Just four days in and the 2018 Winter Olympics have already seen their fair share of setbacks. First, there’s the norovirus, which has reportedly infected 194 athletes, then there’s the gale force winds, disrupting and postponing events. But forces of nature aside, the most formidable threat so far has been digital.
According to reports that surfaced over the weekend, hackers have made several attempts at knocking the Pyeongchang, South Korea-based Olympics offline.
First, the 2018 Winter Olympics' official website went down just before Friday’s opening ceremony and stayed down for approximately 12 hours—an eternity in downtime. During that disruption, users couldn’t use the Olympics’ site get information about the games or print tickets. IT systems including display monitors and local WiFi were also affected in a wide-spread outage.
On Sunday, Pyeongchang 2018 spokesperson Sung Baik-you confirmed what everyone was thinking: the outages were not accidental, they were caused by an attack.
"We know the cause of that problem, but those kind of issues occur very frequently during the Olympic Games," said Sung. "We have decided with the IOC that we are not going to reveal the source."
The Usual Suspects
99 percent of the time, when we see a hacking attack against a South Korean target, the first suspect that comes to mind is North Korea. And for good reason. The two Koreas have technically been at war since before the internet was invented, so naturally, there’s been a lot of hacking both ways.
But in light of the almost amicable tone between the two Koreas ahead of the games (the two rival nations came out together during the opening ceremony), it seems counterintuitive that the Kim Jong Un would instruct his army of hackers to target the games, though I wouldn’t put it past him. Kim did, however, let another army loose on the games.
So with North Korea ostensibly out of the picture, what does our suspect list look like? Well, bored teenagers and 400 pound hackers aside, there is one nation with both the capability and the motive to pull off such an attack.
I’m talking, of course, about Russia, who has seen most of its athletes banned from the 2018 Olympics in the wake of a wide-spread doping scandal. Russian hackers have already targeted the IOC and the United States Olympic Committee, so it would be unsurprising if they were behind this attack as well.
What’s more, researchers on Cisco’s Talos team have discovered and studied the malware used in the attack, and they’ve found similarities to previous Russian malware.
While the infection vector for the malware is currently unknown, some techniques used during the initial stages of the attack closely resemble those used in the recent BadRabbit and Nyetya attacks.
For their part, the International Olympics Committee (IOC) has been mum about their investigation into the attack.
At the Sunday press briefing on the attack, IOC head of communications Mark Adams told reporters that the ICO is "making sure our systems are secure, which they are, so discussing details of it is not helpful."
Adams went on to say that the IOC had not yet identified the attacker, but promised a "full report" into the incident, though he would not promise that such a report would be made public.