■ Sponsors in the crosshairs
“The enemy hackers now know who is in charge of Olympic cyberdefense — they’ve seen where we’ve stationed our ranks,” said one concerned security company executive who has been involved in instituting security protections for the Tokyo Olympics.
On June 2, the National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the government’s command center for cybersecurity, announced: “Information on 170 people from 90 organizations who participated in information-sharing training has been leaked due to unauthorized access. The data includes names, job titles and organization names.”
According to security companies and others, a variety of systems used at the Olympics are controlled by computer. A cyberattack on the Games could cause the lights in a competition venue to suddenly turn off, or take tracking systems offline, rendering it impossible to record times. In a worst case scenario, a hacker seeking to sabotage the Games could launch an attack that would make it impossible for competition to continue.
To avoid such a contingency, NISC has been holding countermeasure trainings since 2019 with key service providers, including power companies, telecommunications companies and medical institutions, all of which are indispensable for the Olympics to run smoothly.
So far, upwards of more than 2,000 people from about 600 companies have participated in these training sessions. According to people familiar with the matter, it was data on these participants that was leaked.
An NISC official worried that “an email purporting to come from a person in charge of Olympic cyberdefense could harbor a virus capable of causing major disruptions in operations.”
Cyberattacks to probe system weaknesses may already be underway.
Kazuhiro Nakanishi of Akamai Technologies, a security company that defends against distributed denial-of-service (DDoS) attacks in which large amounts of data are sent to bring down a system, said, “Companies sponsoring the Olympics have been repeatedly attacked, although it’s unclear whether the Tokyo Olympics themselves are the ultimate target.”
■ Wary of Russia
Russia, a sports powerhouse, has been barred from sending a team to the Tokyo Olympics due to organized doping. It faced the same penalty during the 2018 Pyeongchang Winter Olympics. Instead, Russian athletes must participate individually in the Games, as independent athletes.
Against this background, there is widespread wariness that Russia will launch a cyberattack to tarnish the Olympic prestige.
The British government announced in October that the Russian military intelligence agency, known as GRU, had conducted cyber-reconnaissance of the organizing committee and related officials before the Tokyo Olympics were postponed. Moscow has denied any involvement in the attack.
Also in October, the U.S. Justice Department announced that it had indicted six GRU intelligence officers for attacks on the Pyeongchang Games.
During the 2016 Rio de Janeiro Olympics, a cyberattack targeted the World Anti-Doping Agency (WADA), the independent agency that confirmed Russia’s doping scheme. Medical data on participating athletes was leaked in the attack, which WADA said was committed by a Russian group.
Jun Osawa, a senior researcher at the Nakasone Peace Institute and expert on cybersecurity, said: “Russia has been ostracized from the Olympics, and thus has a motive to sabotage them. It also has the capacity to carry out an attack.”
■ Ticketing problems in Pyeongchang
As lightning rods of international attention, the Olympics have attracted several cyberattacks in years past — including some that have disrupted operations.
A virus dubbed the “Olympic Destroyer” infected systems at the 2018 Pyeongchang Winter Games, causing problems that prevented venue tickets from being issued.
At the 2016 Rio de Janeiro Games, in addition to the attack that siphoned athlete data from WADA, fake Wi-Fi hotspots were also set up to nab information from spectators.
Published : July 18, 2021
By : The Japan News / ANN