Black Friday is coming. It’s some months away, so put your credit cards back. Christmas ain’t in July, despite the 19th century French opera where the ironic phrase came to be part of our Christmastime culture. Anyway, Black Friday has nearly been taken over by Cyber Monday since the pandemic’s effects vaulted our proclivity for online commerce. When Cyber Monday does come nearer you can bet your nickel that hackers will prepare for it, maybe more so than you, the savvy online shopper.
It doesn’t take an annual, commercial bacchanal to wake up the cyber-criminals. When the entire educational system across the globe was compelled to move into online, remote learning models, you could’ve heard the concert of well-practiced typists, ever on their keyboards, symphonizing the black arts of computing in the dark web. They quickly, adeptly, and successfully figured out how to attack the phenomenon, innocent as it is. Every year when summertime nears and vacations are being planned, so too are the hackers planning about how to leverage the situation rife with unwary travelers, in unusual places, spending inordinately. The Super Bowl brings them out. Sturgis. Elections. Comic-Con. You name it. If there is an event, occasion, or newsworthy spectacle of any degree, you can count on the internet’s scofflaws to attend, unbeknownst to most or all, at least until their wrath has been realized.
During the past few days you’ve been either ensconced in Olympics games, or have been busy avoiding them and any news about them. It should be of no surprise that with such a worldly, weeks-long event that comes only every four (or five) years, Tokyo 2020 is as ripe of a target for hackers as nearly any other. And, it is something that’s happening, so they’re on task no less than any other happening such as those above and countless others.
Digital attacks at the Olympics are inevitable. There’s a special load bearing upon them, most likely, since Russia has been debarred from having its flag represented after the copious doping scandals. Don’t worry. The athletes from Russia are still all in, and doing fairly well by reasonable standards. In the technical sense that are not representing the Russian Federation, the nation-state’s formal name. Rather, they are repping the Russian Olympic Committee, headquartered in Moscow, and seated exclusively by Russiam committee members. It’s a fine line, but we can agree that it’s no more than a slap on the hands by the World Anti-Doping Agency. At least the athletes get to do their thing, and they likely are more focused on their thing than that thing. Back to this thing, the fact that Russia’s hands were slapped, and that they have a very active band of hackers already poised to pounce on world events. The Olympics are being guarded.
The FBI, and other law enforcement bodies, warned that broadcast signals are at risk. Participants’ personal, private information is highly susceptible. The range of ransomware plots seems broad and unknowable. Can you imagine hackers taking control of the highly sensitive and powerful computer systems charged with measuring and reporting on performances in thousandths of seconds? With a few lines of malicious code, last place finishers could be published as having “won” the gold until a ransom is paid and bona fide results are released. British intelligence reported as far back as last October that Russia’s spy agencies were conducting reconnaissance, trying to weasel into systems run by Tokyo Olympics officials and organizers. First, the U.K. investigators had to unveil the Russians from their Chinese and North Korean disguises, by the way.
These are the Russians’ third Olympics, as hackers that is. In 2016 when the doping jig was up, their vengeance was opened in kind. The medical records of Simon Biles and Serena Williams were stolen and exposed. In South Korea, in 2018, the ticketing system succumbed to Russian hackers. Their presence at Tokyo 2020 didn’t come surprisingly.
The problems come from all over, not just Russia. A well reputed industry group published its forecast about the delayed 2020 Olympics and cybersecurity. The Cyber Threat Alliance conducted the threat assessment and shared eye-opening findings. Nation-state actors pose the biggest threats, as described. Russia, North Korea, and China were the expected medal winners, in a twisted sense. Data leaks, ransomware, denial-of-service attacks, and others in the usual roundup of hacker’s strategies were all noted. Also, the CTA forewarned about ticketing systems, now moot, the hundreds of Wi-Fi networks’ vulnerabilities, and Olympics operations networks all becoming likely targets.
The Assessment showed that the geopolitical players were only the start of the threatening actors’ roster. Commercial gains are aplenty as well. Cyber-criminals are well aware that technological savvy cannot be built up to the expert levels that the athleticism demonstrates at the games. Thus, with focus on the games, and security playing only a tangential role, the midway is open and the rubes are seeking easy rewards. This is when they become targets. ATM skimming, where criminals install a card reader atop a legitimate one to simultaneously gather the user’s card data, presents risks. Criminals can setup fake Wi-Fi signals that appear as official ones, then simply watch all the user data pass over the network including financial information, personal identity data, or medical records to easily be plucked from the air. Malicious mobile apps. Disinformation campaigns. The menu seems inexhaustive.
It’s true that without spectators, much of the threat assessments no longer apply. Too bad, cyber-criminals. Still, the games provide fertile ground with the world’s eyes upon them. If you’ve read even a handful of these columns through the years you know that it doesn’t take such a monumental event as the Olympic games to attract the bad guys. Just know that in the background, while you’re rooting on Team USA, the hackers are also rooting around.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
