Archive 6 min read

Pyeongchang 2018 Olympic Games Hack

Cyberattacks happen all of the time. The critical angle to evaluate is their impact. Did the attack breach critical systems? Access personal information?

Pyeongchang 2018 Olympic Games Hack

Watch the episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Good Morning builders. How's it going? Um Mark here. Uh Number two episode mornings with Mark. Um I've got my tea. Hopefully you've got your coffee. Um We are ready to get rolling here, um, addressed a couple of the issues um from yesterday.

Um Hopefully the audio is coming through a lot better. Um I cut down a little bit on the glare on the white board, still working on that, still working on the lighting here as well. But I think we're a little bit better than we are.

Uh yesterday, obviously still need to work on that intro. I'm not sure why that movie is not playing. Um But we'll get there yesterday. Um Thank you for joining me. Uh We talked about perspectives and having the challenge that most security folks um face is that they're diving purely into um the specific security of a system instead of looking at the overall context of how that system is used.

And we saw a couple of examples, we saw some of those pitfalls and it's always that um perspective, that broad view, that um higher level uh approach that's really challenging because you're normally in the weeds and today I want to talk about something that really hit the news yesterday.

Um the Cyber attack that happened on the Pyeongchang Olympics um on Friday. So I was on um CB C's on the money talking to Peter Armstrong about this yesterday. I'll put a link to that down below. Um But it's very interesting because everyone's asking, you know, who's behind this attack, if you've been following me for a while, you know, that attribution is very much um of interest, but also a bit of a pet peeve for me.

So let's get you the hard facts here. Um What happened was the Winter Olympics Committee has said that the games were in fact, um attacked, it happened on Friday during the opening ceremonies and that coincided with a 12 hour outage for the website, um which meant users couldn't download their tickets until Saturday morning.

Um Also, uh there was some intermittent wifi outages in the stadium as well as some TV and internet feeds for the media were impacted. So this is the first time that we've ever seen an official acknowledge from the Olympics that a cyber attack actually impacted the games.

Now, it was a minor impact compared to uh the reliance of the games on digital. But the interesting thing here is that the attacks are um the games are attacked constantly and I don't think people realize just how much um these games are under a cyber onslaught essentially.

Um and that's not unexpected and given that it has been increasing year after year after year, but they, games are also one of the most prepared organizations to face this attack. They go in fully knowing that they are a massive target.

It's the world stage hackers are trying to make a name for themselves. So they're prepared for it. They're running game days ahead of the, uh, the games themselves. Um, so that's where they're running through operational um, scenarios and they're actually playing them out.

So, hey, if this system went down, how do we, how do we compensate? This system went down and this system went down at the same time, how do we react? So, it's not bad that the games are being attacked. Obviously, it would be desirable if they weren't.

Um, but this is an organization that's prepared for it. And I think that's a huge difference here. I think that's really important that ties back to yesterday's perspective, uh, talk is that you need to be aware of your, um, threats and the risks that you're facing.

So if the games are doing a threat model, they know they're going to be a high profile target for not just background noise attacks, not just directed it, sort of their vertical, but obviously direct targeted, persistent relentless attacks. And that changes how you go about defending the games are not quite a zero fail scenario, but as close as you can get without having life threatening scenarios.

The they are reliant on digital feeds going out. They are reliant on digital timers. The experience on site is reliant on digital. So obviously they know that that can't afford to go down for any length of time. This attack on Friday was the first time we've seen any sort of success from an attacker.

Um, and hopefully it will be the last, but the games recovered quickly. And what really, really impressed me was, I believe it's Mark Adams from the IOC or from the winter, sorry for the Winter Games. Um Communications Department. He was talking about a number of issues related to the games, but he directly addressed the cyber attack and he said something that was really impressive and essentially it amounted to um that yes, they were attacked, they recovered quickly, there was no data loss.

Um There was a minor disruption but they're not worried about who was attacking them because they're focused on delivering a safe and secure games. And I think that's absolutely critical. Here's a recognition of an attack, but then also a recognition that, you know what, maybe after we'll dive into seeing who it was.

But in the moment right now, it's not super important as to who was behind this attack, even though that's what everyone is clamoring for. We've seen multiple researchers speculating moderate confidence, which I think is a dangerous game in and of itself and saying who was behind these attacks or which malware was used in these attacks.

We simply don't have enough evidence publicly to make an attribution. And I, I spoke about that last week and I'll tie, um, I'll put a link to that video down down below because I think it's really important to keep that in perspective is that attack attribution is interesting.

It drives that story who's behind this attack, who is trying to take down the games. Well, even if you knew it was Bob or Joe or Fred or whoever is that useful to keeping the game safe and secure moving forward, it might be a little more useful, but the games are already on high alert.

They already know they are the target from dedicated Attackers who are relentless and persistent. So knowing that that relentless, persistent attacker's name is Joe and he's sitting in wherever does that really change how you would defend? And that's really the core question.

People get caught up in the interest of, oh, who was it? Who was it? We can go after them or we can deter them and that's important within context right now, the games are on a fixed schedule, right? They run for the two weeks.

Um And then they're over. So during those two weeks, you're not going to waste resources and time diving into a deep forensic analysis of what went wrong unless it's going to advance the cause of keeping the games safe and keeping them running.

Given the level of preparation they have, I don't think it would and their statement essentially amounts to that is that they're focusing on keeping things moving forward and they worry about it after the fact. Now after the games end, it's going to be a really interesting question to ask is to go back review.

Um And the reason there is that, you know, they go back and review and figure out what went wrong, what, uh what worked, what didn't work so that the next set of games, right? 2020 Tokyo can learn from their experiences in all areas, not just in event planning and logistics, but also very much on digital defense on cyber security.

That's absolutely critical and will be more critical moving forward as more and more people tune in from their phones, from their computers. Um, you know, even the TV streams are all based on the internet, digital feeds now. So it's absolutely critical that they learn after during, let's keep these games going because we've seen a lot of great athletes competing, a lot of good stories.

Um, a lot of really interesting sport and it sees, you know, it's that wonderful thing where the world comes together to celebrate sportsmanship, to celebrate the games. And let's make sure that the games are running smoothly and that's a really good attitude to hear from the operations team.

So that's why I wanted to address today. Um, you know, please, uh, follow me up, I'll see. Still learning which side. Uh, marknca on Twitter, uh github, uh, Facebook, linkedin, all that, uh, hit me up there. Um, always wanted to talk.

Always happy, happy to have a chat because I think we get better when we talk ideas through. Um, still working on some logistics for this cast. But, uh, you know, I'm gonna keep pushing forward, um, 930 Eastern on, uh, Monday through Friday.

Um, right now just coming to you live on Facebook after the fact on, uh youtube and maybe on linkedin. Uh, we'll see, I'm still playing with, uh, where and when this works best for people. So let me know what you think.

Um, hope you have a great Tuesday.

Read next