As athletes and attendees prepare for the Paris Olympics this summer, Canada’s electronic intelligence agency is warning them to also get ready for likely cyberattacks.
The Communications Security Establishment (CSE), in charge of signals intelligence gathering and protecting the federal government’s cyber networks, issued a threat bulletin Friday morning aimed at tourists, government officials and athletes attending the events, as well as Canadian organizations involved in organizing, managing, sponsoring and broadcasting major sporting events.
“The high profile and costly nature of major international sporting events make them a prime target for cybercriminals looking to exploit targets of opportunity for profit. They also provide a global stage for hacktivists and state-sponsored actors to gather information and publicly embarrass a target,” the report says.
CSE said cybercriminals “will very likely target” large organizations, such as government organizations and corporations involved in sponsoring the events, and local businesses, especially those in the travel and hospitality sectors, for extortion.
Attendees and spectators should also be aware they could be targeted via phishing emails and malicious websites, the agency said.
“Topical event-related lures may include promises of discounted merchandise, free event tickets or access to a livestream of the events,” the report says.
State-sponsored actors after VIPs: report
CSE said state-sponsored cyber threat actors will likely try to spy on prominent and high-profile individuals attending major international sporting events to collect foreign intelligence or personal information, “and to maintain persistent access when targets return to their home countries.”
It would not be a new phenomenon.
The report points back to the 2016 Olympics in Rio, when Russia-backed threat actors targeted the Wi-Fi networks and routers of a hotel chain used by Olympics officials for reconnaissance.
They were ultimately able to compromise the World Anti-Doping Agency (WADA) database and leaked the personal information of 127 athletes, including their test reports, therapeutic use exemptions and past infractions.
Hacktvists will also likely see this summer’s Olympics as an opportunity to get their message out through website defacements, distributed denial-of-service (DDoS) attacks and hack-and-leak operations, said CSE.
“Major international sporting events provide an opportunity for hacktivists to widely promote their messaging on domestic issues, environmental causes or international conflict situations,” it said.
The threat report said the anti-government protests in France regarding changes to the minimum pension age “is likely a motivation for domestic hacktivism against the 2024 Paris Olympics.”
France’s support for Ukraine could also motivate pro-Russian hacktivist groups, said the report.
The CSE report ends by encouraging all attendees, athletes, government officials and organizations associated with major international sporting events to take appropriate measures to protect their systems against the cyber threats.