Tuesday, July 24, 2012

London ready to fight off Olympic hack attacks

LONDON (Reuters) - Usain Bolt and Yohan Blake, the fastest men in the world, storm over the line together in the 100-metres final of the London Olympics - a photo finish.

As they eagerly look up for the result, a political message from a rogue hacking group fills the screen as the world looks on in disbelief.

While unlikely, the task of ensuring the unthinkable does not happen falls to the Games' IT services provider Atos.

Analysts say infiltrating the scoring and timing systems at one of the 35 competition venues around Britain, especially the Olympic stadium in east London, is a target for hackers looking to spread political messages, known as 'hacktivists', and criminal gangs looking to cash in on the Games.

'The digital systems recording scores and timings are susceptible to attack and will be targeted by hacktivists wanting to make a statement and by organized crime groups looking to profit from betting on events,' said a former UK government cyber security boss who wished to remain nameless.

'Can you imagine the furore if the 100-metres final is a photo finish and they can't access the photo and no one knows when the clock stopped.'

At the 2008 Beijing Games, around 12 million potential cyber attacks - varying in type and potency - were successfully defended each day but over the last four years the scams and cyber campaigns perpetrated by hackers have grown in scale and complexity.

Paris-based Atos, the lead technology company for the Olympics since 2002, expects up to 14 million possible attacks every day during the London games.

Marc Maiffret, chief technology officer of eEye Digital Security and a former hacker who was raided by the FBI when he was 17, said the Olympics was a prime target.

'I think this year even more so, given what's been happening recently in the hacktivist and related community,' he said.

Hacktivists mount attacks to highlight political or social causes, and analysts say they are seen as more likely to target the Games than state-backed hackers.

'Hacktivist groups like LulzSec and Anonymous will want to go after the Olympics to make a point because it would give them an immediate worldwide audience for their social and political messages,' said a cyber security consultant for the Games who did not want to be named.

'States involved in such attacks would not want to get caught targeting the Olympics as they could be banned and disgraced.'

'ETHICAL HACKERS'

Atos, which expects to handle about two million pieces of key data throughout the event - a third more than at Beijing - has carried out more than 200,000 hours of testing, including simulating cyber attacks from so-called 'ethical hackers' invited to join the tests.

The company, which is responsible for some 11,500 computers and servers across Britain, will monitor possible cyber threats second by second from its Olympic Technology Operations Centre in east London's Canary Wharf business district.

It is protecting the systems that will deliver results to scoreboards at Olympic venues, event timetables to athletes, and Olympic accreditation information to UK border officials.

'It would be quite complicated to get into this network without being detected,' said Atos' executive vice president Patrick Adiba. 'I can never be 100 percent, but it is close to 100 percent.'

If the main Olympic systems prove to be impregnable hackers could instead target transport infrastructure, financial operations or its top corporate sponsors.

Visa, for example, is the Olympics' only approved credit supplier and has a monopoly on all of the cash dispensing machines around the Olympic sites.

'Take down the Visa network and no one is buying or selling anything. The potential for damage and loss of revenue is vast,' the cyber consultant said.

Maiffret said companies needed to plan for any cyber attacks that get through the defenses.

'When you try to respond to a hack after the fact, and you are trying to create your plan as it's happening, that can be disastrous,' he said.

Organizers are also wary of the threat from powerful computer viruses, such as 'Flame' and 'Shady RAT'.

Flame, which is capable of espionage and sabotaging computer systems, was likely used to attack Iran in April, while Shady RAT - a virus that persistently attacks computers and individual users - targeted the International Olympic Committee and four Olympic bodies in recent years.

Earlier this year MI5 chief Jonathan Evans said cyber attacks against the British government and businesses had reached 'astonishing levels' and that the London Games would be an 'attractive target' for cyber criminals.

Britain's minister responsible for cyber terrorism, Francis Maude, warned in May that the Olympics would 'not be immune to cyber-attacks', given the hundreds of hotels, training centers and related facilities being used by athletes, coaches, Games officials and dignitaries during the Games.

The London Organizing Committee of the Olympic and Paralympic Games'(LOCOG) will hope the $750 million it has spent on technology is enough to protect the Games.

(Editing by Greg Stutchbury)

No comments:

Post a Comment