The Tokyo 2020 Olympic Games are finally here, after being postponed for a year due to the Covid-19 health crisis. These Olympic Games are expected to be a major technological event in a country known to be on the cutting edge. For several months now the International Olympic Committee (IOC) has been on guard against possible attacks by hackers.
And for a good reason. This kind of sporting event attracts hackers who are vying for access to multiple platforms, thanks to the hyper-connected infrastructure needed to run an event of this size: stadiums, hotels, transportation, video and audio broadcasting system, public WiFi...
Let's review the cybersecurity impact on the world of sports, and more particularly on this year’s edition of the Olympic Games.
Cyber attacks during the Olympic Games – old news?
Unfortunately, the answer to this question is rather quick “No!”
The general public may have missed it, but cyber attacks targeting the Olympic Games are not new.
Atos, the supplier of the Olympic Games' IT equipment since 1992, has listed several billion attacks throughout the Games’ history:
- During the Beijing 2008 Olympic Games there were 12 million attacks per day of which 420 were risky events
- During the London 2012 Olympic Games there were 212 million dishonest connections of which 200 were potentially dangerous
- During the Rio 2016 Olympic Games there were 500 billion cyber attacks
- During the Sochi 2018 Olympic Games there were 200 high risk events
These attacks highlighted security flaws such as unsecured Wifi spots. This was the case with the phishing campaign carried out during the Rio Games (and more recently in the form of a currency conversion application in Spain).
The 4 different types of cyber attacks aimed at sporting events
Attacking sporting events can be very lucrative for hackers whether they are looking for money or personal information. The millions of people present at the event are access points to the organizer's information system. There are several types of attacks frequently used:
The infiltration of sports sites and their information systems
The goal: To shut down event operations
The Seoul Olympic Games in 2018 underwent an attack during the opening ceremony. Indeed, a group of hackers managed to infiltrate the security network of the competition, making it impossible to print a ticket, enter the stadium, or even to check the journalists' badges, with the RFID system out of order. It was only after hours of work and the rebuilding of the central digital system of the Olympic Games that the cyber attack was foiled.
Scams linked to the tickets
The goal: To confuse and steal from attendees
For this kind of attack the hackers are able to utilize phishing to gain access to the personal information of potential buyers who think they are doing business with an honest person. Phishing takes the form of a large email campaign as was the case for the Rio 2016 Olympic Games where the targets were informed that their email address had been drawn and that in order to benefit from their free tickets they had to provide personal information.
Theft and disclosure of athletes' personal data
The goal: To harm the reputation of specific athletes and the nations they represent
It's not just visitors who fall prey to hackers. The personal information of athletes is also lucrative, especially when one wants to damage the image of certain athletes or nations. During the Rio 2016 Olympic Games, a group of Russian hackers intercepted the database of the World Anti-Doping Agency (WADA) and revealed the personal information of three major athletes (Serena Williams, Venus Wiliams, Simon Biles) related to the use of prohibited products.
Theft of personal information of visitors
The goal: To gain unlawful access to event sites and information
A few days before the opening of the Tokyo 2020 Games, the personal data of visitors was published online. The information included passwords and usernames allowing access to the volunteers' websites and to the users’ accounts.
Cybersecurity, a priority for the IOC
But in Tokyo as in Rio, the threat of a cyber attack before or during the Games has been taken very seriously. The official security partner of the Olympic Games, Atos, seems to have things well in hand.
In order to strengthen and facilitate the controls at the entrance of the stadiums, Atos has implemented facial recognition processes of NEC. This biometric recognition system is 99.9% reliable and can recognize a face even if the person is wearing a mask. This represents a historic step forward for the games, which will use it to screen all athletes, volunteers, and organizers.
"We are proud to serve as the International Olympic Committee's official IT partner for the Tokyo 2020 Games and provide a secure environment for all participants. Working with other technology partners, we will implement an innovative accreditation system, linked to facial recognition, that will significantly reduce fraud, errors and waiting time at the various entry points. We are pleased to offer this new solution and to contribute to the design of a secure environment for the Games. This will ensure the spirit and passion of the event," said Patrick Adiba, Director of Olympic Games and Major Events at Atos.
Network equipment, cybersecurity infrastructure, as well as video conferencing software for the event has been entrusted to Cisco.
"We have no doubt that we will be attacked, permanently… There must be no loophole in any possible entry, within the employees, software, ecosystem" explained Laurent Degré, General Manager of Cisco France, quoted by Le Figaro.
Conclusion
In a world in constant technological evolution and where hackers use all possible means to steal your personal information, the security of people and data had to be a top priority during these Olympic Games and all future sporting events. Thanks to the implementation of many security systems used in every part of the event – from the stadiums to the Olympic Village – we find ourselves in front of a real, interconnected smart city that, despite attracting the eyes of many hackers, should remain impenetrable to malicious actors.