The winter Olympics 2018 kicked off on Friday night in Pyeongchang, South Korea. The opening ceremony was interrupted by various cyber issues which, confirmed by the officials, were due to a cyber attack.
“The technology issues experienced Friday night were caused by a cyber attack”, said Jihye Lee, a spokesperson for the Pyeongchang Organizing Committee, Sunday.
The cyberattack disrupted the internet access and telecast, grounded the broadcasters’ drones and took down the official Pyeongchang 2018 website shortly before the ceremony, thus preventing spectators from accessing information and printing out reservations. The website was up again 12 hours later however the delay resulted in an unusual number of empty seats at the event, as a lot of spectators couldn’t print out their tickets.
The security experts investigated the attack and found out evidence that the hackers had been working on the attack since late last year, stealing and leaking Olympic related documents. The attack was basically targeted at the Pyeongchang Organizing Committee. Although the malware, ‘Olympic Destroyer’ (as named by security analysts at Cisco’s Talos threat intelligence division) was capable of destroying the computers, it didn’t. The hackers behind the malware just wanted to disrupt the event.
“This attacker had no intention of leaving the machine usable,” the security researchers at Cisco’s Talo division wrote in an analysis on Monday. “The purpose of this malware is to perform destruction of the host” and “leave the computer system offline.”
The Talos’ researchers said in an interview that although the hackers clearly showed they had the ability to destroy computers, they didn’t do so. They left the possibility for the victim to fix the damage.
“Why did they pull their punch?” asked Craig Williams, the senior technical leader at Talos. “Presumably, it’s making some political message” that they could have done far worse, he said.
Adam Meyers, vice president of intelligence at CrowdStrike, an internet security company said that Olympic destroyer was designed on 27 December at 11:39 a.m.
Though the security experts did not mention who exactly was behind the attack, some of the calling cards left by the hackers led to Fancy Bear, the Russian hacking group having a connection with the Russian intelligence services.
Mr. Meyers said that beginning in November, his intelligence team witnessed Fancy Bear attacks on an international sports organization that resulted in stolen credentials. He kept the identity of the victim a secret, but said that the stolen credentials were similar to the ones that the attackers would have needed before their opening ceremony attack.
The attack might be a response from Russia to the fact that the Russian Olympic Committee along with its 200 athletes was banned from the event in December due to their state-sponsored doping in the Sochi Olympics 2014.
Just two days before the cyberattack, the Russian government released a statement that pre-empted accusations of Russian cyberattacks on the Olympics.
This is not the first time that an Olympic opening ceremony was the target of a cyberattack. In the 2012 London Olympics, security experts found the blueprints of the Olympic stadium and some cyber attacking tools on a hacker’s computer and successfully prevented the attack.
Also Read: Cryptojacking attack hits 4,000 websites