For 17 days, the world will be focused on the sporting event of the season, the winter Olympic games due to be held in China from Feb. 4-20. The event will expectedly draw considerable global media attention, but it will also provide a convenient opportunity for various cyber threat actors to conduct attacks against the games’ infrastructure, associated businesses, participants, and visitors. The NTT Corporation, a provider of network security services at the Tokyo Summer Olympics, estimates that around 500 million cyber-attacks might be attempted during the Winter Olympics, which is an increase from 450 million cyber-attacks attempted during the Tokyo Summer Olympic Games in 2021 and more than double seen at the 2012 London Summer Olympics.
The motivation behind most of these cyber-attacks involves financial, ideological, or political reasons, with threat actors spanning from crime syndicates and state-sponsored actors, hacktivists, and opportunistic players. The main state actor players include Russia, which may attempt to compromise the games in response to the ongoing doping ban imposed against Russian athletes, but also Chinese authorities that could use the event to facilitate digital espionage. Potential targets involve athletes and the games’ officials, infrastructure providers in charge of logistics and operations, visitors, and associated businesses. Moreover, China’s restrictive internet policy brings an additional layer of complexity that needs to be considered when visiting or doing business in China.
Threats to Digital and Physical Infrastructure
One of the key prizes for potential cyber attackers would be access to the games’ digital infrastructure that facilitates live broadcasting and systems with low downtime tolerance. The most likely attack channels against these systems include Distributed Denial of Service (DDoS) and ransomware attacks. The attackers could act directly against the organizers or by compromising its vendors and other organizations in the supply chain to gain access.
In circumstances where the number of visitors will be restricted due to the ongoing COVID-19 pandemic, remote and streaming services will have a central role in satisfying the global broadcasting demand, and as such the games’ digital infrastructure will pose a particularly appealing target for threat actors looking to force the organizers to pay significant ransom payments in the case of a successful ransomware attack, or to draw attention of the global audience, should the threat actors happen to be hacktivist or state-sponsored groups. Protecting complex digital systems is particularly challenging due to active efforts by Chinese authorities to disincentivize encryption to allow digital censorship and surveillance. A good example is the blocking of websites that support the HTTPS and TLS 1.3 encrypted web traffic, which as a result considerably increases threats from cyber-attacks.
In addition to disrupting live broadcasting, hacktivist or state-sponsored groups may attempt to interrupt ticketing systems, Wi-Fi networks, and communications, as well as critical infrastructure, including energy, transportation, and other utility services. Any successful cyber-attack would inevitably bring enormous disruption and embarrassment to the games’ organizers. Cyber-criminal syndicates, on the other hand, will be particularly interested in exploiting point-of-sale (POS) systems, compromising the Olympics-affiliated websites, or developing malicious mobile applications to steal customers’ personal and financial information, primarily using social engineering techniques, or exploiting unprotected Wi-Fi networks.
Wi-Fi Networks
Cybercriminals and state-sponsored attackers will almost certainly attempt to exploit unprotected public Wi-Fi networks or establish rogue Wi-Fi access points, set up to mimic legitimate networks to collect personal, financial, or intellectual property information, as the majority of visitors tend to use local Wi-Fi networks to avoid roaming costs. Such practice has been common during previous Olympic events, with popular public spaces and venues like hotels and official spaces being most vulnerable to Wi-Fi-related cyber intrusions. For example, during the 2016 Rio Summer Olympics, Russian operatives used hotel Wi-Fi networks to gain access to digital devices belonging to the World Anti-Doping Agency (WADA) and the US Anti-Doping Agency (USADA) officials, and extract athletes’ confidential medical details.
Cyber-Attacks against Olympic Officials, Athletes, and Sponsoring Businesses
Olympic officials and sponsoring businesses may also become potential victims of cyber-attacks by hacktivists keen to promote their agendas. Previous Olympic events have witnessed attacks against specific sponsor companies in the form of malicious social media campaigns, while Olympic officials have been victims of hacking operations aimed at compromising organizations and individuals closely affiliated with the event. The attacks have been attributed to Russian cyber organizations, as a reaction to the official ban imposed against Russian athletes and sports officials to participate at the Olympic Games in Tokyo and Beijing under the Russian flag for Russia’s role in the 2015 doping scandal.
Considering that the ban is still in place, it is likely that similar attempts will take place at this year’s Winter Olympics. Similarly, the event is taking place amidst a growing tension between the West and China, as well as escalating crisis in Ukraine, involving Russia and the West, which may provoke additional attempts, by both state actors and hacktivists to use the Winter Olympics to compromise ideological and political foes through cyber-attacks.
Digital Espionage and Surveillance
Apart from direct cyber-attacks, Chinese cyberspace poses a unique set of challenges due to its widespread internet censorship and the potential for digital espionage and surveillance. In preparation for the Beijing Winter Olympics, several countries, including the US, UK, Canada, and Australia recommended their athletes to leave personal devices at home for fears that they might be compromised with malicious software, and instead use temporary burner phones and disposable devices. Some countries, such as Australia, are additionally planning to set up their own Wi-Fi networks in designated areas to reduce the threat from espionage and surveillance. Similarly, the US Olympic and Paralympic Committee warned participants and businesses attending the games that “every device and every communication, transaction and online activity will be monitored” and could be compromised with malicious software.
In addition, the University of Toronto’s cybersecurity research laboratory Citizen Lab warned that the games’ official Covid-tracking app, MY2022, requiring mandatory installation by all the participants and visitors, may have encryption weaknesses that could allow cyber threat actors to gain access to passport details, demographic information, medical and travel history, or display false instruction to users after completing a health declaration form.
While Chinese authorities announced that it will allow uncensored internet access to athletes and foreign journalists during the Olympics, access will be given via SIM cards provided by the state-owned China Unicom, opening a window of opportunity for potential espionage and surveillance. In addition, Chinese officials have already issued a blunt warning that athletes could face cancellation of accreditation should they criticize Chinese authorities or political system, including posting comments online and likely other means of digital communication.
Best Practices to Mitigate Cyber Threats
Due to threats from digital espionage and surveillance, it is recommended to avoid taking any personal devices when traveling to China. It is also advised to use disposable phones and sterile digital devices. Although not a common practice, the Chinese authorities have the power to seize or inspect digital devices upon entering the country. Similarly, such devices should not be used upon leaving China, as there is a genuine possibility that the devices have been compromised with malicious software. In addition, security software, such as antivirus and reliable and functioning VPN applications should be installed and used.
Visitors may also consider creating a new email address and browser accounts for exclusive use on their disposable phones and other digital devices to prevent the exposure of their cloud accounts and internet browsers. It is recommended to avoid installing unreliable applications and limit the use of social media and messaging platforms.
Visitors should refrain from using unsecured or unverified Wi-Fi networks to prevent the theft of personal and financial information. Similarly, it should be assumed that every digital communication, including the use of cellular and Wi-Fi networks, may be monitored by the authorities, and users should be careful not to discuss politically sensitive topics, noting that Chinese digital providers have a legal responsibility to censor and assist the authorities in their surveillance efforts.
Crisis24 provides in-depth intelligence, planning, and training, as well as swift and actionable responses to keep your organization ahead of emerging risks. Contact us to learn more.
Author(s)
