Online Olympic security team is working to safeguard 90 venues and huge amounts of data against incursions by criminals and ’hacktivists’
When it comes to Olympics security, the chief information officer for London 2012 is quite clear: “We will get cyber-attacks, for sure. Previous Games have always been attacked, so we will be attacked. We are working with partners and government to make sure we have the right defences,” Gerry Pennell said. Speaking in January 2011, he insisted it was “inevitable” that there would be attempts to bring the systems down.
To that end Atos Origin, the company providing online security, has a dedicated team among its 450 technology staff protecting the systems around the Games from hacking. With 90 venues to safeguard, and critical data such as competitors’ points and medal positions flowing through thousands of computers, any breach – or even the suspicion of one – would be hugely embarrassing.
With the London Games expected to deal with 30% more results data than Beijing did, and with online demand for that data likely to be higher than ever, in a location where much of the world will be awake to follow events live, the potential for embarrassment if the systems are compromised is huge. The budget for protection can confidently be put in the millions.
But ask security experts whether Pennell’s pessimism is shared, and the reaction is one of puzzlement. The Olympics are big, certainly. But nobody can recall any overt cyber-attack against them. And the idea that the London Games would be targeted by the likes of Anonymous raises eyebrows.
“With any major sports event of this size, people have horrible visions of nasty cyber-attacks,” says Mikko Hypponen, the chief research officer for F-Secure, which is famous worldwide for its pursuit and identification of online criminals. “And people prepare. In reality we have seen very few cases.”
But, he says, “nobody is going to question an investment in security”.
Graham Cluley, consultant at the security company Sophos, says: “They’ve certainly been boasting about the teams of experts they’ve got looking after it.”
Nor has there been any chatter about the Olympics among the denizens of Anonymous, the loose collective that has hacked a wide range of sites, including most recently the Vatican and the FBI. Now
Yet the Games has been a target – if not necessarily successfully – before. In April 2008, in the run-up to the Beijing Olympics, the technical manager of its integrated information system announced: “We expect 200million [network] alerts during the Beijing Games.”
Quite what made an ”alert” worrying wasn’t explained. When the Games began, some reports said that the official site had been hacked: the headlines were coloured orange, a sign of protest for Tibet. Except they weren’t: the headlines were blue, though links after them were orange. It wasn’t clear who had done this.
And four years earlier, officials at the Athens Olympics decided to cut off the internet from their network over fears that viruses might invade their system, and delay or disrupt the Games, according to Edittech International, a California-based research organisation.
Atos Origin declined to comment for this article, though the chief executive of Atos Origin Iberia, Patrick Adiba, has said the Beijing Games faced 14m online “events” every day, though only 400 in total were “relevant events that could have been an issue that may have impacted on the games”. Again, an online “event” might just be contact from a computer – not necessarily malicious. The 400 “relevant” ones averages out to slightly less than one for every hour of the Games – which would be a quiet day for most big organisations.However, Cluley thinks there are good reasons why malicious hackers and criminals would want to target the Games. “Clearly the computer systems will have personal information about a large number of sportspeople which could be a target for identity thieves. Also, there are the details about the spectators – those need to be held securely.”
He thinks that “hackivists” could try to ”mess with Olympic medal charts ‘for the lulz’” – the amusement. And there are other risks: “Olympics websites will receive a lot of traffic, so there will be a risk that hackers could plant malware on webpages and infect innocent users.”
With the Olympics webpages likely to have millions of visitors every day, that would be a significant threat. The team has already had practice runs against a huge “denial of service” attack, in which thousands of virus-infected PCs are instructed remotely to try to connect to the site and tie up its resources.
Hypponen can’t remember any Olympics site being hacked into directly. However, he recalls the Winter Olympics in Salt Lake City in 2002, when Apolo Ohno of the US won the 1500-metre speed skating race following the disqualification of a South Korean competitor. Afterwards, some US-based websites had denial of service attacks originating from South Korea. “That’s a plausible case – if a nation gets angry and people there feel justice hasn’t been done.”
But in the end it may be the simpler threats that we have to watch out for, said Cluley. “It will be the scam websites – the ones offering last-minute tickets, hard-to-get tickets, the ones that will take your credit card details and charge you and you’ll never get anything. That’s the stuff to really watch out for.”
guardian.co.uk © Guardian News & Media Limited 2010