Hosting the Olympics is always a source of national pride for any nation chosen to do so. Whether in winter or summer, the prestige of the world’s eyes being on an event that transcends political differences and has sport at the fore is a prize many countries and regions aspire to achieve.
This all sounds fantastic and at one level is exactly what is happening at the 2022 Winter Olympics. However, at another level, any event that attracts large numbers of overseas visitors, high-ranking government and non-government organisation officials, as well as cutting edge technologies will attract unwanted attention. The Olympics provide a huge opportunity for those who want to exploit visitors and steal their data.
Opportunities for Cybercriminals
The FBI as well as the UK and several EU countries cyber agencies have emphasised the need for those traveling to the Olympics to exercise caution with “the download and use of applications, including those required to participate or stay in-country, as they could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware.” The Canadian Olympic Committee noted that the games present “a unique opportunity for cybercrime,” as reported by the Reuters.
Those same agencies advised their athletes, training teams, and others to leave their personal devices at home or use temporary phones due to potential cybersecurity concerns at the Games. The devices they refer to include laptops, tablets, and any technologies with electronic processing and/or communications capabilities. Part of the reason for this is to reduce the possibility of any malicious actors being able to steal data from personal devices. But it also accounts for security concerns around an app that athletes need to download in order to compete at this year’s Games.
Indeed, due to the ongoing COVID-19 pandemic, athletes at this year's games are required to download the ‘My 2022 app’ or a web browser version while in Beijing. Researchers at The Citizen Lab, a group based at the University of Toronto, found that the ‘My 2022 app’ had the potential to be infiltrated by cyber criminals. In addition to raising censorship concerns, the researchers also raised worries about where the sensitive information required by the app would end up.
The Dutch Olympic Committee went so far as to give their athletes new devices for use in China in order to protect teams from potential threats. Dutch Olympic Committee spokesman Geert Slot said that cybersecurity was part of the risk assessment made for the trip to China, adding that “the importance of cybersecurity has grown over the years,” as quoted by 7News. After all, we should remember in 2016 confidential medical files from WADA’s Anti-Doping Administration and Management System were stolen and the sensitive information within them leaked onto the internet.
Given that Olympians are at the top of their sporting prowess, their personal data, contacts, and connections as well as personal profile make them potentially at greater risk of being targeted online. Cyber criminals and other bad actors are spending more time building profiles of their targets so that attempts to compromise devices can be better focused through targeted malware delivered through sophisticated spear phishing attacks or malicious apps.
Staying Secure during the Winter Olympics
Key to helping to mitigate the risks discussed above is awareness of the potential threats and then the application of some basic cyber hygiene practices. The use of burner phones or devices when traveling is always good practice. Given the amount of data that modern devices can hold, not to mention the possible interconnectivity of multiple accounts on a single device, taking a device that has only the apps, contacts, and data you need maintains sensible separation between a personal and a purely professional device.
It’s also good practice to ensure operating systems are updated, to download apps only from approved sources, and to use Virtual Private Networks (VPNs). However, when it comes to apps and privacy products, you must remember if it is provided for free, then the users’ data tends to be the price paid. That’s why understanding the terms and conditions as well as what happens to personal data is important. For more corporate systems when traveling, account admins should audit logs for new user services along with the admin accounts within established systems.
Cyber vigilance should continue when individuals return home with greater awareness needed around potential phishing emails relating to their visit and any activities in the host country. Burner devices should be reset to factory settings and kept for use on the next trip but not connected to personal or work networks.
Critical to strong cyber safety is personal awareness of individual digital exposure. People know when to lock doors, put valuables in safes, and close curtains in the physical world. It is shocking how few people think the same in the digital and cyber world, yet it is as much an integral part of life today as anything else.
About the Author: Philip Ingram MBE is a former colonel in British military intelligence and is now a journalist and international commentator on all matters security and cyber.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.