis sums up the threat like this:

"Japan is at the center of several regional conflicts, and its role as
Olympics host is likely to make the country a target for longtime foes looking to embarrass Tokyo on the world stage."

Here are three nation-states that might hack the 2020 Olympics because of tensions with Japan and a desire to embarrass the host country.

Russia as a hacking threat to the 2020 Olympics

From the report:

"We assess that Russia poses the most significant threat to the Tokyo Games and affiliated entities based on APT28's prior Olympics-related threat activity and [World Anti-Doping Agency] WADA's most recent anti-doping penalties levied against Moscow.

In December 2019, WADA banned Russia from competing in international sporting events for four years for manipulating laboratory data handed over to investigators in January 2019. As part of the sanctions, the Russian anthem will not be allowed at the 2020 Olympics and Russian athletes will have to compete under a neutral flag."

The Russians are mad and they were mad in 2016, which is why they Hacked Olympics Anti-Doping Officials Like a Spy Movie.

North Korea as Olympics hacking threat

"North Korean state-sponsored cyber actors pose a possible threat to the Games based on their hostile relationship with Japan and
demonstrated ability to conduct highly sophisticated and targeted operations.

Tense North Korea-Japan relations, driven by both pre- and post-World War II disputes, heighten Tokyo's threat environment leading up to the 2020 Olympics."

China as Olympics hacking threat

"Chinese state-sponsored cyber actors also pose a threat to the Games based on their known history of targeting Japanese companies, highly sophisticated cyber capabilities, and tense China-Japan relations.

Several China-linked groups are known to routinely carry out operations against Japanese entities, indicating that Japan is a top target for China sponsored cyber threat actors. APT10, in particular, has been publicly blamed by multiple countries for such activity."

The world will be watching the Summer Olympics this year in Japan, but there will be another competition playing out: hackers versus the cybersecurity professionals trying to keep them out.

[Read it for yourself: Cyber Threat Alliance 2020 Summer Olympics Threat Assessment]

Comments