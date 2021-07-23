Russian military hackers were doing reconnaissance in preparation for a possible cyberattack against the Tokyo Olympics before the games were postponed by the pandemic, the United Kingdom’s top cyber agency has said. But there’s no evidence so far they resumed that work when the games were rescheduled.
A significant hack against the Olympics could be a major blow to one of the first truly global events since the onset of the coronavirus pandemic. But that also makes it a prime target.
“In 2021, the Tokyo Summer Olympics may shape up to be what covid-19 PPE and vaccine diplomacy was to 2020: a clear opportunity for nation states to deploy information campaigns to denigrate their adversaries, promote their system of governance, and burnish their image on the world stage,” Rachel Chernaskey, Max Glicker and Clint Watts wrote for the German Marshall Fund’s Alliance for Securing Democracy.
If the attack came from Moscow it would also ratchet up cyber hostilities between the White House and the Kremlin, which are already at a high boil over criminal ransomware attacks.
“I think there’s an even chance,” John Hultquist, director of threat intelligence at the cybersecurity company FireEye told NBC News’s Kevin Collier about the prospects for a Russian Olympics hack. “They’ve done it in the past … Circumstances are all the same as far as Russian athletes not being allowed to compete, and we know they were prepping for it.”
Russia’s hacks targeting the 2016 and 2018 Olympics were especially brazen.
The cyberattack on the 2018 Olympics in PyeongChang, South Korea nearly upended the opening ceremonies, knocked out WiFi for chunks of the stadium and shut down security gates, as Andy Greenberg detailed in an expose for Wired.
The Kremlin hackers also tried to disguise themselves by tossing in bits of computer code and tradecraft designed to make investigators blame China or North Korea.
The ruse proved unsuccessful and the hacking effort was listed among a slew of charges in indictments the U.S. Justice Department brought against six Russian intelligence officers last year.
Kremlin efforts to undermine the 2016 Games in Rio de Janeiro included hacking and releasing information about athletes and anti-doping organizations. That also led to U.S. indictments for the hackers involved.
“Some of [Russia’s] most brazen and impactful interventions have come after softer infrastructure,” Ciaran Martin, former head of the U.K.’s National Cyber Security Centre, told Collier. “Politics, sports, undermining confidence and enjoyment in some of the things that are the fabric of the West, the nonauthoritarian world. Sport fits into that.”
The FBI is warning organizations involved in this year’s Games to be on alert.
It’s urging the organizations to make sure all their cyber protections are up to date and that they have fallback plans ready if a cyberattack happens.
A Japanese security firm spotted malicious software that appeared to target people based in Japan and concerned about Olympics security, The Record’s Catalin Cimpanu reported. It’s not clear, however, if it was aimed at undermining the Games themselves.
The malware was hidden in an email PDF link that warned about Olympics cyberattacks. It would have been capable of erasing files on the targeted computer if someone clicked the link.
The keys
Weeks after a massive ransomware hack, Kaseya obtained a key to unlock customer files.
The company got the key from a “trusted third party” on Wednesday and validated that it worked, Rachel Lerman reports. Spokeswoman Dana Liedholm declined to say whether the company paid a ransom to hackers.
Criminal hackers thought to be based in Russia breached Kaseya just before the Fourth of July holiday weekend. Between 800 and 1,500 organizations that were Kaseya clients and their customers were also infected with ransomware, Kaseya said.
French President Emmanuel Macron switched his phone and changed his number after reports about NSO Group’s Pegasus spyware.
The move came after The Washington Post and media partners reported that Macron’s number appeared on a list of phone numbers that included Pegasus targets, Michel Rose and Dan Williams of Reuters report. There’s no evidence Macron was definitely spied on and the phone change was done as an additional security measure, Reuters reports.
None of the heads of government or heads of state who were on the list offered their devices for analysis, so it is not possible to determine whether they were targeted or infected with Pegasus. The investigation found 37 cases in which Pegasus was used to target phones on the list and tight links between time stamps on the list and when some numbers were added.
NSO Group has repeatedly disputed Pegasus Project reports. The company said that Macron and other top French officials “are not and never have been, Pegasus targets.”
Privacy advocates are raising alarms about data vendors after a priest's digital activity was de-anonymized.
A Catholic newsletter said it used location data to track the priest's alleged activity on LGBTQ dating app Grindr. It's a worst-case scenario that privacy experts have been warning about for years, Heather Kelly writes.
The newsletter said it obtained the location data through a “data vendor.” Apps have long shared their information with third-party data brokers that sell it on the open market, often to advertisers. The priest, Monsignor Jeffrey Burrill, stepped down from his job as top administrator for the U.S. Conference of Catholic Bishops in the wake of the report.
Grindr said that such de-anonymization is “incredibly unlikely to occur.” It later shared an updated statement saying that “we do not believe Grindr is the source of the data” and that Grindr has policies and systems to protect personal data. It did not specify those policies.
There are a few things you can do to reduce your exposure, like locking down the data that apps on your devices can access, according to Bennett Cyphers, a staff technologist at the Electronic Frontier Foundation. Read more here.
Hill happenings
Securing the ballot
Industry report
Global cyberspace
Privacy patch
Daybook
- Homeland Security Secretary Alejandro Mayorkas testifies before the Senate Homeland Security and Governmental Affairs Committee on Tuesday at 10 a.m.
- Transportation Security Administration chief David Pekoske and deputy secretary of transportation Polly Trottenberg testify at a Senate Commerce Committee hearing on pipeline cybersecurity on Tuesday at 10 a.m.
- The Senate Judiciary Committee holds a hearing on ransomware on Tuesday at 10 a.m.
- A House Oversight and Reform Committee panel holds a hearing on electrical grid cybersecurity on Tuesday at 2 p.m.
- The Atlantic Council holds an event on why the United States needs a Bureau of Cyber Statistics on Monday at 2 p.m.
- The House Armed Services Committee’s cybersecurity subcommittee discusses the annual defense authorization bill on Wednesday at 10 a.m.
- The House Committee on House Administration holds a hearing on election subversion and integrity on Wednesday at noon.