The 2014 Winter Olympic Games begin on February 6 in Sochi, Russia. While always a spectacular and festive event, the technological aspect brings in numerous Information Security issues. The United States Computer Emergency Readiness Team (Department of Homeland Security) has released a formal advisory ahead of the Sochi Games.
Russia’s granting Edward Snowden temporary asylum and supporting anti-gay laws has drawn lots of criticism from the US, GB & some EU nations. But the 2014 Winter Olympics are going to be a joy to behold with a record $50 billion infrastructure investment.
Needless to say, the coverage will be extensive, with non-stop internet and satellite transmissions. The thousands of spectators are also expected to trigger huge spikes in mobile usage. All this brings huge security risks to individuals and also companies.
The warnings can be split to three main groups:
1 – Hacktivism
People in the last century burned tires and blocked roads, but the internet has brought in a new form of protesting – hacktivism. Technically savvy protesters simply hack into websites, using common techniques such as Cross-Site Scripting (XSS) and SQL Injections. The damage can range from homepage defacing to complete wiping out of databases. In the case of the 2014 Winter Games, the probability of hacktivism is extremely high.
The InfoSec Tip: Russian websites and blogs are expected to take lots of heat from the hacktivists, even if they are not open supporters of the Vladimir Putin regime. CISO’s and Security Managers are advised to secure their source code with the help of SAST/SCA solutions. Lesser loopholes eventually mean lesser hacking opportunities.
2 – Online Scams & Malware
Not all sports fans have the opportunity to be at the Olympics. Luckily, the internet offers all the chance to watch the games live on their computers via various streaming stations. Unfortunately, hackers and spammers use these types of channels for their own profit. Victims are tempted into clicking various links promising live coverage. In reality, they are directed to malicious websites and their computers are eventually compromised.
The InfoSec Tip: Workers should be clearly warned not to use their work PCs to stream content from pirate sources. It’s also a good idea to perform virus/system scans at a higher frequency during the Winter Olympics, especially if your company is located in a country where the interest in the games is high.
3 – Data Harvesting & Risk of Physical Theft
The Russian government is known for its intrusive and undemocratic habit. Using malicious WiFi hotspots to harvest information and intercepting mobile phone signals have been proved extremely easy to perform. The US-CERT has clearly warned visitors of these risks. People travelling with electronic devices provided by their employers can put whole networks and businesses at risk, especially when devices are lost or stolen.
The InfoSec Tip: Despite the convenience of travelling with laptops and mobile phones provided at workplaces, the security and criminal risks at the 2014 Sochi games are going to be extremely high. Workers should simply be encouraged to leave their valuable computing gadgets at home.
The Russian law does not limit the use of laptops and other computing devices within the country, but it does permit officials to inspect the software upon departure. This makes the private and sensitive data even more vulnerable to snooping. The 2014 Sochi Winter Olympics are expected to be loaded with impressive ceremonies and memorable sporting moments, but the security risks simply cannot be neglected. Appropriate steps must be taken worldwide.
Source – US-CERT Sochi 2014 Advisory