Blog
Preparing for Cyber and Physical Security Risks at the 2024 Olympics
Cyber Threats
State-Sponsored Actors
Paris Olympic Games officials are anticipating and preparing for cyber threats during the Games, including attacks from state-sponsored threat actors (see source 1 in appendix). Cyber attacks during large-scale global sporting events are not uncommon, and the Olympic Games are a frequent target of state-sponsored hacking groups. In an attack known as “Olympic Destroyer,” a hacking unit affiliated with Russia’s military intelligence agency, the GRU, disrupted the 2018 Winter Games in Pyeongchang by targeting the organizers’ internet infrastructure, shutting down the 2018 Winter Games’ website, grounding news broadcasting drones, and preventing attendees from printing ticket reservations, which ultimately prevented spectators from entering the sporting events (see source 2 in appendix). Additionally, the UK government exposed a series of alleged Russian-backed cyber attacks planned for the 2020 Olympic and Paralympic Games in Tokyo before the Games’ postponement.
State-sponsored cyber threat actors from Russia, China, Iran, and North Korea have sophisticated capabilities that have the potential to cause disruptions to internet networks, digital ticketing systems and scanners, and timing systems for the Games. Russia is banned from competing in the 2024 Paris Olympics as a country, but Russian and Belarusian nationals can compete in the games as Individual Neutral Athletes (AINs) (see source 3 in appendix). The ban may increase the likelihood of a Russian state-sponsored actor attempting to conduct a cyber attack on critical infrastructure in Paris or against another Olympics-related target. Historically, state-sponsored cyber threat actors have targeted host nations, Olympics-affiliated groups, and other related athletics organizations to discredit rival nations and to gather and leak damaging or fabricated information.
Possible Cyber Threats for Attendees
Attendees at the 2024 Olympic Games should also be aware of cyber threats associated with attending the Games, including:
- False or unofficial mobile applications designed by threat actors or cybercriminals to harvest user data, specifically personally identifiable information (PII) and device information.
- Malware can possibly infect devices to gain unauthorized access, steal credentials, and load additional malicious software onto them.
- Threat actors compromise Wi-Fi networks to steal information or interrupt network connections.
- Social engineering scams, including possible ticket fraud scams, which Nisos has covered in previous research.
Recommendations for Attendees
Nisos conducts continuous research to remain up-to-date on current cybersecurity best practices to minimize the risk of cybersecurity threats for clients and employees. Based on the current cyber threat landscape, Nisos offers the following recommendations for 2024 Olympic Games attendees to minimize their risk of falling victim to a cybersecurity event:
- Validate developer and source of any mobile applications.
- Limit mobile application permissions to only what is necessary.
- Disable location services on mobile devices.
- Maintain up-to-date antivirus and endpoint detection and response software.
- Use a reputable VPN service to minimize network exposure.
- Opt to use a secure hotspot on your personal device instead of an unsecured public network.
Physical Threats
Opening Ceremony
Olympic officials expect the 2024 Opening Ceremony to be the largest in Olympic history. Opening ceremonies are typically held in a stadium, which allows for increased security measures inside the controlled area. This year’s ceremony will take place along the Seine River with a boat parade for the athletes and will not require tickets upon entry, allowing free admission to spectators, therefore posing a greater than usual security risk to attendees (see source 4 in appendix). With a large number of spectators able to freely enter part of the Opening Ceremony grounds along the river, this allows potential threat actors easy access to a venue where a physical security threat is likely to have a high impact. The six-kilometer parade route also makes heightened security measures difficult, with resources required to cover a large, dynamic area.
Civil Unrest
Civil unrest and protest demonstrations are frequent in France, with the most recent demonstrations in Paris focused on the conflict in Gaza and climate activism (see source 5 and 6 in appendix). The Olympic Games are expected to have over a billion viewers worldwide and millions of attendees, which serves as a possible large platform for activism, increasing the potential for protests and demonstrations (see source 7 in appendix). Additionally, French union workers, including public transportation employees and air traffic control workers, regularly participate in strikes to advocate for improved working conditions. The French government has offered bonus payments to civil servant employees who are working during the 2024 Olympic Games to avoid any disruptive strikes (see source 8 in appendix). French union employee strikes could lead to travel delays or public transportation disruptions and closures. Nisos recommends that Games attendees receive official updates from 2024 Olympic channels and outlets as well as reputable French news sources.
Terrorist Threat
Since March, France’s terrorist threat warning level has remained at its highest level (see source 9 in appendix). France continues to work to counter threats posed by terrorist networks, including by cooperating with international partners, preventing radicalization and the spread of propaganda, and training partners on counterterrorism measures. Terrorist attacks typically target areas that will impact large numbers of individuals as well as critical infrastructure, which often includes areas densely populated with tourists or highly trafficked public transportation lines. The 2024 Olympic Games represent an attractive target for terrorist groups, offering an international platform, billions of viewers, and a large concentration of individuals in a metropolitan area and capital city. Spectators should remain vigilant of their surroundings while traveling to and from the Games and in attendance at any events.
How Can Nisos Help?
Nisos serves as a valuable counterterrorism partner for law enforcement and trust & safety teams, helping to monitor violent extremists’ online communications and recruitment activity, track the spread of violent extremist material, identify specific threats, and minimize the risks of radicalization on social media.
About Nisos®
Nisos is the Managed Intelligence Company. We are a trusted digital investigations partner, specializing in unmasking threats to protect people, organizations, and their digital ecosystems in the commercial and public sectors. Our open source intelligence services help security, intelligence, legal, and trust and safety teams make critical decisions, impose real world consequences, and increase adversary costs. For more information, visit: https://www.nisos.com.
Appendix
2. https://www.wired[.]com/story/untold-story-2018-olympics-destroyer-cyberattack/
3. https://olympics[.]com/ioc/news/strict-eligibility-conditions-in-place-as-ioc-eb-approves-individual-neutral-athletes-ains-for-the-olympic-games-paris-2024
4. https://olympics[.]com/en/paris-2024/the-games/ceremonies/opening-ceremony
5. https://www.timesofisrael[.]com/thousands-in-paris-demonstrate-near-israeli-embassy-after-deadly-rafah-strike
6. https://www.reuters[.]com/sustainability/climate-energy/climate-activists-break-into-amundi-offices-protests-totalenergies-investments-2024-05-24/
7. https://olympics[.]com/en/paris-2024/the-games/olympic-paralympic-games/olympic-games
8. https://apnews[.]com/article/paris-olympic-games-paralympic-strike-union-0b8a025ba4e49be54a2153c0018f1039
9. https://fr.usembassy[.]gov/security-alert-france-elevates-its-security-alert-system-25-mar-2024/