Anson's Random Dumps #6

I started writing this entry right at midnight, but by the time I post this, it’s probably morning already. I just couldn’t think of anything good to write.

Anyways, some of my friends are struggling to write up an essay. Since I have nothing better to write, I might as well do my own take on the subject. Maybe I’ma get better at academic writing too. Then let’s wait no further and cue the boring academic tone:

The Summer Olympic Games, usually referred to as the Olympics, is a quadrennial worldwide sports event. Such event is inevitable to receive global attention, where enthusiasts around the world travel to the host city to witness elite-level championships.

Consequently, coupled with the advent of the Digital Age, the Olympics is inevitably subject to a number of threats. In this essay, these threats, specifically for the Tokyo 2020 Summer Olympics, will be discussed.

First and foremost, ticket scams, fraudulently claiming to sell tickets to audiences of the Olympics, have been prominent in previous Olympic Games, and had continued to pose a threat to the 2020 Olympics. Scammers attempt to use various methods, such as domain spoofing and social engineering, to obtain a victim’s personal information, including but not limited to, credentials, credit card information, address, bank information, for malicious purposes. They might then use those credentials to send emails, or messages to the victims’ friends and family, in order to try to make more people fall victim to the scam. However, it must be noted that due to the COVID-19 pandemic, the Tokyo 2020 Summer Olympics was delayed until 2021, and made into a private event. Compounded with the discouragement of international travel under the pandemic, this type of scam was likely harder to trick spectators, and likely has resulted in a lesser impact and lower success rate.

Secondly, particularly during the ceremonies, the Olympics is a common target for attackers, who aim to disrupt the event. Methods such as DoS (Denial-of-service) had been likely to occur, and could affect media livestreams, causing inconveniences to Olympic spectators globally. Implications for these attacks vary, from dissatisfaction on governments or the International Olympic Committee (IOC), to simple fun-seeking. Nevertheless, such attacks, in a big enough scale, could throttle an entire city’s operation.

Other countries might also attack the Tokyo 2020 Summer Olympics, due to a variety of diplomatic reasons. Russia, for example, had have their national anthem banned from Olympic 2020. As a result, Russia-backed hackers, might target the 2020 Olympics. State-backed hacker groups are more skillful than individual hackers, thus poses a bigger threat. Other potential threat-actors include, but are not limited to China and North Korea. These countries also possess elite hacker groups, and have the ability to cause large-scale outages worldwide. As such, the threat must not be ignored.

Despite the arrangements of the Tokyo 2020 Summer Olympics, the Games has still resulted in a large influx of foreign tourists to the host city. Malicious actors could cease the opportunity and set up Wi-Fi networks across Tokyo, targeting unsuspecting travelers. Then, these networks may lead to poisoned DNS Servers, which point users to attackers’ versions of websites. If one doesn’t configure their own DNS servers to use (and instead uses the default), then they might unknowingly have provided their credentials, which will be used for malicious purposes. They might also perform man-in-the-middle attacks, in an attempt to steal one’s credentials.

It is practice for the IOC to provide an Olympics smartphone app to the general public, giving detailed information on the schedules of events, placings, etc. Malicious actors may disguise their smartphone apps to be this app, to lure unsuspecting spectators into downloading it. Once downloaded, the app could guide users into installing a network certificate on their phones, which would enable actors to monitor users’ network traffic, compromising their security and privacy. The app could also act as a rootkit, giving malicious actors privileged access to the users’ smartphones. Malicious actors could then proceed to obtain their credentials for malicious purposes.

A myriad of methods are available, to minimize the impact brought forth by these threats. Most victims of attacks and scams often practice poor operational security (OPSEC). Governments may educate people to avoid scams with the use of certain principles, such as, “if it’s too good to be true, it’s most likely a scam”. They can also educate them to not use public Wi-Fi for important affairs like online banking, in order to minimize the damage done by a man-in-the-middle attack. Also, one should check the SSL certificate of a domain to see if it’s valid. Domain spoofing could be easily be eliminated by erasing the root domain and re-entering it. This removes the possibility of spoofing with Unicode look-alike characters (such as the Latin and Cyrillic “a”, which look identical). To minimize the impact of DDoS attacks, servers shall be de-centralized, making it difficult to attack all server sites at once. It should be noted, though, that it is impossible to prevent DDoS attacks, and that some amount of damage is bound to be received.

In conclusion, a variety of cybersecurity threats are present for a world-class sporting event – the Summer Olympic Games. If authorities prepare in advance, and the public is educated, then the risks will be minimized.

Lol this was fun but it’s 5am now I better go to sleep.

Anson