London Olympics Vulnerable to Cyber Attacks
As athletes compete for Olympic gold, a different group will seek international recognition — online hackers.
Olympic security officials are bracing for an onslaught of cyber assaults that could easily surpass the 12 million attacks a day, or 500,000 an hour, that were logged during the Beijing Olympics four years ago.
“From the hacker’s perspective, this is the mother of all opportunities,” said Larry Ponemon, president of the Ponemon Institute, an Internet think tank.
The London Olympics is particularly vulnerable because it will be the most technologically interconnected, social media-driven event yet, security analysts said.
“The difference from four years ago is that there are lots more people using the Internet, especially through their mobile phones,” said Gary McGraw, chief technology officer of Virginia software security consulting firm Cigital Inc.
The threats could range from hackers trying to put up a message on a scoreboard to more nefarious attempts to disrupt the games by knocking out London’s electricity grid.
“If you had the ability to turn off an event, or just turn off the lights, and make people feel uncomfortable or unsafe, that would make quite a powerful statement,” Ponemon said.
Officials Bracing for the Worst
London security officials say they are well prepared. More than 3,500 information technology engineers and technicians have been assigned to monitor the Games’ computer systems and networks. Atos, the IT company that is overseeing computer security for the Olympics, is monitoring more than 11,000 computers and servers from a “deployment center.”
“We know that cyber attacks are a rapidly growing threat,” a British Cabinet Office spokesman said. “The high profile of the Games means that it is a potential target, and we are putting in place measures to help protect against such threats.”
Experts say many of the cyber attacks could come from rogue “hacker activist groups, such as Anonymous and Lulz Security, or LulzSec, whose goals are to draw attention to their political causes.
Such groups might try to take over Olympics-related websites to post political messages or tamper with the events themselves.
“The Olympics people are going to be putting out lots of scores and stories through the Web. So if you’re a cyber-activist, that would make a really good target,” McGraw of Cigital said. “Imagine if you could take the scoreboard and make it say, ‘Go Iran!’ ”
Other threats could come from cyber terrorists. A sophisticated attack could cause havoc for those attending the games by cutting off their access to information about public transportation or taking out all the ATMs at once, said Stan Stahl, president of the Los Angeles chapter of the Information Systems Security Association.
“The worst would be to have a physical attack at the same time as the cyber attack,” Stahl said, noting that such a situation was unlikely.
Despite the visibility of the games, there’s not much incentive for a cyber criminal group to attempt something as destructive as taking down a utility, some experts said.
“There are people who would like to do it,” said Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit research group. “But the likelihood that someone with that intention would be able to put together a team sophisticated enough to pull that off, I think, is pretty small.”
The Olympics is not the best target for criminals looking to make money, McGraw said. “It would be much better to go after the banks, unless you wanted to get a lot of publicity,” he said. “And it turns out most cyber criminals don’t want publicity.”
Spectators at the events are also at risk from malware that steals personal data from their computers and smartphones. This was more of a concern during the Beijing Games, Borg said, but it will still be a danger in London even though there are more cyber security protections now than four years ago.
People will also be at risk of phishing attacks from fake sites purporting to sell tickets for the events. Watch out for scams on social media sites such as Facebook, Stahl said.
Those personal threats, from what Stahl describes as the “pickpockets” of cyber crime, may be the most prevalent during the Games. The institutional protections against those small, individual attacks may not be as strong, and Stahl said it’s up to the Olympic fans to protect themselves.
“It’s the cyber equivalent of when we say not to go down a dark alley at night,” Stahl said.
Source: MCT Information Services