Tokyo 2020: The dark web is hacker gold
If the sophisticated cyberattacks on the 2018 Winter Olympics in Seoul – which only recently came to detailed light – are any indication, the 2020 Summer Olympics in Tokyo will be cyber honey to legions of well-equipped, experienced, and possibly state-funded targeted attacker flies.
About the author
David Carmiel, CTO, KELA Group
Long before the age of the Internet, Chinese philosopher Sun Tzu claimed that “…what enables the wise sovereign and the good general to strike and conquer…is foreknowledge.” To gain this foreknowledge in the lead-up to Tokyo, cyber reconnaissance needs to focus on the murky, subversive underground that is the dark web. Here’s how easy it is for hackers to find, purchase, and use tools and services that can literally wreak mayhem – and what Olympic stakeholders can do about it.
What’s for Sale?
The tools and data available on the dark web threaten everyone associated with the Tokyo Olympics – from international fans and the companies that serve them- such as airlines and hotels – through athletes and their sports associations, the host city and its critical and sports infrastructure, and even the International Olympic Committee (IOC) itself with its databases of event results, personal details, and all the other resources it commands.
What treasures can hackers find on the dark web, how have these been used in the past, and what might threat actors be planning for Tokyo this summer? Here are the top four threats that KELA’s research team has been monitoring recently on the dark web:
Accounts compromised by botnet-infected devices can be used to access the personal data of the device owner, data related to third parties, or customer-sensitive data – all of which can allow threat actors to facilitate sophisticated attacks that threaten the games.
By way of example, we’ve seen access to botnets on major brand-name ticket-selling platforms for sale on the dark web. A hacker gaining such access would easily be able to steal PII or credit cards from ticket holders. We’ve also seen botnet access to major games’ sponsors, and even the IOC, for sale on the dark web.
FOR SALE: Network vulnerabilities in Olympic IT infrastructure
If exploited, vulnerabilities in specific Olympic-related IT infrastructure can form part of a destructive campaign, enabling harm against critical networks or commercial interests during the games.
In past Olympic Games, cyberattacks have largely originated with vulnerabilities like open ports, outdated security schemes or unpatched servers. The incidents in the 2018 Seoul games, for example, were related to network vulnerabilities. And in the 2016 Rio de Janeiro Summer Olympics, Anonymous posted entire databases of network vulnerabilities online, encouraging activists to attack. Today, too, we’re seeing threat actors offering detailed scans of various Olympic-related networks on the dark web, including highlights of vulnerabilities found in these networks.
FOR SALE: Leaked credentials of Olympic employees or contractors
Leaked credentials allow threat actors to impersonate legitimate and trusted Olympic-related entities like employers, initiating phishing emails that garner sensitive athlete or game details, or can be used for extortion purposes.
During the Rio games, Anonymous leaked personal, financial and login details from local Brazilian sports confederations, including passwords and credentials of registered users. That same year, the FancyBear hacking group leaked World Anti-Doping Agency (WADA) documents and databases containing sensitive athlete medical information, which originated from a credential theft. More recently, during Japan’s Rugby World Cup 2019, we discovered numerous leaked Rugby World Cup-related personnel credentials on the dark web – the majority of which contained either a hashed or plaintext password.
FOR SALE: Olympic-themed phishing sites and lookalike domains
Phishing sites or lookalike domains can be used to gather the personal or financial information of anyone entering the sites – either for credential theft or to install malware on their computers.
In the Rio Olympics, hackers created a fake IOC intranet portal – so that when employees tried to login their credentials were immediately stolen and used to access the actual portal. During Japan’s Rugby World Cup, we identified dozens of phishing sites and lookalike domains, and on the dark web we’re seeing an increasing number of threat actors offering 2020 Olympic-related lookalike sites and phishing services.
What Can Be Done?
Organizers, suppliers, and ticketholders need to be wary of the massive threats facing events of this scale and act accordingly – and immediately. The actions that need to be taken? Initially, they’re actually well-known – yet sadly not always implemented.
For example, Olympic organizers and suppliers should ensure that all technologies used in all systems are updated. Patch all existing vulnerabilities – an action that seems intuitive, yet we’ve seen lists of vulnerabilities posted in the dark web based on recent scan logs of Olympic-related sites. Close any ports that don’t need to be opened, switch to more secured ports, or hide sensitive ports behind a VPN or by adding a WAF (Web Application Firewall). Monitor and take down any malicious domains found.
Games organizers need to take immediate, public and far-reaching measures to educate athletes, fans and other stakeholders of safety measures that should be taken before, during, and following the games. All Games stakeholders should use two-factor authentication whenever possible on ticketing sites. Olympic employees and contractors should be briefed on proper cyber hygiene such as not saving passwords in their browsers. And all Games-related organizations should install software capable of detecting malicious fingerprint plugins and strong antivirus software to prevent malware infections.
Not all cyberattacks are preventable. Yet much of the vast amount of information easily accessible today on the dark web would not be there if the above, and other, simple precautions had been taken to deny hackers their taste of Olympic gold.
If the sophisticated cyberattacks on the 2018 Winter Olympics in Seoul – which only recently came to detailed light – are any indication, the 2020 Summer Olympics in Tokyo will be cyber honey to legions of well-equipped, experienced, and possibly state-funded targeted attacker flies. About the author David Carmiel, CTO,…
Recent Posts
- As Google’s antitrust trial wraps, DOJ seeks sanctions over missing messages
- Microsoft needs some time to ‘refine’ updates for Copilot AI in Windows
- Sony Xperia 1 VI leak reveals new camera app and more features borrowed from Alpha cameras
- Quordle today – hints and answers for Saturday, May 4 (game #831)
- Google bans advertisers from promoting deepfake porn services
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011