The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Countries are thinking twice about hacking an Olympics held in China

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Before the month is through, here's the poem “January” by John Updike. 

Below: A new round of cyberattacks is hitting Ukraine, and hackers breached a nonprofit that helps journalists.

The location of this year's Olympic games could mean fewer cyber attacks

One benefit of holding this year’s Winter Olympics in Beijing: The chance of government-backed cyberattacks aimed at unraveling or disrupting the Games is much lower than usual.

Why? No one wants to anger China.

Russia, which disrupted the 2018 Winter Games in South Korea with cyberattacks and planned similar attacks at the canceled 2020 Games in Tokyo, isn’t interested in embarrassing Beijing, an analysis from the cybersecurity analysis firm Recorded Future finds. The world’s other most troublesome cyber actors, Iran and North Korea, also “likely lack the motivation to launch disruptive cyberattacks against the … Olympics due to their close geopolitical relationships with China,” the report states. 

It could be a rare break from cyber tensions that are otherwise roiling the globe as the United States faces off with Russia over a possible invasion of Ukraine, accompanied by cyberattacks, and as Chinese hackers continue to ransack U.S. companies. 

It’s also a stark reminder of how the seemingly relentless barrage of cyberattacks in recent years, more often than not, can be traced back to a handful of countries’ national interests.

“None of this activity happens in a vacuum,” Jonathan Condra, director for strategic and persistent threats at Recorded Future, told me. “This all derives from nations’ desires to become preeminent against their adversaries. There’s a logic to it.”

Russia versus China

Russia and China, which are widely considered the United States’ most aggressive cyber foes, have generally allied against the West. They've steered clear of launching the sort of blockbuster cyberattacks against each other that they have against the United States and their regional adversaries. 

There is evidence, however, that the nations have conducted espionage-focused hacks against each other’s governments and companies. 

Russia attempted one of its most outrageous cyberattacks during the 2018 Olympics, U.S. officials have said. 

The attack came in response to the International Olympic Committee banning Russian teams from the Games for doping violations and hit hundreds of computers used by Olympic organizers. The hacks disrupted broadcast, prevented some attendees from printing tickets and very nearly upended the Opening Ceremonies, meant to convey unity among the competing nations. 

Russian hackers also leaked athletes’ drug test data before those Games, leading to Justice Department indictments in 2018. 

Russian military hackers were also spotted doing reconnaissance in preparation for a possible cyberattack against the 2020 Tokyo Olympics before the Games were postponed by the coronavirus pandemic, the United Kingdom’s top cyber agency has said. There’s no indication they resumed those operations at the Games, which were ultimately held in 2021. 

China's watching

The low chance of big destructive cyberattacks doesn’t mean the Olympics will be free from hacking

Officials from the United States and other governments are warning athletes to be wary of hacking and surveillance by Chinese authorities. In some cases, they’re urging them to bring burner phones designed for short-term use, rather than their personal electronics, to the Games. Here’s more from Axios’s Ashley Gold. 

The U.S. Olympic and Paralympic Committee told athletes in an advisory to “assume that every device and every communication, transaction, and online activity will be monitored,” and that there “should be no expectation of data security or privacy while operating in China.”

An app provided to athletes to log daily health data as part of the nation’s coronavirus management plan is riddled with glaring security problems, cybersecurity researchers at the Citizen Lab found.

Other bad actors

There’s also a high chance that nongovernmental hacking groups will try to make hay from the Games, Recorded Future found.

For example:

  • Criminal ransomware gangs may try to lock up computers used by teams or officials, taking advantage of the fact that they will be especially desperate to regain access to those computers.
  • Hacktivist groups that are critical of Chinese human rights abuses might try to hack and embarrass the Olympics’ corporate sponsors.
  • Criminal gangs are nearly guaranteed to use Olympics-related materials as lures in texts and emails to con people into giving up personal information or clicking questionable links that carry malicious software.

The keys

Ukraine sees renewed cyberattacks as Russia invasion fears mount, authorities say

Official email accounts belonging to Ukraine’s judiciary have been sending out legitimate-looking emails with attachments loaded with malicious software, Paul Sonne, Siobhán O’Grady and Amy Cheng report. If recipients open the attachments, the hackers can get backdoor access to their computer systems, said Ukraine’s Center for Strategic Communication and Information Security.

It’s unclear whether the hackers sending the emails gained access to some judiciary email accounts or to the entire email system, the center said.

The cyberattacks come as Russia continues to build up forces on its border with Ukraine. Top officials from the United States and Russia are likely to speak this week to try to defuse the situation, a top State Department official said. Ukrainian officials have said they believe Russia was responsible for recent cyberattacks that defaced and wiped government computer systems. Ukraine has been the site of brazen cyberattacks that have been blamed on Russia, including a 2015 attack on Ukraine’s power grid and NotPetya mock ransomware in June 2017 that targeted banks, energy firms, government officials and an airport and ultimately spread far outside the country.

The FBI and CIA reportedly purchased NSO Group’s spyware

U.S. government lawyers discussed for two years the legality of buying a new NSO system called “Phantom” that could hack U.S. phone numbers, before the FBI finally decided not to deploy the system last year, the New York Times Magazine’s Ronen Bergman and Mark Mazzetti report

The CIA also “arranged and paid for the government of Djibouti to acquire NSO's Pegasus spyware to assist the American ally in combating terrorism, despite long-standing concerns about human rights abuses there, including the persecution of journalists and the torture of government opponents,” they write.

An FBI spokeswoman told the Times that the law enforcement agency looks at new technology “not just to explore a potential legal use but also to combat crime and to protect both the American people and our civil liberties,” including by looking into “possible operational and security concerns they might pose in the wrong hands.” A spokesman for Djibouti’s government told the outlet that it never acquired or used Pegasus.

In other NSO news, Finland said its diplomats abroad were targeted by Pegasus. Finnish officials blamed the attack on a “state actor of some sort,” though they declined to blame any country in particular, the Associated Press’s Karl Ritter reports. “The espionage is no longer active,” Finland’s Foreign Ministry said.

NSO chief executive Shalev Hulio continued to defend the company in an interview with Israel’s Channel 12 television station, the Times of Israel reports. He called the U.S. government’s move to cut off NSO from U.S. technology sales an “outrage.” Hulio said he had “no doubt” the company would be removed from the blacklist.

Hackers breached a nonprofit that helps journalists boost their cyberdefenses

A recent investigation by the nonprofit Internews discovered that there was unauthorized access to its computer systems “between October 2015 and December 2021,” the group said

The personal information of about 10,000 people was exposed in the cyberattack, Internews told regulators. Its investigation didn’t find that hackers accessed or took the personal information, according to a letter it sent to potentially affected victims. The group declined to comment.

Internews has received dozens of U.S. government grants. The group works to assist journalists and human rights advocates worldwide by helping develop digital security tools, tracking cyberattacks, disseminating anti-censorship tools and countering misinformation and disinformation. Internews was an early sponsor of the Tor Project, which maintains anonymizing software that helps people in repressive nations evade government surveillance while browsing the Internet. The organization also works on other issues like boosting media literacy and helping journalists around the world cover health and environmental issues.

Securing the ballot

Cyber Ninjas CEO participates in contentious deposition, says he’s not ready to turn over audit records (Arizona Republic)

Campaigning to Oversee Elections, While Denying the Last One (New York Times)

‘This is nuts’: Senators debate giving Secretary of State election audit powers (Northeast Mississippi Daily Journal)

Global cyberspace

FEATURE-A year after Myanmar coup, growing surveillance threatens lives (Reuters)

National security watch

How I hacked my way to the top of DARPA’s hardware bug bounty (README)

Daybook

  • FBI Director Christopher A. Wray speaks at the Reagan Library today. 
  • The Brookings Institution hosts an event on ethical use of artificial intelligence today at 11 a.m.
  • BSidesTLV founder Keren Elazari discusses hacker cultures at a Strauss Center event on Thursday at 1:15 p.m.

Secure log off

“The radiator purrs all day.” Thanks for reading. See you tomorrow.

Loading...