Olympic Games in Rio, London or Beijing were targeted million of times on a daily basis with cyberattacks by individuals, state hackers, or hacktivists. The current Olympic Games in PyeongChang 2018 are not the exception, but rather the rule. The threats range from disclosing athlete’s personal data, to ticket scams, to possible disruption of the Games. Why are the Olympic Games such a magnet for cybercriminals from all around the world?

The organizing committee and the South Korean Government have invested $1.3 million for cybersecurity, setting up cyber defense teams alongside armed troops. But that didn’t stop a cyberattack during the Opening Ceremonies at the Winter Olympic Games in PyeongChang. The security measures might not have been enough. Officials have confirmed that it happened, even thought they will not say where the attacks originated. The Wi-Fi in the stadium and the official website stopped working and organizers were forced to shut down servers. Some spectators were not able to print out their tickets. It also affected drones which failed to deploy and film the ceremony.

Cyberattacks and “spy games”

Some attacks started even before the Games began. In January, hackers tried to access sensitive information that appeared to have been sent by South Korean authorities. According to the cybersecurity firm McAfee, hackers used “spear phishing” emails for their attacks and targeted multiple sport teams and ski suppliers. It was argued that Russian groups or nationals might target the Olympic Games in retaliation for banning Russian athletes to take part in the Games. Also because of the close proximity of PyeongChang to North Korea, they pose a thread for the Olympics, even thought they deny their involvement in any cyberattacks.

Due to high number of prominent people coming to the Olympics, they are likely to become a target in the “spy games”. Hackers might attempt to “access to customer and employee financial or personal data” or trade secrets. In the previous years a group called Fancy Bears, believed to be associated with Russian links, targeted, among others, the World Anti-Doping Agency and recently also the International Olympic Committee (IOC). They hacked the sites and later published athlete’s Therapeutic Use Exemption data online and IOC’s emails about the ban of Russian athletes.

Simple measures that can be done to avoid the possibility of being hacked

Visitors, athletes or officials should not bring any electronic devices with them. However, this is not practical. If you have to bring them, do not connect to public Wi-Fi networks in hotels, airports or venues. And never log in to your bank account or send money while connected to the public Wi-Fi. Do not use ATM machines or credit cards. Have Wi-Fi and Bluetooth switched off when not in use. If that is not an option, have data backups, with software up to date, and strong passwords in place and with two-factor authentication.