As Japan gears up for the 2020 Olympics in just over a year, it needs to brace for sophisticated cyberattacks, experts say.
With the proliferation of smart devices and drones, such attacks are likely to increase not only in number, but also in complexity.
Previous Olympic organizers have faced an enormous number of cyberattacks, with 500 million estimated during the 2016 Rio Games and 250 million during the 2012 London Games. The threat to Tokyo is expected to be on a similar scale.
Organizers faced such a threat last September when a group of hackers tried unsuccessfully to steal private information from people in the United States and Japan by emailing fake ticket offers.
Toshio Nawa, executive director and senior security analyst at Tokyo-based security consultancy Cyber Defense Institute, warned that people must remain on guard for hackers who make use of a combination of virtual and real-world attacks.
“Hackers could use a cyberattack to show a fake emergency alert, for example, for a large earthquake or nuclear accident, on the electronic scoreboard during the opening ceremony and then fly dozens of drones capable of jamming mobile signals, causing a huge panic,” he said.
The former programming executive at the Air Self-Defense Force who oversaw signals, encryption and the air defense command system, said extra caution will be required when watching the games on smartphones.
“Attackers might set up a site saying you can watch the Olympics for free, but it will have malware embedded in it. When you access the site, a malicious app will download and install on your phone, where it could do things like extract your ID and password,” he said.
Once hackers have access to your personal information, they can go on to perform a whole range of malicious acts, such as using your credit card or infiltrating your company’s network to steal secrets, he added.
Noboru Nakatani, a former cyberspecialist at Interpol, said that crippling critical infrastructure, in particular telecommunications and transportation systems, is a common way to embarrass a country.
According to a 2018 report by think tank Rand Corp., the 2012 London Olympics was targeted by a 40-minute distributed denial of service attack on the venue’s power systems during its opening ceremony.
“In the United States there have been cases where subway ticketing systems have gone down. If trains aren’t able to operate during the games, it would be a huge mess,” Nakatani said.
Both Nakatani and the global policy think tank mentioned ransomware, where hackers hold an entity’s computer system or data “hostage” by encrypting the contents and then demanding money for the key, as another major threat for the Tokyo Games.
With hackers likely to target the less secure networks of sponsors and other companies working with the Olympic committee, “the subcontractors and suppliers will also have to make sure their security is bulletproof,” Nakatani said.
The former senior assistant director for cybercrime at the National Police Agency said information-sharing and international cooperation are key to detecting potential breaches early on.
Nawa believes the law should be amended to allow for stronger countermeasures.
“At an event where the world will be watching, hackers could promote themselves or terrorists could publicize their beliefs. We mustn’t allow the Olympics to become a platform for such acts,” he said.