While the FBI is not aware of any particular cyber threat affecting the Olympic games – they’re not ruling out future malicious activity during the games. They let athletes know through a Private Industry Notification (PIN) to remain vigilant while in China. The threat is so high – the FBI recommends athletes use burner phones while in Beijing.
There are many ways that an attacker can hack a device. According to the FBI some of the cyber threats that athletes should look out for while abroad are, "Distributed denial-of-service assaults, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, misinformation efforts, and insider threats are all examples of these operations.”
Olympians can do their part by following best practices – by avoiding shady websites that could carry malware and not falling victim to phishing attacks or fraudulent emails that look like they’re coming from a real source with the goal of stealing your personal information.
Many high-profile events like the Olympics are the perfect opportunity for bad actors to conduct cyber-attacks. The FBI statement explains that cyber criminals can “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals.”
There is also the possibility that China special intelligence could target the American team. FBI director Christopher Wray said in a statement, “when we tally up what we see in our investigations, over 2,000 of which are focused on the Chinese government trying to steal our information or technology.” He called these types of attacks from the Chinese government as “brazen” and were a “broader threat to our ideas, innovation, and economic security than China.”
Attacks could even be coming from inside the Olympics. Researchers found that the official Olympic app – My2022 mobile app is fraught with “serious security vulnerabilities” noting that the app can record audio that is then saved on Chinese servers. Mobile researcher Jonathan Scott concludes that the official Olympic app is full of spyware. In a tweet he writes, “After reverse engineering all of the #Beijing2022 #spyware app for @Apple #ios and @Google #Android.” The tweet goes on with Scott concluding “…all Olympian audio is being collected, analyzed and saved on Chinese servers…”
A similar pin was sent to Olympians departing for Tokyo during the Summer Olympics last summer. The United States government was not the only country that felt like their athletes were in danger of cyber-attacks. Japan, the host country of the 2020 Summer Olympics hired more than 200 Cybersecurity professionals who impeded about 500 million incidents in the weeks leading to and during the games. According to organizers all the attempts to disrupt the games were blocked. According to a NTT Corporation press release this was over 2.5 times the amount observed during the 2012 London Olympics.
At the time of writing this there has been no large-scale cyber-attacks during the 2022 Winter Olympics. The two-week event began on February 4th and runs through February 20th. Athletes around the world will compete in sports such as speed skating, bobsledding, and skiing.