As Paris prepares to host the 2024 Olympics, the city of lights is poised to become the battleground for a different kind of competition – one that takes place in the digital realm and where the stakes are as high as the games themselves. The upcoming Olympics is not just a test of athletic skill, but also a magnet for cybersecurity threats of an unprecedented scale, possibly the most sophisticated the world has yet to confront.
As billions turn their eyes to this year’s events, the excitement inadvertently draws in those with malicious intent: cybercriminals, politically driven hacktivists, and operatives of state-sponsored factions. This diverse array of threat actors poses grave risks to the integrity of the games, and their motives are as varied as the sports represented – from seeking financial windfall to making resounding political statements capable of global reverberations.
The French government and International Olympic Committee are all too aware of the looming potentials for cyberattack and are fortifying their defenses accordingly. Yet, the landscape demands constant monitoring, as the threats are multifaceted and ever-evolving. The current geopolitical landscape, with the ongoing war between Russia and Ukraine as well as the conflict between Israel and Hamas, contributes to the rise in various cybersecurity risks to the Olympics. Hacktivist groups have already revealed their capabilities through DDoS attacks that have shaken French digital assets, suggesting they could lead to further chaos intended to be brought upon the games.
As billions turn their eyes to this year’s events, the excitement inadvertently draws in those with malicious intent: cybercriminals, politically driven hacktivists, and operatives of state-sponsored factions. This diverse array of threat actors poses grave risks to the integrity of the games, and their motives are as varied as the sports represented – from seeking financial windfall to making resounding political statements capable of global reverberations.
The 2024 Olympics are under significant cyberattack risk
2024’s Olympic Games bring a wide range of vulnerabilities, threatening the makeup of the Olympics' digital infrastructure. With the Paris 2024 games set to be the most digitally connected in history, every element, from the back-of-house systems to the critical national and city infrastructure, is at potential risk. The cybersecurity team of the 2021 Tokyo Summer Olympic Games reported that it faced 450 million attempted “security events.” This year’s Paris Olympics are expected to face 8-12 times that many.
The extensive use of personal devices and public networks exponentially multiplies potential cyber threat entry points, and public Wi-Fi has become a considerable vector for attack. Phishing and social engineering tactics are expected to surge, with attackers leveraging spear-phishing campaigns against VIPs and exploiting fans' eagerness to engage with the games—whether through ticket sales or memorabilia purchases.
With the Paris 2024 games set to be the most digitally connected in history, every element, from the back-of-house systems to the critical national and city infrastructure, is at potential risk.
AI as a weapon for sophisticated deepfake attacks
In today’s high-stakes environment, AI has emerged as both a critical defensive tool and a potential offensive weapon. Its rapid pattern and threat detection capabilities are invaluable to defenders, yet simultaneously allow adversaries to exploit AI to craft sophisticated attacks and more convincing phishing attempts, further complicating the defensive challenge.
The use of deepfake technologies in 'influence campaigns' have been utilized to disrupt the integrity of the 2024 Games. For example, false information could inaccurately depict the outcomes of competitions, and manipulated audio can damage the reputation of coaches, athletes, teams, or officials by falsely attributing inflammatory statements to them. In addition, fabricated images or videos could be employed to discredit competitors, potentially barring them from participation. The greatest risk comes from threat actors aiming to create turmoil using AI-created content, leveraging the high visibility of the Olympics to amplify societal divisions and threaten violence amidst geopolitical conflict.
Olympics Has Fallen movie thumbnail, featuring actor deepfakes
Influence of the Russia Ukraine war on the 2024 Olympics
Due to France's alignment with Ukraine in the Russian-Ukraine war, Russian-affiliated groups, notably Storm-1679, have gained particular notoriety for their malicious activities. The group has unveiled its latest weapon in the form of a disruptive propaganda movie entitled Olympics Has Fallen 2. The campaign is a testament to the evolving threat landscape, with malicious actors now incorporating advanced tools like AI to craft hyper-realistic movie fabrications designed to create fear and uncertainty. Olympics Has Fallen 2 takes psychological warfare to new heights, as it blurs the lines between fiction and reality, aiming to undermine the spirit of the games and incite chaos even before the torch is lit. The movie was shown across multiple social media and streaming channels, causing disruption leading up to the games.
Cyber threats as a form of psychological terror
A recent report showed that Russian threat actors created a fake video, purportedly from the CIA, to deter Americans from attending the 2024 Paris Olympics. The video falsely warns of potential terrorist attacks, aiming to instill fear and dissuade travel to the Games. This disinformation campaign is part of a broader effort by Russia to undermine the Olympics through various tactics, including spreading fake news and using social media bots to amplify these messages. The video is part of Russia’s longstanding strategy to sow discord and chaos around international events.
Post on X sharing fake CIA video (Source: CBS News)
Russian threat actors and the Israel-Hamas conflict
Russian influence operations are ramping up disinformation campaigns targeting the 2024 Olympics. A key instance involves a video posted in November 2023 on a Russian-language social media account, purportedly from the Turkish ultranationalist group Grey Wolves. The video caused significant confusion online, with many assuming it was authentic, even prompting a response from the Israeli Olympic Committee. Microsoft noted that the video was heavily amplified by pro-Russian bot accounts, suggesting it was part of a broader effort to undermine the Olympics.
Storm-1679, for example, has impersonated militant groups and fabricated threats against Israelis attending the Games. In the Fall of 2023, the group posted digitally generated images of graffiti in Paris, referencing the 1972 Munich Olympics attacks (see image below).
These efforts are part of a broader campaign to undermine the Olympics and create confusion and fear.
An image of graffiti, reportedly left in Paris, threatening a repeat of the 1972 Munich terror attacks at the upcoming Olympic Games in Paris.
As Paris prepares to host the 2024 Olympics, the city is becoming an epicenter of digital threats. The event faces unprecedented cybersecurity risks, from cybercriminals to state-sponsored actors, aiming to disrupt the Games. The French government and the IOC (The International Olympic Committee) are bolstering their defenses, but constant vigilance is essential. The success of the Games now hinges on a global coalition of cybersecurity experts working tirelessly to fend off these sophisticated attacks. It's clear that protecting the digital infrastructure is as critical as the athletic competitions, ensuring the Games remain safe and secure for all.
Recommendations to Safeguard Against Cyber Threats When Attending the Olympics
- Use a VPN and Secure Wi-Fi: Only connect to trusted and secure Wi-Fi networks. Avoid public Wi-Fi if possible, or use a VPN to encrypt your internet traffic when on public networks. Opt to use a secure hotspot on your personal device instead of an unsecured public network.
- Beware of Phishing Scams: Be cautious of unsolicited emails or messages claiming to be from event organizers or ticket vendors. Verify the legitimacy of any offers or requests for personal information. Be vigilant about potentially fake applications in third-party app stores or misleading links shared on social platforms.
- Exercise Caution with QR Codes: Be wary of QR codes; they can be manipulated to redirect you to phishing sites or malicious content. Only scan QR codes from trusted sources, and verify the URL before entering any personal information. Use a QR scanner that checks for safety to mitigate the risk of QR phishing.
- Be Cautious with Social Media: Don't share sensitive information like your location or travel plans on social media platforms.
- Be Cautious with Public USB Charging Stations: Cybercriminals can exploit these stations to extract data from your device as it charges. To protect your data, refrain from using public USB ports for charging. Instead, it's wiser to use your own charger connected to a traditional power socket.
- Turn Off Bluetooth and Wi-Fi When Not in Use: Disable these connections when you don't need them to reduce the risk of unauthorized access.
- Secure Your Devices: Create complex passwords for your devices and accounts and manage them with a password manager. Also, set up PINs, biometric locks, or other device lock methods.
- Enable Two-Factor Authentication (2FA): Add an extra security layer to your online accounts with 2FA.
- Update Your Devices: Keep your devices' operating systems and apps updated with the latest security patches.
- Use Secure Payment Methods: Favor credit cards or digital wallets with fraud protection over debit cards or cash for transactions.
- Backup Important Data: Regularly back up your data to a secure location, such as a cloud service or an external drive.
- Monitor Bank Statements: Keep an eye on your financial statements for any unusual activities.
- Educate Yourself on Local Scams: Stay informed about prevalent scams in the Olympic area and recent cyber threats.