On the surface it appears that the brains behind the London Olympics are taking information security considerations seriously for the 2012 games. They have hired 100 pen testers to simulate a range of attacks on the 2012 Olympic games such as various DDoS and virus attacks, in order to ensure that they are protected from cyber attack during the games. Let’s hope that they included the most dangerous of them all in their testing, social engineering. Read on for the full story from Sophos…
London Olympic Games to simulate cyber-attacks
by Graham Cluley on October 11, 2011 | Sophos.com
The London 2012 Olympic Games will open in nine months’ time, and – away from the glories anticipated on the track and field – consideration is being made about how to defend the world’s leading sporting event from cyber-attack.
The Olympics’ Technology Operations Centre (TOC), located in Canary Wharf, was opened to the media yesterday. During the games, hundreds of staff will work at the centre, providing 24×7 monitoring of the Games’ technology infrastructure, including IT security.
London Olympics 2012 Technology Operations Centre
It was reported that the 2008 Beijing Olympics were on the receiving end of 12 million online attacks per day.
Of course, internet attacks come in all shapes and sizes, and some can be deflected very easily – so the large number of attacks at the last Olympic Games is not necessarily a cause for concern by itself.
Nevertheless, the rise of hacktivism and “doing it for the lulz” raises the specter of a larger number of individuals thinking it might be cool to interfere with the enjoyment of sports-lovers.
Possible threats which could disrupt the Olympic Games include denial-of-service attacks against official websites and malware infections.
London 2012Gerry Pennell, chief information officer for London 2012, has said that a key principle will be to “keep mission-critical games systems quite isolated from anything web-facing. So very much partitioned and separated, thus making it hard for an external attack to succeed.”
Well, that sounds sensible – but there’s nothing quite like testing the theory. And with that in mind, the computer systems behind the London Olympics will suffer simulated internet attacks in March and May, just months before the Games begin, to test that they can withstand a massive denial of service or a malware outbreak on internal systems.
“We simulate past competitions and we have a shadow team of about 100 people coming and creating problems – injecting viruses, disconnecting PC servers,” Patrick Adiba from Atos, the Olympics IT supplier, told the BBC. “We are using a simulation system so it doesn’t really matter if we corrupt the data. We simulate the effect and see how people react.”
Computer security is a very real issue for organizers of major sporting events, and there have been problems in the past.
For instance, in 2003 the Pan American Games held in the Dominican Republic were impacted by a computer virus that interfered with the results service. Media representatives around the world were unable to access the latest scores and results from competitions as the computer system was brought down.
Unless properly defended against, a group wishing to make a political point might find it all-too-tempting to launch an attack against Olympic servers or inject malware into a vulnerable website.
It’s good to see the London Olympics preparing for the worst case scenario, and we all hope that when the Games do open on 27 July 2012 they will do so without a hitch.