Over the weekend, anonymous sources in U.S. intelligence acknowledged what has long been suspected: Russia was responsible for the hack on the 2018 Winter Olympics Opening Ceremony. This revelation has not been publicly confirmed; U.S. intelligence bureaus have so far declined official comment on the matter.
The February 9 Opening Ceremony suffered a disruption-oriented attack that affected ticket sales and broadcasts, resulting in large swatches of empty seats during the games. According to the new information, Russia’s intelligence agency GRU accessed as many as 300 Olympics-affiliated computers and deployed malware across host country South Korea’s routers on that day. There is a distinct possibility that the Opening Ceremony hacks coincided with covert intelligence gathering efforts.
Jake Williams, former National Security Agency cyber-operator and cofounder of cybersecurity firm Rendition Infosec, said in a statement to the Chicago Tribune: “Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely. Development of router malware is extremely costly, and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal.”
What that goal might be is not as yet clear. The suspected motive behind the attack is the barring of Russian officials and many Russian athletes due to systematic doping violations. Those athletes from Russia allowed to compete had to do so under the Olympic flag and anthem. Russia has denied all involvement in the hack.
Most distressingly, the GRU attempted to conduct the attack as a “false flag” operation, using North Korean IP addresses and other methods to make the hack look like the work of South Korea’s bitter enemy. Such a tactic has been used before by nation-states around the world, but with the increasing escalation of nation-state attacks it may prove a dangerous precedent in digital warfare. After all, without the ability to accurately attribute attacks, we may not know how to block them…or who to be blocking against.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021