Cyber security experts for the Summer Games expect the number of hacking
attempts to easily surpass the 12 million a day during the Beijing Olympics four
years ago.
As athletes compete for Olympic gold, a different group will seek
international recognition — online hackers.
Olympic security officials are bracing for an
onslaught of cyber assaults that could easily surpass the 12 million attacks a
day, or 500,000 an hour, that were logged during the Beijing
Olympics four years ago.
"From the hacker's perspective, this is the mother of all opportunities,"
said Larry Ponemon, president of the Ponemon Institute, an Internet think
tank.
The London Olympics is particularly vulnerable because it will be the most
technologically interconnected, social media-driven event yet, security analysts
said.
"The difference from four years ago is that there are lots more people using
the Internet, especially through their mobile phones," said Gary McGraw, chief
technology officer of Virginia software security consulting firm Cigital
Inc.
The threats could range from hackers trying to put up a message on a
scoreboard to more nefarious attempts to disrupt the games by knocking out
London's electricity grid.
"If you had the ability to turn off an event, or just turn off the lights,
and make people feel uncomfortable or unsafe, that would make quite a powerful
statement," Ponemon said.
London security officials say they are well prepared. More than 3,500
information technology engineers and technicians have been assigned to monitor
the Games' computer systems and networks. Atos, the IT company that is
overseeing computer security for the Olympics, is monitoring more than 11,000
computers and servers from a "deployment center."
"We know that cyber attacks are a rapidly growing threat," a British Cabinet
Office spokesman said. "The high profile of the Games means that it is a
potential target, and we are putting in place measures to help protect against
such threats."
Experts say many of the cyber attacks could come
from rogue "hacker activist groups, such as Anonymous
and Lulz
Security, or LulzSec, whose goals are to draw attention to their political
causes. Such groups might try to take over Olympics-related websites to post
political messages or tamper with the events themselves.
"The Olympics people are going to be putting out lots of scores and stories
through the Web. So if you're a cyber activist, that would make a really good
target," McGraw of Cigital said. "Imagine if you could take the scoreboard and
make it say, 'Go Iran!'"
Other threats could come from cyber terrorists. A sophisticated attack could
cause havoc for those attending the games by cutting off their access to
information about public transportation or taking out all the ATMs at once, said
Stan Stahl, president of the Los Angeles chapter of the Information Systems
Security Assn.
"The worst would be to have a physical attack at the same time as the cyber
attack," Stahl said, noting that such a situation was unlikely.
Despite the visibility of the games, there's not much incentive for a cyber
criminal group to attempt something as destructive as taking down a utility,
some experts said.
"There are people who would like to do it," said Scott Borg, director and
chief economist of the U.S. Cyber Consequences Unit, a nonprofit research group.
"But the likelihood that someone with that intention would be able to put
together a team sophisticated enough to pull that off, I think, is pretty
small."
The Olympics is not the best target for criminals looking to make money,
McGraw said. "It would be much better to go after the banks, unless you wanted
to get a lot of publicity," he said. "And it turns out most cyber criminals
don't want publicity."
Spectators at the events are also at risk from malware that steals personal
data from their computers and smartphones. This was more of a concern during the
Beijing Games, Borg said, but it will still be a danger in London even though
there are more cyber security protections now than four years ago.
People will also be at risk of phishing attacks from fake sites purporting to
sell tickets for the events.
Watch out for scams on social media sites such as
Facebook, Stahl said.
Those personal threats, from what Stahl describes as the "pickpockets" of
cyber crime, may be the most prevalent during the Games. The institutional
protections against those small, individual attacks may not be as strong, and
Stahl said it's up to the Olympic fans to protect themselves.
"It's the cyber equivalent of when we say not to go down a dark alley at
night," Stahl said.
London is well-known for its physical security infrastructure, with thousands
of video surveillance cameras placed around the city, and that may make the city
better prepared to deal with cyber attacks.
"Dealing with the IRA and multiple Islamic attacks has made theU.K.very good
at security in the traditional sense, and they are also likely to be well
prepared for cyber attacks," Borg said. "It's quite likely there will still be
minor disruptions, but I think the British will be ready to deal with them."
No comments:
Post a Comment