Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management
How the Paris Olympics Survived Unprecedented Cyberthreats
Officials Say the Olympic Games Saw 140 Cyberattacks. None Were Successful.PARIS - The 2024 Olympic Games were a cyber phenomenon, relying on a vast digital infrastructure to support record-level attendance and thwart security risks aimed at shutting down the global spectacle.
See Also: Ransomware Response Essential: Fixing Initial Access Vector
Experts told Information Security Media Group that France worked to counter emerging cyberthreats and major attacks targeting the games for nearly three years, teaming with cyber defense agencies from around the world and collaborating with the private sector to safeguard the games and the public.
"We were probably both lucky and we were able to incorporate the lessons learned of the past," said Mike Mestrovich, chief information security officer at the cybersecurity firm Rubrik and former CISO of the CIA, who participated in cyber planning for the 2020 Tokyo Olympics. "But it doesn't necessarily mean that just because we were able to get through the Paris Olympics without there being any major incident that the tide has shifted in favor of the defensive actors."
"It just shows that, with enough coordination and with enough luck, you can actually survive through these things," he added.
The streets of Paris bustled with 1.8 million attendees for the 16 days of competition, decked out in patriotic sports gear and flags representing the 204 countries that participated in the games. An estimated 300 million fans accessed the Olympics website and mobile app throughout the events, which depended exclusively on digital ticketing to facilitate rapid entry processes and real-time attendance tracking. The games and their digital counterparts virtually went off without a hitch thanks in large part to the international coalition of security forces that combated nearly 140 cyberattacks, according to France’s cybersecurity agency ANSSI.
ANSSI told ISMG it arranged a team of 630 cybersecurity experts dedicated to around-the-clock coverage of the Games, including providing protections for 500 various companies, critical infrastructure facilities and organizations involved in the events. The agency designed "a reinforced monitoring and alerting system for IT incidents," a spokesperson said, which helped quickly mitigate downtime cyber incidents such as denial-of-service attacks and attempted malicious hacking.
France enlisted the help of leading global cyber teams such as the U.S. Cybersecurity and Infrastructure Security Agency, which sent personnel to Paris and set up a Joint Operations Center at the U.S. Embassy to provide real-time assistance and expertise.
CISA took part in "sharing threat information and working with critical infrastructure both in the U.S. and France" throughout the Olympics, said a CISA spokesperson. The U.S. cyber defense agency also activated its public-private flagship partnership, the Joint Cyber Defense Collaborative, and "established collaboration channels to share real-time cybersecurity information," the spokesperson said.
In some cases, scammers targeting the 2024 Olympics attempted to use heightened interest online surrounding the games to collect sensitive data and commit economic fraud. A report published Thursday by BforeAI says malicious actors set up counterfeit Olympic shop domains using keywords related to the Olympics to appear in search engines. Researchers said at least 166 unique domains showed common signs of DNS abuse, selling fake tickets and merchandise while harvesting information from unknowing users.
The report also identified schemes involving fake cryptocurrency coins that used Olympic branding, an increasingly prevalent cyber scam that has been seen during other global sporting events, such as the FIFA World Cup.
ANSSI, CISA and private-sector partners such as Cisco France developed ready-to-use crisis exercises based on past attacks against previous Olympic Games, such as the 2018 hack dubbed "Olympic Destroyer," which targeted the games in Pyeongchang, South Korea, officials told ISMG.
The attack temporarily shut down the entire Olympic organizing committee's staff domain controllers during the opening ceremony, disrupting thousands of television sets in the stadium and 12 Olympic facilities and crippling the mobile app used at the time for digital ticketing. Security teams raced against the clock to rebuild their systems after deploying a temporary fix that involved bypassing the affected systems to maintain basic access to Wi-Fi and livestreaming.
Experts said lessons learned proved useful when the Paris Grand Palais exhibition hall - which had been outfitted to host several of the Olympic events - was hit with a ransomware attack during the most recent games. French authorities have since launched an investigation into the attack, which targeted a computer system responsible for maintaining data from 40 museums across the country, including the Grand Palais.
Despite the successful breach, officials said the unknown threat actors were unable to cause any disruptions to the events. Officials declined to comment on who could have been behind the attack or if their motivation was to disrupt the Olympics.
Before the Games started, ANSSI led an awareness-raising campaign that involved hosting seminars with the stakeholders of the Games ecosystem. The agency divided the Olympic ecosystem into three categories and provided first-category entities with security audits and technical support.
France supplied the agency with a budget of more than 10 million euros to build a support program for information systems critical to second-category entities, which included competition sites, local authorities and public and private operators in the fields of energy, transportation, logistics and water management. The program featured a securing section with technical support missions and detection and response plans that involved deploying an outsourced system of endpoint detection and response and industrial probes to detect threats and suggest rapid remediation actions.
ANSSI provided automatic auditing tools and other support to third-category entities such as media outlets and several French transportation hubs.
The agency said that partnering with local authorities and international teams proved useful to counter a series of isolated physical threats that could have severely disrupted the games, including an arson attack on France's high-speed rail system hours before the opening ceremony. France quickly sought help from the FBI and others after media organizations received emails from a suspected Seattle-based hacking collective, though the messages did not directly claim responsibility for the attacks.
The FBI did not respond to requests for comment on its involvement supporting French authorities during the 2024 Olympics.
Marina Ferrari, France’s junior minister for digital affairs, confirmed that saboteurs had temporarily disrupted internet services across the country during the Olympics by severing long-distance internet cables in the early hours of July 29. Ferrari said the attack on the internet cables caused "localized consequences" to fiber optic services. ANSSI later said the issues were not linked to any cybersecurity incidents affecting the games.
But even with the series of limited physical disruptions and cyber incidents, French security teams successfully managed to pull off a historic feat with the 2024 Games.
The official Olympic mobile app - which was downloaded more than 10 million times - allowed a record level of attendees to move from one event to the next over the nearly two weeks of events in the highly connected city. Local officials closed many of the streets to vehicles so pedestrians could safely rent e-bikes and scooters and use their digital wallets to purchase official memorabilia. As many as 4 billion viewers across the globe watched.
Every night after events concluded, the Eiffel Tower put on a remarkable light show, wishing the city's visitors a peaceful rest before another jam-packed day.