Connect with us


A favorite target of Russian hackers, the Olympics are on guard

In 2016, they leaked private medical records of American stars like Simone Biles and Serena Williams. In 2018, they shut off online ticketing during the Olympics’ opening ceremony in South Korea. And in 2021, governments and cybersecurity experts around the world are on edge that they might be back again for the Tokyo Olympics.

It sounds strange, but it’s true: Russian hackers have disrupted each of the Olympic Games since 2016, when Russia was suspended from full participation.

And it brings the question of whether Russia will try to disrupt the 2021 Games as well. No organization has yet offered definitive public evidence that it’s trying, but experts are still on edge.

In a public alert released Monday, the FBI warned that hackers could try a number of potential attacks to disrupt the Tokyo Games. 

“The FBI to date is not aware of any specific cyber threat against these Olympics, but encourages partners to remain vigilant,” it said.

The previous attacks are what government officials and cybersecurity experts have said are an apparent retaliation for the International Olympic Committee and the World Anti-Doping Agency repeatedly declaring that Russia used an elaborate doping scheme to give its athletes an edge in the 2014 Olympic Games in Sochi, the first and so far only time Russia hosted the Games after the fall of the Soviet Union.

That scheme, as well as Russian officials’ attempts to block investigators from looking into it, led to Olympic officials banning the country from fully participating in all Olympics between the 2016 Games in Rio and 2022 Winter Olympics in Beijing.

But while Russia wasn’t able to compete in 2016 and 2018, the Kremlin has made its presence known through hackers working for its military intelligence agency, the GRU.

Ciaran Martin, the former head of the United Kingdom’s public cybersecurity agency, the National Cyber Security Centre, said the attacks on the Olympics reflected Russia’s willingness to send its hackers against targets that might seem off-limits for Western governments.

“When I started, we were always talking about Russia and sort of hard infrastructure, like energy,” Martin said. “Of course, some of their most brazen and impactful interventions have come after softer infrastructure: politics, sports, undermining confidence and enjoyment in some of the things that are the fabric of the West, the nonauthoritarian world. Sport fits into that.”

Russia has repeatedly denied responsibility for the hacks. But several governments, including the U.S., U.K. and the Netherlands, as well as a number of cybersecurity experts around the world, have attributed both the 2016 and 2018 campaigns to the GRU. 

The NCSC, Martin’s former agency, announced in October that the GRU had been laying groundwork to hack the Summer Olympics in Tokyo last year as well, before those were delayed over the coronavirus pandemic. The NCSC declined a request for an update on if it had seen Russia targeting the Games this month.

There’s little doubt who was responsible for the previous hacks, however. The U.S. has published extensive technical details in the form of indictments that tie them to specific GRU officers.

In 2016, the same year that the GRU hacked and released Democratic Party files to hinder presidential candidate Hillary Clinton’s campaign against Donald Trump, it also went after the World Anti-Doping Agency, the IOC-funded foundation devoted to keeping athletes from using prohibited drugs in international competition.

Almost immediately after the agency published a major report accusing Russia of doping, GRU officers went to work trying to hack a number of Olympics-related targets, successfully breaching some accounts belonging to the agency and its American affiliate, the U.S. Anti-Doping Agency, and gaining access to some athletes’ medical information.

One of the victims was Simone Biles, whose attention deficit hyperactivity disorder medication was leaked on a website set up by the hackers, leading her to write a clarification that she only used approved drugs.

“I have ADHD and I have taken medicine for it since I was a kid,” she tweeted. “Please know, I believe in clean sport, have always followed the rules, and will continue to do so as fair play is critical to sport and is very important to me.”

Another was Serena Williams, whose files indicated she had received a waiver to use an anti-inflammatory muscle medication.

The attack on the 2018 Games was different, but just as chaotic. Ahead of the Winter Games in Pyeongchang, South Korea, GRU officers cast a wide net, creating fake versions of popular Korean apps in hopes of tricking people into downloading them. They tried signed up for a mass email service to pump out phishing emails to athletes. They sent fake government warnings of earthquakes to companies that were involved in running the Games.

All of that was to help the agency spread a masterwork of malicious software that the GRU had written. Built with a number of tricks and turns to confuse researchers, it expertly replicated itself onto other computers once installed and could render victim computers inoperable.

On Feb. 9, during the Games’ Opening Ceremony, the hackers set it off. Thousands of computers used by an IT company serving the Games became suddenly unusable. Attendees couldn’t show tickets from the IOC app. The Wi-Fi at the stadium hosting the ceremony went out, and all the stadium’s internet-connected TV sets went black.

The Pyeongchang cybersecurity team only avoided a bigger catastrophe because they took emergency measures to quickly remedy the situation, moving some Olympic check-in services offline and spending the entire night hastily rebuilding their broken network.

The GRU’s malicious program, seemingly written from scratch to make it more difficult to trace, “was absolutely an attempt to screw things up,” said Craig Williams, the director of outreach at the cybersecurity company Talos, which was the first to identify the program.

“The actor behind this piece of malware went to great lengths to do it quickly and quietly,” Williams said.

Now experts have turned their attention to the Games in Tokyo, watching to see if Russia or other hackers will try to exploit them.

“I think there’s an even chance,” said John Hultquist, the director of threat intelligence at the cybersecurity company Mandiant.

“They’ve done it in the past,” he said. “Circumstances are all the same as far as Russian athletes not being allowed to compete, and we know they were prepping for it. Is it possible they’ve changed? Absolutely.”

In an emailed statement, an Olympics spokesperson said that “the IOC has helped Tokyo 2020 to take a range of measures and is making thorough preparations.” The spokesperson declined to get into specifics, saying “maintaining secure operations is the main focus, and in line with best practices for cyber security.”

It’s possible that the Tokyo Games are already disrupted enough by the coronavirus that Russia won’t be interested. Many in Japan are opposed to hosting the Games during a pandemic; spectators are banned for fear of spreading the disease. Russia may leave it alone this year, Hultquist said. 

“We have to recognize Covid is a big disruptor,” he said. The GRU “could have changed the target,” he said. “Just not interested anymore.”

The Cyber Threat Alliance, a cybersecurity trade group that pools threat intelligence from its companies around the world, wrote in an assessment for the Tokyo Games that Russia’s prior actions had opened the door for state-sponsored hackers to conduct operations with little fear of consequence.

“Russian, North Korean, and Chinese state-sponsored adversaries likely pose the most significant threats to the Games,” the CTA found. “While nation-state actors have the potential to carry out a variety of different types of operations, we judge that disruptive attacks and disinformation campaigns are the most likely.”

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Minnesota wildfire doubles in size, creates its own weather

A wildfire in northeastern Minnesota more than doubled in size Tuesday, growing to more than 19,000 acres, after it produced pyrocumulous clouds that generated lightning and even raindrops, fire officials said.

The Greenwood Fire’s growth, most of which happened Monday afternoon, prompted firefighters to leave McDougal Lake, about 80 miles south-southwest of Duluth, officials said. Authorities fear that structures might have been destroyed or damaged.

“We had crews embedded, and as this fire took off, it was quite an effort to communicate with forces on the ground so they could get out,” said federal fire incident spokesman Clark McCreedy.

The pullout was a success, and no injuries were reported. However, downed trees and necessary cleanup mean crews have been unable to assess damage around the lake, McCreedy said.

In addition to the firefighter pullout, 159 dwellings were evacuated Monday, according to an update from the National Wildfire Coordinating Group. Cabins, homes and recreational sites remain under threat, the group said.

Patrick Prochaska, a Minneapolis resident who built a cabin near McDougal Lake in 2012, told NBC affiliate KARE that he watched via security camera as flames mostly bypassed his property Monday, causing minor damage.

“I was feeling very scared,” he said. “At the same time, I could see that it was not doing anything to the house, and it was kind of reassuring.”

The fire in and north of Superior National Forest has mostly performed according to the weather, fire officials said. On Monday, with dry fuel on the ground and temperatures in the high 80s, it was an expanding inferno punctuated by strobes of lightning.

“The winds were drawn into the fire from all directions,” the incident’s fire behavior analyst, Michael Locke, said in a video update Tuesday. “It created what we call pyrocumulous clouds. And really high in the atmosphere … you’d see a thunderstorm, and in fact they went high enough to produce a few sprinkles of rain and even some lightning.”

Temperatures dipped into the mid-70s Tuesday, and the blaze mellowed. “The real story was cloud cover and cooler temperatures,” McCreedy said.

More of the same, and possibly rain, was in the forecast, giving officials hope that they might be able to close the book on an unusually active and dry fire season in Minnesota.

Experts have said climate change has set the stage for extreme weather, including an increase in the frequency and intensity of wildfires in the Northern Hemisphere.

Firefighters — 426 were assigned to the Greenwood event — have been confronted with “prolonged, severe drought,” making parts of Minnesota look like the fire-prone West this summer, McCreedy said.

The Greenwood Fire, which was detected Aug. 15, is believed to have been sparked by lightning.

So far, firefighters have scored no containment, and areas including McDougal Lake, Sand Lake and the Highway 2 corridor have been under mandatory evacuation orders. The federal Boundary Waters Canoe Area Wilderness was closed Saturday “due to active and increasing fire activity, extreme drought, limited resources,” the National Forest Service said in a notice.

Officials set a goal of Sept. 1 for full containment.

“We’re probably going to get more of that moderating weather for the rest of the week,” McCreedy said. “That opens the door for fire crews to make progress on the ground.”

Continue Reading


Hiker survives grizzly bear attack at Denali National Park

A tourist from Indiana was attacked and injured by a grizzly bear at Denali National Park and Preserve in Alaska on Monday night, park officials said.

The 55-year-old tourist, whose name was not released, was hiking alone in dense fog in the Thoroughfare Pass area when a mother bear and multiple cubs charged him from nearby bushes, the National Park Service said in a statement Tuesday.

He had puncture wounds to a calf, his left ribs and his left shoulder, the agency said.

The victim used bear spray that might have cut the attack short, the park service indicated. He walked 1.5 miles to a visitor’s center where “medical personnel” vacationing at Denali treated him as a park bus driver called 911, it said.

The hiker was taken to a medical center near the park before he was transferred to Fairbanks Memorial Hospital, about 120 miles away, park officials said. He was stabilized at the Fairbanks hospital, they said.

“Due to the apparent defensive nature of this attack, there are no plans to locate the bear involved,” the park service said. “Female bears with cubs are naturally defensive of their young, especially when surprised. There is no indication that this bear is unusually dangerous.”

Grizzly bears are federally protected as a threatened species in the lower 48 states. According to the National Wildlife Federation, fewer than 1,500 grizzlies are left in the lower 48, but they thrive, comparatively, in Alaska, where they have a population of about 31,000.

The backcountry area of the attack is closed for one week as a precaution, the park service said.

Continue Reading


House passes John Lewis voting rights bill, sends measure to Senate for tougher fight

House Democrats on Tuesday passed a sweeping voting rights bill named after Rep. John Lewis, D-Ga., the late civil rights icon.

The John Lewis Voting Rights Advancement Act was approved 219-212. All Republicans voted against the legislation.

The bill is part of congressional Democrats’ broader campaign to strengthen voting laws at the federal level to fight restrictive voting laws passed in Republican-led states, such as Texas and Georgia. However, it faces steep opposition in the Senate, where Democrats hold a wafer-thin majority.

The House returned from its recess this week to take up the bipartisan infrastructure bill and a resolution for Democrats’ $3.5 trillion budget package, which includes funding for much of President Joe Biden’s legislative agenda. The procedural motion used to pass the multitrillion-dollar resolution paved the way for the House to vote on the voting rights bill, which was re-introduced last week by Rep. Terri Sewell, D-Ala.

The legislation would require states with recent histories of discrimination to get federal “preclearance” to change their voting laws, which directly addresses the Supreme Court’s 2013 ruling in Shelby County v. Holder. The ruling gutted the preclearance system in the Voting Rights Act of 1965, which civil rights advocates argue was successful in blocking proposed voting restrictions in states and localities with histories of racial discrimination.

House Speaker Nancy Pelosi, D-Calif., said in a statement last week that Congress had “not only an ironclad Constitutional mandate, but a moral responsibility” to pass the bill.

Shortly before its passage, Pelosi said on the House floor that the bill would honor Lewis’ legacy.

“We should have the right to vote and shouldn’t be diminished by anyone. It is unpatriotic to undermine the ability of people who have a right to vote, who have access to the polls,” she said. “As John knew, this precious pillar of our democracy is under attack from one of the worst voter suppression campaigns since Jim Crow.”

It isn’t the first time House Democrats have tackled election law. In March, House Democrats passed the For the People Act, a sweeping bill that seeks to change campaign finance, voting and ethics laws.

The bill would expand access to the ballot box by creating automatic voter registration across the country by registering eligible voters whenever they interact with government agencies, restoring the voting rights of the formerly incarcerated, expanding early voting and modernizing the country’s voting systems.

However, Senate Republicans filibustered the voting rights legislation in June, and the vote to advance an amended version of the For the People Act split along party lines 50-50, short of the 60 votes needed. All Democratic-aligned senators voted to begin debate, and Republicans unanimously voted to block the bill.

Passage of the voting measure was the final vote of the week for the House, whose members are leaving Washington and won’t return until Sept. 20.

Haley Talbot contributed.

Continue Reading


Copyright © 2021 Insight Global.