🔑 Key Takeaways
- The use of technology in sports brings forth unforeseen vulnerabilities to hacking. This calls for the need for cybersecurity measures to be implemented in every aspect of our lives in the modern digital era.
- Cyber-attacks are unpredictable and require organizations to have a solid crisis management plan in place. Regular drills and strict cyber-security measures can help prevent chaos and embarrassment.
- Despite facing a massive cyber attack, the IT team at the Winter Olympics managed to successfully eradicate the malware and rebuild all servers in time for the games to continue without further incidents.
- The Winter Olympics in South Korea experienced cyber threats, with Russia, China, and North Korea all suspected. Experts suggest that the attacks were state-sponsored, but it remains unclear if one nation or multiple countries were behind them.
- Cyber attackers often plant false flags and use sophisticated techniques to hide their tracks and make it difficult for researchers to identify them. A single clue is never enough to attribute an attack to a particular country or group.
- The malware used to disrupt the Olympics was not from North Korea, but instead was likely linked to Russia targeting Ukrainian groups. The investigation found clues in the delivery mechanism, phishing emails, and communication server.
- Russian hackers, affiliated with GRU Unit 74455, used sophisticated tactics to penetrate the 2016 US election, sabotage the 2018 Winter Olympics, and access voter information of hundreds of thousands. The Russian government has not been held publicly accountable.
- State-sponsored cyber-attacks have real consequences and the US intelligence community has the ability to hold hackers accountable for their actions. The Russian military unit responsible for the attack on the power grid in Ukraine and NotPetya malware aimed to undermine the winter Olympics but were identified and indicted by the DOJ, proving that even skilled hackers are not invulnerable to justice.
- The Sandworm cyber-attack on the Olympics highlights the difficulty in determining the true culprit of future attacks, as well as the potential consequences of falsely accusing a nation, making the future unpredictable.
📝 Podcast Summary
Technology in Fencing: The Unforeseen Vulnerability to Hacking
Fencing judges have adopted technology to help score points by adding electronic components to the sword and protective gear. This means electronics and computers have become judges in fencing competitions. However, it has also made the sport vulnerable to hacking, as shown in the 1976 Olympics when a competitor from the Soviet Union rigged his sword by adding a button that completed the circuit whenever he wanted. He hacked the system and scored a hit even without touching his opponent. He was later disqualified and the British team that exposed him won a gold medal. This story shows how even seemingly simple technologies can be hacked and that cybersecurity is important in every aspect of our lives, even in sports.
Importance of Crisis Management Plan in Cyber-Attacks
A destructive cyber-attack can happen anytime, regardless of how much preparation is done. In the event of a cyber-attack of this scale, it is important to have a crisis management plan in place. The pressure of the whole world watching can make the situation much worse. The IT team must work quickly to fix the problems caused by the attack to prevent chaos and embarrassment. In this situation, a workaround was created to get the official Olympic app working so that visitors could get in and out of the opening ceremony smoothly. The incident highlights the importance of cyber-security measures and drills, but also the unpredictability of cyber threats, and the urgency of having a solid crisis management plan in place.
Winter Olympics hit by cyber attack during opening ceremony.
The IT staff at the Winter Olympics faced a massive cyber attack just as the opening ceremony began, causing widespread disruption and a new threat to the games. The malware wiped out the entire system and spread like a worm and was too hard to distinguish from the process it had the same name, winlogon.exe. The IT team battled all night to try to rebuild all the servers, and even their domain controllers were wiped repeatedly. They managed to eradicate the malware around 5:00 AM with the help of a security company but had to take the entire network offline. The IT heroics proved successful in getting the network back up in time for the games without further attacks.
Potential State-Sponsored Cyber Attacks at South Korea's Winter Olympics
The Winter Olympics in South Korea was a prime target for cyber-attacks, with North Korea, Russia, and China all being suspected. Russia had a motive as they were banned from the Olympics for doping in previous years, and had already carried out a hacking campaign against the Worldwide Anti-Doping Agency. China was also a suspect due to the coding used in the malware being similar to previous Chinese attacks. The malware used, Olympic Destroyer, resembled NotPetya, a major cyber-attack on Ukraine, which could suggest that the attack was state-sponsored. It is difficult to pinpoint who was behind the attack as Russia denied responsibility, leaving it unclear whether one nation was solely responsible or if it was a collaborative effort.
The Challenge of Identifying Cyber Attackers
The Olympic Destroyer cyber attack didn't give any easy clues to solve the attribution problem. It had planted too many false flags making it almost impossible for researchers to identify the actual attacker. However, Kaspersky's Rich Header analysis found that there was a perfect match with North Korea's Lazarus hackers and one of their data-wiping malware. But, despite this match, it is hard to assume that the attackers were from North Korea alone. The attackers used sophisticated techniques, such as hiding tracks with distracting clues and false evidence, to make it difficult for researchers to find a real clue. Hence, a single clue is never enough to attribute an attack to a particular country or group.
Malware Implicating North Korea Was Proven False, While Evidence Pointed Towards Russia
The metadata of the malware showed that someone had forged the Rich Header to implicate North Korea, but this false flag was provably false, indicating involvement of another party. When an analyst examined the delivery mechanism of the malware, he found that the hackers had been seeding out the malware months before the Olympics. The initial infection was through a phishing email, and the macros in the attachments were created with a tool called Malicious Macro Generator. The phishing emails targeted Ukrainian LGBT activist groups, companies, and government agencies, pointing towards Russia as the probable culprit. The final clue that closed the case was the domain account-loginserve.com, which was used by the malware to communicate with its command and control servers.
GRU Unit 74455: Russian Election Hackers and Saboteurs of 2018 Winter Olympics
Russian hackers went deep into the 2016 US election campaign, targeting 21 states or election-related systems. The same group, identified as GRU Unit 74455 or Sandworm, also hacked the US State Board of Elections in Arizona and Illinois, accessed voter rolls of hundreds of thousands of voters, and sabotaged the 2018 Winter Olympics in Pyeongchang, South Korea with Olympic Destroyer malware. The clues and fingerprints left by the hackers pointed towards Russia, implicating the Russian government in the cyber-attacks, including the extreme NotPetya attack on Ukraine that was linked to Sandworm. The lack of condemnation or public statement from any government about Russia's involvement in the Olympics cyberattack is vexing.
Russian Military Unit Behind Global Cyber-Attack for the Winter Olympics
The cyber-attack that caused massive global impact was conducted by the Russian military unit 74455 of the GRU. They launched destructive malware against the power grid in Ukraine and then unleashed NotPetya malware. Their motive was to undermine the winter Olympics due to international penalties related to Russia's state-sponsored doping program. The DOJ identified the emotional immaturity of the hackers as petulant child-like behavior. The attack was strategically planned and took months of preparation and significant resources. This shows the extent of US intelligence collection and the ability to hack the hackers. The indictment listed the names and photos of the 6 people who carried out this attack. The outcome marks a significant step in creating accountability for state-sponsored cyber-attacks.
Sandworm Cyber-Attack on Olympics Leads to Accountability and Unpredictability
The Sandworm cyber-attack on the Olympics is the first time any government has explicitly condemned Sandworm and held them accountable. Among the targets were timekeeping partners responsible for the actual sporting events, implying that Sandworm was trying to corrupt the results of the games. This highlights the evolution of Sandworm's deceptive capabilities, making it difficult to determine who is behind future cyber-attacks, which may be more innovative and use false flags. While the US cannot go into Russia and arrest these people, any attack on next year's Olympics will make Russia the first suspect. This indicates that the consequences of accusing a nation of doing something they didn't do could be severe, making the future unpredictable.