Initial Disclosure Date: Aug 1, 2012

Cybersecurity experts expect that the London Olympics is vulnerable to cyber-attacks due to the heavy dependence on the Internet including smartphones and social media. Although the Beijing Olympics faced 12 million cyber-attacks per day on average four years ago, this year’s event may mark more. Potential threats include phishing sites, spam emails, website defacement, and disrupting the games by crippling the critical infrastructure in London.

London security officials claim that they are well prepared with over 3,500 information technology engineers and technicians to monitor computer systems and networks for the Olympics. Atos, an international information technology company based in London, is monitoring over 11,000 computers and servers at the logistical heart of the games.

Many of possible cyber-attacks could be launched by hacktivist groups such as Anonymous and Lulz Security that try to attract attention to their political causes by defacing and posting political messages to Olympics related websites. More sophisticated attacks may entail cyber-attacks on critical infrastructure to take down a utility, according to Scott Borg, Director and Chief Economist of the U.S. Cyber Consequences Unit, an independent, non-profit research institute. Stan Stahl, President of the Los Angeles chapter of the Information Systems Security Assn, argues that the worst case scenario would be the simultaneous combination of physical and cyber-attacks, but he also notes that the possibility is low.

Yet, there are already phishing sites and spam emails related to the London Olympics. On July 13, McAfee posted a blog to warn audiences about phishing emails. The example picked up by McAfee notifies readers that they won a bid for the London Olympic 2012 Promotion and achieved 950,000 British pounds. Reportedly, some cases request “a copy of the winner’s passport, national ID, or driver’s license” to compromise personal information. TrendMicro reported on July 26 that spam emails written in Japanese are trying to sell illegal B-CAS cards to allow audiences to watch the Olympic games without paying. The IP address enabled the company to track the server back in Hong Kong. On the 29th, TrendMicro issued another blog to alert about 20 fake live streaming sites. Some of the sites “redirected to fake live broadcasts of London Olympics 2012 and contained a link for buying cheap albeit bogus tickets.”

ThreatMetrix, a provider of cybercrime prevention solutions based in California, provided a list of top five cyber threats during the London Olympics:

• Mobile and Tablet Risk:
  • Those who are watching the London Olympic games via their smartphones or tablets should avoid third-party applications which are not authorized by the organizers in order to prevent malware infection.

• Drive-by-Downloads:
  • Do not visit or stream from unauthorized websites to avoid download malicious software because cybercriminals can post malware to seemingly authentic Olympics related websites and careless visit to infected website, email, or pop-up ad can lead to automatic download of such software.

• Information Phishing:
  • Be cautious about disguised links from Facebook and Twitter to lead users to malware infected sites. Especially, Twitter links are shortened and could be used to hide destination URLs.

• Search Engine Poisoning:
  • Cybercriminals can redirect users to malicious websites during their online searches for information or images about the Olympic games. Careless click on a link or image infected by malware results in infection.

• Ticketing Scams:
  • Avoid unauthorized websites that offer fake game tickets and aim to steal credit card information.

Sources:
Maela Angeles, “More London Olympics-Related Threats,” TrendMicro, July 29, 2012,
http://blog.trendmicro.com/more-london-olympics-related-threats/21
Ryan Faughnder, “London Olympics officials prepare for cyber attacks,” Los Angeles Times, July 25, 2012,
http://articles.latimes.com/2012/jul/25/business/la-fi-olympics-cybersecurity-20120726
Noriaki Hayashi, “Illegal TV Cards Allowing Free Olympic Viewing Sold Online,” TrendMicro, July 26, 2012,
http://blog.trendmicro.com/illegal-tv-cards-allowing-free-olympic-viewing-sold-online/2921
International Business Times, “2012 London Olympics: Top Tips on Preventing Malware Attacks during Games,” July 30, 2012,
http://www.ibtimes.co.uk/articles/368176/20120730/london-2012-olympics-apps-malware-infection-cybersecurity.htm
ThreatMetrix, “ThreatMetrix Identifies the Top Five Cybersecurity Threats of Olympic Proportions,” July 19, 2012,
http://threatmetrix.com/threatmetrix-identifies-the-top-five-cybersecurity-threats-of-olympic-proportions/
Francois Paget, “Scams Surround London Olympics,” McAfee, July 13, 2012,
https://blogs.mcafee.com/mcafee-labs/scams-surround-london-olympics

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.