Medals for Safety? Surviving the Winter Olympics Cyberthreat
The hack on the 2018 Winter Olympics' IT systems underscores just how difficult it is to protect oneself in such an exposed cyber environment.
February 15, 2018 at 10:00 AM
4 minute read
As soon as the 2018 Winter Olympics in Pyeongchang, South Korea, began, they were compromised.
Officials at the International Olympic Committee (IOC) disclosed that the official Winter Olympics website, as well as unspecified systems connected to internet and television services, were compromised by a cyberattack that occurred shortly after the game's opening ceremonies.
Though officials did not name those behind the attack, there have been reports that link the incident to Russian cybercriminals connected to the Russian government, though the government has denied any association with the attack.
But no matter who the perpetrators were, the successful infiltration of the IOC's IT systems underscores the almost unavoidable cyberthreat high-profile events pose for the organizations, athletes and spectators who attend. For all parties involved in such events, the only way to protect against the cyberthreats is to take cautionary preventive measures, and prepare for what many see as inevitable.
Adam Levin, chairman and founder of identity and data protection company IDT911, noted that the Winter Olympics are a coveted target for many cybercriminals given the attention the event garners.
“Obviously, whenever you have something of this stature, when it is a stage for the entire world, there are those who would attack because they wish to make a statement,” he said.
And not only is it an attractive event to attack, but given the nature of the games, one of the most vulnerable and potentially easy to infiltrate. Within the events themselves, “there are just hundreds of thousands of internet-of-things (IoT) devices, monitors, cameras, HVAC systems, and all sorts of communication systems” that are all potential openings to hackers, Levin said.
“Think about all the different IoT devices that are present in any venue,” he added. “Now multiply that by a factor of 100 considering all the types of venues that are in play … and you see there are all sorts of points vulnerabilities hackers can take advantage of.”
Marcus Christian, partner at Mayer Brown, agreed, noting that as mobile devices and more consumer technology come into play, “we have an expanding number of ways in which cyberattackers can actually target an Olympic game.”
But with all these entry points for cybercriminals, how does one protect themselves at an event like the Olympics?
The best defense, Levin said, is to not have any sensitive or confidential data on hand when attending events like the Olympics or traveling to foreign countries. “Obviously carrying a burner device is probably the best avenue.”
But if there is a need to carry “devices you normally use, make sure to get as much of your personally identifiable information (PII) out of it,” Levin added. “Use VPNs, don't not hook into public Wi-Fi, and try to make sure whatever system you are in is a secure system, though depending on the country you're in, their definition of a secure system could be radically different than our definition.”
In addition, Levin also emphasized the need to have “long and strong passwords and two-factor authentication,” to shred “anything that has PII on it after you are done using it,” and not to send “anything that is sensitive by way of email, especially when you're in a foreign country.”
Levin's advice echoed that of the United States Computer Emergency Readiness Team (US-CERT), which put out a notice before the Winter Olympic events reminding “travelers to be aware of cybersecurity risks” at the games.
To be sure, most of the cybersecurity protections organizations, athletes and travelers can implement for the games are preventive. There is little that can be done, after all, once an organization or person's data is compromised.
Christian, for instance, noted that there isn't a “tool kit of legal tools that companies and individuals have after the fact to go after a hacker.”
“When you look at the U.S. athletes who had their medical information stolen in 2016, for example, for them once the information is out, there is not a whole lot they could do,” he added.
So for the now, the best strategy is to take all necessary precautions, and assume the worst.
“You have to make sure that when you return, you are monitoring properly your credit scores, your credit report, and your accounts and scanning for your PPI on the dark web,” Levin said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250