Paris Olympics’ Cyber Team Braces for Onslaught From Hackers

(Bloomberg) — Last month, websites for a French film festival and the Grand Palais, a historic exhibition and museum complex in Paris, shut down after a cyberattack. Researchers tracked the episodes to a group of hacktivists affiliated with Russian intelligence and reported that the hackers described it as a training exercise.

Most Read from Bloomberg

“Judging by the consistency of the group’s statements, they intend to carry out large-scale attacks during the Summer Olympics in Paris,” researchers at the cybersecurity firm Cyble Inc. wrote in a report.

With the Summer Games set to open, organizers say they expect a flurry of additional cyberattacks. They have many reasons to worry. Russia, for one, is shut out of the Games. Geopolitical tensions in the Middle East and the South China Sea are running high, and cybercriminals continue to bombard corporate computer networks with hacking attempts.

A collection of government, private-sector and Olympic cybersecurity specialists have spent months preparing.

“No one can pretend to be 100% ready. At best you’re 99% ready and you want to look for the 1% where you’re not,” said Eric Greffier, business and technology director at Cisco Systems France, an official partner of the Games. “You know what you know, and unfortunately, you don’t know what you don’t know.”

The French government’s cybersecurity agency, known as ANSSI, has identified 500 companies, organizations and facilities critical to the functioning of the Summer Games, and it’s been working with them to audit their systems for potential cybersecurity flaws. They include local governments and operators in energy, transport and water management, where failure “could have an impact on one or several competitions of the Games,” according to an ANSSI spokesperson. The agency said it has a task force of 630 employees assigned to the Games.

They have US allies alongside them. Working out of a joint operations center are employees for the US Cybersecurity and Infrastructure Agency, known as CISA, sharing threat intelligence and working with critical sectors of the economies of both the US and France ahead of the Games, said Scott McConnell, a CISA spokesperson.

But cybersecurity experts worry that non-traditional targets — companies or organizations with less-scrutinized protections than more obvious marks — will also be in hackers’ sights.

“I believe the most valuable targets will be sufficiently protected,” said Fanch Francis, chief executive officer of the French company NANO Corp. “I do have doubts about soft targets like hotels and restaurants, or other support facilities.”

Hackers have previously targeted the Olympics, in addition to affiliated organizations such as anti-doping agencies. At the 2018 Winter Games in South Korea, for instance, hackers crippled the online ticketing system and cut Wi-Fi at the stadium during the Opening Ceremony – attacks that the US later blamed on members of Russian intelligence.

In 2019, Microsoft Corp. said Russian state actors hacked the computer networks of over a dozen national and international anti-doping organizations. The attacks came as the World Anti-Doping Agency was set to mete out more penalties for Russia, after the failed drug tests of Russian athletes competing in the Sochi 2014 Winter Olympics had been erased from a critical data set.

This time around, Russia is banned for breaching the Olympic charter by including sports organizations inside Ukraine as its own. Russian athletes can participate in Paris as “neutral” athletes if they meet certain conditions.

“There’s already this extensive history, and that all predates Ukraine,” said John Hultquist, chief analyst at Mandiant Intelligence, referring to the ongoing war with Russia. “The ingredients are all there, the situation’s actually more volatile than it was in the previous circumstances.” A representative for the Russian Embassy in Washington didn’t respond to a request for comment.

Cybersecurity officials in Paris declined to detail the range of the attacks that they have already encountered. Some recent attacks on France or related to the Games have become public.

For instance, the X account of France’s sports minister was hacked in May and her profile picture was changed before the account was restored, according to French media reports. In June, scammers set up fake ticketing websites intended to defraud spectators, but they were discovered and removed, cybersecurity firm Intel 471 reported.

Suspicious social media accounts, meanwhile, are trying to sway public opinion about the Games.

In June, Microsoft Corp. reported that a pro-Russian propaganda effort was using artificial intelligence to suggest that violence is likely to occur at the Paris Games. Elsewhere, social media posts that originated on Russian language platforms and were migrated to more mainstream outlets claimed the Olympics would be canceled due to threats of terrorism or civil war in France, said Sarah Boutboul, an intelligence analyst for Blackbird AI in France. Propelled by Russian influencers and bots, the posts received tens of thousands of likes and were shared nearly 15,000 times, she said.

In a recent interview, Jeremy Couture, who runs the cybersecurity operations center as part of the Paris 2024 organizing committee, said he sought advice from those responsible for protecting other major events, including the Rugby World Cup and the Super Bowl, to prepare.

“I told them I was organizing 40 Super Bowls,” Couture said, referring to his meetings with National Football League officials. He said he’s been honing back-up plans to build resiliency should a cyberattack occur.

“It’s being able to react to the worst and still deliver and to ensure in our case that the competitions will still go on and that’s really what we want to achieve,” he said.

–With assistance from Benoit Berthelot.