Russia hacked Olympic computers and tried to frame North Korea

U.S. officials said the “false-flag” hacking operation conducted by the Russian GRU was supposed to make it look like North Korea accessed hundreds of Olympic-related computers.

Russian military hackers hacked hundreds of computers at the 2018 Winter Olympic Games and tried to make it look like the hacks were conducted by North Korea, according to a report by The Washington Post.

U.S. officials, clinging to anonymity, told The Post the “false-flag” operation conducted by the Russian military agency GRU included obtaining access to hundreds of Olympic-related computers, as well as routers, in South Korea. The hacks are believed to be retaliation against the International Olympic Committee (IOC) for banning the Russian team from the Winter Games due to doping violations.

Citing an intelligence report, The Post said Russian military hackers obtained access to “as many as 300 Olympic-related computers” by early February. Additionally, “GRU cyber operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began.”

It was unclear if the cyber attack during the opening ceremony, which caused disruptions to the internet and broadcasting systems, was a result of the infected routers. During the attack, organizers took down the servers to prevent more damage. That caused the Winter Olympics website to go down, and some attendees could not print their tickets.

When officials confirmed the attack, Olympic Games spokesman Sung Baik-you said, “We know the cause of the problem, [but] we decided with the IOC we are not going to reveal the source” of the attack.

Rendition Infosec’s Jake Williams, who previously worked for the NSA, told The Post, “Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely. Development of router malware is extremely costly, and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal.”

Concern for cyber attack during Olympics closing ceremony

U.S. officials were reportedly concerned the Russians might conduct another attack during the closing ceremony, as Russian athletes were not allowed to parade under their own flag.

A team of 168 Russians competed in the Winter Games, but they had to compete as neutral Olympic Athletes from Russia (OAR) due to state-sponsored doping at the Olypic games in Sochi in 2014. After the OAR team won the men's ice hockey gold, the team defied the ban by singing the Russian national anthem during the medal ceremony.

When the IOC announced Russia’s ban, IOC President Thomas Bach said the doping at Sochi “was an unprecedented attack on the integrity of the Olympic Games and sport.” Yet the IOC was considering lifting the ban for the closing ceremony. However, the ban wasn’t lifted after two Russian athletes failed the drugs tests for this Olympics. Therefore, the athletes could not wear their national colors or display the Russian flag.

Nevertheless, Bach said, “There is no evidence of systemic doping and no evidence of the involvement of the Russian Olympic Committee in these cases.”

According to The New York Times, the IOC intended to welcome Russia back as a full-fledged Olympic nation if all of its remaining drug tests were negative.

The Washington Post gave a run-down of GRU hacks that were “seen as payback” after Russian athletes were banned for the government-run doping scheme. Even before that, the Russians conducted disinformation tactics against the Olympic Games.

This time around, for the GRU’s “false-flag” operation, the Russian military hackers used North Korean IP addresses and other tactics to make it appear like North Korea was behind the hacks.

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies