Are the Russians Hacking the Tokyo Olympics?

Cybersecurity News

Following repeated penalties for state-sponsored doping, Russia was finally banned from all Olympic sports for 4 years. Have they retaliated by hacking the games themselves?

On October 19, both the UK's National Cyber Security Centre (NCSC) and the Foreign Office released statements accusing Russia's military intelligence agency (the notorious GRU) of conducting malicious cyber activity against organizations involved in the 2020 Olympic and Paralympic Games (before they were postponed to 2021 due to COVID).

The UK alleges that the GRU - also known by codenames Sandworm and VoodooBear, among others - has been conducting cyber reconnaissance missions against officials and organizations that are involved in the Tokyo Olympics. These include the Games' organizers, logistics services and sponsors.

Foreign Secretary Dominic Raab termed these attacks "cynical and reckless" and maintains a "high [degree of] confidence that all of these attacks were almost certainly (95%+) carried out by the unit known as the Main Centre for Special Technologies (GTsST) also known as Unit 74455 of the GRU."

While UK officials have declined to offer any particulars related to the attack, a similar cyber campaign took place in 2018 and should give us some clues.

The 2018 Winter Olympic Cyberattacks

On the same day that the UK made the above accusations, the US Department of Justice moved to indict 6 Russian hackers believed to be members of GRU and who it believes to be responsible for a series of hacks that targeted the 2018 Winter Olympics in PyeongChang, South Korea (among others).

While the 2018 operation was spread out of several months and targeted everyone from broadcasters and ski resorts to Olympic officials and Games sponsors (utilizing spearphishing campaigns and a suite of malicious mobile apps), the culmination of the attack took place during the opening ceremony with the release of the so-called Olympic Destroyer, a destructive malware strain that attempted to wipe crucial servers during the opening ceremony.

The timing of these attacks is telling: due to the ongoing doping scandals, Russian athletes were not allowed to compete under the Russian flag and were instead forced to join what was named the Olympic Athletes from Russia (or OAR) delegation. During the 2018 attack, the GRU attempted to disguise themselves as North Korean and Chinese hackers, but US and UK agencies believe that the attacks were a Russian response to their being blacklisted and were intended to disrupt the functioning of the Games. Fortunately, network administrators were able to isolate the malware and replace the affected computers before widespread harm was inflicted.

Responses to the Allegations

From their end, the Russian government continues to insist on their innocence and instead blames the accusations on what they characterize as "the US Russophobic forces' interest in keeping the 'Russian threat' theme afloat in the midst of the US Presidential election campaign."

As Maria Zakharova, director of Russia's Information and Press Department of the Ministry of Foreign Affairs, stated: "As usual, no evidence has been presented, except for the hackneyed phrases about Russia's 'implication' in a wide range of destructive activities in the information landscape. We categorically reject this kind of speculation."

On the flip side, Japanese officials have released assurances that the Olympic games have been and will be secure and safe. "While we have constantly monitored various types of cyberattacks on the digital platforms owned by Tokyo 2020, no significant impact has been observed in our operations," spokesman Masa Takaya said.

Echoing that sentiment, the Panasonic Corp, a sponsor of the event, stated that they have not detected any evidence of an attack leading up to the 2020 Tokyo Games, but was in the process of strengthening their global monitoring efforts. Another sponsor, Toyota Motor Corp, declined to comment.

Consequently, only time will tell whether the UK's allegations are indeed overblown for political effect, or whether we are in fact in the midst of the greatest attempt to disrupt the Olympic Games since the Munich attacks in 1972.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.