The Public Security Intelligence Agency (PSIA) of Japan has issued a warning that a state-sponsored cyber attack on the Tokyo 2020 Summer Olympic and Paralympic Games is expected, after uncovering some early phishing emails made up to look as if they are coming from Olympic staff.
The latest cyber attack on an Olympic event
Cyber attacks backed by nation-states have come to be expected by host nations at the biennial Olympic games, but the efforts appear to be ramping up with each new event. The 2016 games in Rio had to fend off a massive distributed denial of service (DDoS) attack, and the 2018 contest in Pyeongchang had to work around the successful “Olympic Destroyer” attack on data centers in Seoul that temporarily took down the site’s IT infrastructure and caused various disruptions for the first day of the games.
The 2018 attack is widely attributed to Russia, though it is difficult to be completely certain. That’s because the attacker planted numerous “false flags” pointing to other nations known for high-profile hacking, such as North Korea and China.
Russia has a particular motivation for an attack on the 2020 games, however. The country recently received a four-year Olympic ban from the World Anti-Doping Agency (WADA) due to repeated violations. Russian athletes can compete under “neutral” status, but medals they are awarded do not count toward the country’s lifetime totals. Russia and Japan also have a long-running dispute over the Kuril Islands, and Russia has seized an unusual number of Japanese fishing boats this year in the area including five in December.
The Microsoft Threat Intelligence Center reports that Russian state-backed hackers have been active this year in targeting various international sporting and anti-doping organizations. Microsoft believes that the “Fancy Bear” advanced persistent threat (APT) group, which is known to work with the support and participation of the GRU, is behind the attacks on anti-doping agencies. Fancy Bear has apparently been launching these attacks since September, when WADA found irregularities in Russia’s lab reports and proposed a potential ban.
The current Tokyo 2020 phishing attacks have not revealed enough clues to pinpoint exactly who is behind them. Vice-president Shuhei Igarashi of major AI research firm Antuit believes that China might be behind these early attempts, however. In an interview with Kyodo News, Igarashi claimed there was a “high possibility” of Chinese involvement based on dialogue in the emails. However, as 2018’s incident demonstrated, false flag operations are very much a possibility.
Targeted attacks on the Tokyo 2020 games
The PSIA warning appears to stem from a notification from the Tokyo 2020 organizers. The organizers have seen phishing emails that appear to be coming from Tokyo 2020 staff, sent to recipients in Japan and the United States. A similar cyber attack occurred late last year, in which a phishing email that promised free tickets was sent to numerous recipients, but it is unclear if that incident is related to the more recent ones.
In addition to a major state sponsored cyber attack, the games can expect to be peppered with many smaller attempts from various cyber criminals and would-be terrorists. Olympic organizers estimate that the London games in 2012 fended off about 250 million cyber attack attempts, and the 2016 games in Rio weathered about 500 million.
If they aren’t trying to steal personal information for financial gain, Olympics hackers are usually looking to cause disruption. They may seek to use digital displays or Olympic communications infrastructure to broadcast fake emergency messages to cause panic, or as a means to broadcast propaganda. To that end, they might also try to disrupt power supplies or cellular phone access on site.
Japan’s cybersecurity response
Japan has been crafting a cyber security plan for Tokyo 2020 since just after the 2018 Winter Olympics.
The country has established a cyber security council for the games tasked with coordinating efforts to defend and restore systems between different organizations, and applying international law as needed. The government has also introduced a five-level threat rating system for identifying cyber attack attempts, ranging from 0 (“no impact”) to 4 (“extremely grave impact”).
The country’s National Institute of Information and Communications Technology also surveyed over 200 million network-connected devices over the course of 2019, testing for unsafe username/password combinations primarily at public internet access points and through ISPs.
The country faced some international scrutiny and criticism when it was revealed in late 2018 that Minister Yoshitaka Sakurada, the official in charge of cyber security for the sporting event, had never used a computer and did not know what a USB drive was. Sakurada resigned in early 2019.
The country has since partnered with MITRE Corporation, a United States cyber security research firm that works on security matters with a number of government agencies including the Department of Defense and the Department of Homeland Security.