Inflation is really everywhere… According to Paris 2024 Chief Technology Officer Bruno Marie-Rose, the Paris 2024 Olympics are expected to be the target of billions of cyberattacks, “eight to ten times more than the Tokyo Games” , threats heightened by cyber warfare in Ukraine.
“The Olympics are one of the most attacked events in the world. It is the first nightmare of the director of technology “, explained the engineer and Olympic medalist in the 4×100 m relay in 1988, inaugurating, this Monday in Madrid, the center of tests and integration of the Olympic Games, installed by the French group Atos.
Transmission of results in real time, broadcasting of images, accreditation of athletes, teams, officials… Information systems are at the heart of the operation of the Games.
“We expect everything”
During the previous edition of 2021 “in Tokyo, we had 450 million attacks, already eight times more than in Rio in 2016. And 4.4 billion threats, or 800 per second. But zero impact on the Games”, underlined Christophe Thivet, director at Atos of the technological integration of the 2024 Games. “In the event of threats, we were able to block all flows before impact”.
And those in charge are formal, “We expect everything”. First, hackers who seek to steal organizers’ data, for example identification data. “We are already seeing attackers looking to target people, with connection attempts. We pay attention to our direction,” explains Bruno Marie-Rose.
Security failures
Cyberattackers also look for security holes in already installed systems. “We see that some are trying. Our systems are continuously scanned. When you see the table of scans, it’s impressive. At the same time, it’s just normal.
Another risk is the diversion of data, for example from fake ticket sales sites. Hence an all-out surveillance. Atos, in charge of cybersecurity for the Games and sponsor of the International Olympic Committee (IOC), deploys all the traditional means to identify vulnerabilities: ethical hackers, penetration tests, “bug bounty” (bug hunts), simulations of attacks and monitoring the dark web to see if cybercriminal groups are talking about the Olympics, adds Christophe Thivet.
In addition to a cybersecurity center with several dozen experts already based in France, Atos teams are supported by the French Information Systems Security Agency (ANSSI).
The war in Ukraine increases the risk of state attacks
The war in Ukraine intensifies the risk of attacks by pro-Russian groups, the two leaders also half-acknowledge. “The Olympics are a target for geopolitical propaganda. The war in Ukraine is accompanied by a cyberwar. We are particularly afraid of state attacks, ”explains the Chief Technology Officer of the Games. The decision on whether or not Russian athletes will participate will undoubtedly provoke increased cybervigilance.
“The worst would be attacks that cause an interruption or disruption of competitions. One of my counterparts in 2018 at the Pyeongchang Olympics had seen a few systems turn off before the opening ceremony. I don’t want that to happen, ”notes Bruno Marie-Rose.
Holes in the racket
Whether it is to extort funds or to convey geopolitical messages, the Olympics represent a prime target for hackers, confirms Pierre-Antoine Failly-Crawford, cybersecurity expert from Varonis and former ethical hacker.
“In particular the construction phase, with the presence of many external service providers who do not always have the same security policy, which leads to holes in the racket”, he specifies.
Malicious actors could seek to compromise the on-board systems, for example the GPS of the boats, or even to hack the thousands of wifi terminals which will be set up by the organizing committee, for example during the unprecedented opening ceremony on the Seine, watched around the world.
The Olympic Games are also never safe from denial of service attacks, these traffic jams of requests that can block sites.