From his office on the upper floor of the Paris Olympic Organizing Committee headquarters, Franz Regl has no doubts about what's to come.
“We will be attacked,” said Regre, who heads the team responsible for preventing cyber threats at this year's Paris Summer Games.
Every company and government around the world now has a team like Mr. Regre's, operating out of a modest room with dozens of computer servers and screens with indicator lights to warn of hacking attacks. . The Paris operations center even has red lights to alert staff to the most serious dangers.
Regulu said there have been no serious disruptions so far. But he knows that as the months leading up to the Olympics reduce to weeks, then days, then hours, the number of hacking attempts and level of risk will increase exponentially. But unlike businesses and governments that plan for possible attacks, Regulu said they know exactly when the worst will happen.
“There aren't many organizations that can say they're going to be attacked in July and August,” he said.
Concerns over safety at major events like the Olympics have typically focused on physical threats such as terrorist attacks. However, as technology plays an increasing role in the development of the Olympic Games, Olympic organizers increasingly see cyber-attacks as a more permanent danger.
The threats are wide-ranging. Experts say hacker groups and countries like Russia, China, North Korea and Iran are now hacking not just computers and Wi-Fi networks, but also digital ticketing systems, credential scanners and even event timing systems. It is said that they are carrying out sophisticated operations that can nullify it.
Fears of hacking attacks are not just hypothetical. A successful attack at the 2018 Winter Olympics in Pyeongchang, South Korea, nearly led to the Games being derailed before they even started.
The cyberattack began on a frigid night as fans arrived for the opening ceremony. All the signs that something was wrong came all at once. His Wi-Fi network, an essential tool for sending photos and news reports, suddenly went down. At the same time, the official Olympic smartphone app that stored fans' tickets and important traffic information stopped working, preventing some fans from entering the stadium. Broadcast drones were grounded, and internet-connected televisions that were supposed to broadcast footage of the ceremony throughout the venue were turned off.
But the ceremony took place, and so did the Olympics. Dozens of cybersecurity personnel worked through the night to repel the attack and fix the glitches, but by the morning after the first incident began, there was little sign that disaster had been averted.
Since then, threats to the Olympics have only increased. The cybersecurity team for the last Summer Olympics, held in Tokyo in 2021, reported facing 450 million “security event” attempts. Regre said Paris is expected to face eight to 12 times that number.
Perhaps to indicate the scale of the threat, Paris 2024 cybersecurity officials are liberal with military terminology. They describe “war games” aimed at testing the system with experts and mention feedback from “Korean veterans” that has been incorporated into the evolving defense.
Experts believe that a variety of actors are behind most cyberattacks, including criminals seeking to keep data in exchange for a high ransom, and protesters seeking to highlight a particular cause. This includes activity participants. However, most experts agree that only nation-states have the capacity to carry out the largest attacks.
The 2018 Pyeongchang attack was initially blamed on South Korea's hostile neighbor, North Korea. However, experts, including those from the US and UK government agencies, later concluded that the real culprit (now widely accepted to be Russia) had deliberately used techniques to shift the blame onto someone else. .
Russia remains the main focus this year.
Following Russia's 2022 invasion of Ukraine, the Russian team was banned from competing in the Olympics, but a small group of individual Russians will be allowed to compete as neutral athletes. Relations between France and Russia have deteriorated so much that President Emmanuel Macron recently accused Russia of trying to undermine the Olympics through a disinformation campaign.
The International Olympic Committee has also condemned attempts by Russian organizations to damage the Olympics. In November, the IOC issued an unusual statement saying it had been the target of defamatory “fake news posts” after a documentary featuring an AI-generated voiceover impersonating actor Tom Cruise was released on YouTube. .
Later, another post on Telegram, an encrypted messaging and content platform, imitated a fake news item broadcast by the French network Canal Plus, in which the IOC banned the Israeli-Palestinian team from the Paris Olympics. They gave false information that they were planning to lock them out.
Earlier this year, Russian pranksters pretending to be senior African officials successfully placed a phone call to IOC President Thomas Bach. The call was recorded and made public earlier this month. Russia used Bach's comments to accuse Olympic officials of being involved in a “conspiracy” to keep its team out of the Olympics.
In 2019, Russian state hackers attacked the computer networks of at least 16 domestic and international sports organizations and anti-doping organizations, according to Microsoft. Among them was the World Anti-Doping Agency, which at the time was ready to announce state-related penalties against Russia. Supporting doping programs.
Three years ago, Russia targeted anti-doping officials at the Rio de Janeiro Summer Olympics. According to an indictment filed by the U.S. Department of Justice against several Russian military agents, the operatives in the case spoofed a hotel Wi-Fi network used by Brazilian anti-doping authorities and used the organization's electronic Successfully infiltrated email networks and databases.
Ciaran Martin, the first chief executive of Britain's National Cyber Security Center, said Russia's past actions made it the “most obvious disruptive threat” at the Paris Games. He said potential target areas include event scheduling, public broadcasting, and ticketing systems.
“Imagine if all the players arrived on time, but the iPhone scanning system at the gate went down,” said Martin, now a professor at Oxford University's Blavatnik School of Government.
“Do we do it with a half-empty stadium or postpone it?” he added. “Even if you're put in a position where you have to delay a game or have a world-class athlete perform in front of a half-empty stadium at the biggest event of their lives, that's a complete failure.””
Regre, Paris' cybersecurity chief, declined to speculate on specific countries that might target this summer's Olympics. But he said organizers were preparing to counter country-specific methods that posed a “potent cyber threat.”
This year, Paris organizers are working with partners such as the IOC and the Games' official technology partner Athos to conduct so-called “wargames” to prepare for attacks. In these exercises, so-called ethical hackers are hired to attack systems set up for the tournament, and “bug bounties” are offered to those who discover vulnerabilities.
Hackers have previously targeted sports organizations with malicious emails, fictitious characters, stolen passwords, and malware. Since last year, new employees at the Paris organizing committee have been trained to spot phishing scams.
“Not everyone is a good person,” Regles said.
In at least one case, convention staff paid a bill into an account after receiving an email impersonating another committee official. Cybersecurity staff members also discovered an email on his account that attempted to impersonate an account assigned to Tony Estanguet, director of the Paris 2024 Games.
Millions more attempts will be made. Martin, a former British cybersecurity official, said cyberattacks are generally “weapons of mass stimulation, not weapons of mass destruction”.
“At worst, they became weapons of mass destruction,” he said.
