• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Malware
  • Security
  • Cyber security at large sporting events

Cyber security at large sporting events

Pierluigi Paganini July 15, 2012

Article published on The Malta Indipendent

by Ron Kelson, Pierluigi Paganini, David Pace

The London 2012 Olympics will bring together 10,500 athletes, diplomats, politicians, business leaders and millions of spectators from all over the world. Behind the scenes there is an immense effort being made to ensure the security and well-being of everyone participating, in any capacity, in this grand event. This article gives an inside-look into the thinking, business processes and security controls put in place to manage the risks in large sporting events. Many, but not all, of these principles and techniques can also be effectively applied by any business or organisation.

The basic process in preparing and securing any (business) system is:

  • Identify the actors and motivations for attacks.
  • Identify and assess the threats.
  • Identify the attack surface including people, places, things and intangible items such as revenue, reputation and stakeholder well-being that we seek to protect.
  • Identify risks, potential failures and their effects.
  • Identify and prioritise the key risks areas to be addressed.
  • Mitigate the most important risks through various controls and adjustments.
  • Evaluate the effectiveness of our activities to secure the system.
  • Understand the residual risks.
  • Actively manage events during execution of the event(s).

Identifying the actors and motivations for attacks

Large prestigious sporting events represent a highly desirable target for terrorist and cyber criminals. These events attract a considerable number of athletes, and millions of spectators, who occupy confined places for a short period of time. The presence of major press agencies from around the world bring significant international visibility to these events. For politically motivated terrorists, there is the opportunity to cause violent disruption, which could severely injure many people and undermine confidence in the host country. For financially motivated cyber-criminals there is the opportunity to profit by attacking the personal and financial information of participants.

Identifying, characterising and assessing the threats

In the 2008 Beijing Olympics games, over 12 million cyber attacks per day, of varying types and lethality, were detected. Attacks range from denial of service attacks, propagation of viruses and malware, to highly targeted attacks against critical systems. Many, if not most, of these attacks were successfully defended in 2008. However, in the last four years, cyberspace and the related cyber threats have significantly evolved, increasing in sheer number, stealth, diversity, and capability for damage.

Identifying the attack surface

A sporting competition must be considered in its entirety, as a monolithic system that is endowed with a series of access ports and exits. The inside of that system is composed of many people and devices exchanging huge quantities of data and are cooperating to achieve a common objective. In addition to this, we must consider the event as a “system of systems”. This includes third party web-servers, email servers, the millions of personal computer systems remotely participating, and so on.

In the design of sporting events, every element is analysed in detail, the data it manages defined, the functions offered articulated, and the dependencies between various systems and services well understood.

Identify and prioritise the key risks areas

The principal services that must be protected during an event are: 1) telecommunications, 2) internal financial services such as point of sale, 3) third party financial services such as online credit card transaction systems, 4) marketing and business communications, 5) public and private transportation, 6) organisational logistics, 7) public works, 8) public health and safety, 9) surveillance and reconnaissance, 10) policing services, and 11) military defence. Each of these services produce and process large amounts of data. 12) The security of social networks and other online websites the sporting event advertises and promotes its activities on, 13) the security of web-browsers and computers used by visitors to the event’s websites, and 14) the identification and control of email scams and scam websites which attack those interested in the sporting event.

This last point (#14) is particularly interesting. Important sporting events are promoted on the Internet, with the publication of millions of images, videos, which lead to viral recommendations. This presents a unique opportunity to exponentially increase the spread of malware in social networks and other Internet mediums. For example, Kaspersky’s experts have warned Internet users to be on their guard against cyber criminals using the Olympics to start marketing fake tickets and merchandise websites, phishing scams and DDoS attacks. Furthermore, foreign governments or large cyber-criminal organisations could use this opening as an opportunity to infiltrate a large number of computer systems to launch attacks completely unrelated to the sporting event itself.

Identify and prioritise the most important risks to be addressed

It is clearly impossible to address all risks. However the highest risks in each category are addressed in a systematic way to protect the sporting event itself, and the participants / stakeholders involved.

Mitigate the most important risks through various controls and adjustments

There are a wide range of tactics, processes and technologies that are used to protect the different elements of a sporting event.

Consider the internal networks that are the backbone of the sporting organisation. A good cyber defence strategy must protect that network from external attacks as well as internal attacks. Rigid policies must address every vulnerability and attack vector that could compromise that network, such as attacks through mobile devices and USB memory sticks. Possible attacks against the internal network backbone include targeted viruses designed to compromise the operations of critical sporting services.

To further reduce risks, different types of unrelated systems are isolated from each other. Gerry Pennell, chief information officer for London 2012, said that a key principle to ensure the security of the sporting event is to “keep mission-critical games systems quite isolated from anything web-facing. So very much partitioned and separated, thus making it hard for an external attack to succeed”.

Unfortunately, today one cannot rely on any computing or communication systems being secure, or the controls being perfect. To this end, event monitoring systems are used to track the (mis)behaviour of all systems, including collecting metrics such as network usage, number of completed transactions, suspicious transactions, and so on.

This type of monitoring occurs not just within the organisation, but also outside it. For example, starting several months before the events, law enforcement and security agencies monitor the web, especially social networks and forums, to identify any suspect activities that could be related to the organisation of an attack. Governments see this phase as really important because it may be possible to detect and neutralise a group of terrorists or hacktivists that are planning an action during the events.

One of the most effective ways to manage successful attacks and intrusions against specific components is to adopt hybrid techniques in the same system. For example, facial recognition systems and cryptographic cards for storing the digital identity of participants and organisers are just some of the overlapping security controls implemented during an event.

For critical services the sporting event must also assume that a successful compromise is possible, even after aggressive security controls have been put in place. To address this, backup systems, redundancy, and even diversity, are used to provide a secondary network backbone (redundancy) from components from a different vendor (diversity). For example, creating a wired network using one product from one vendor, and creating a wireless network using a different product from an entirely different vendor is done to try and avoid the same vulnerability being present (and thus exploitable) in both networks.

Evaluate the effectiveness of our activities to secure the system

Testing and monitoring are main priorities for the organisers of the event. The impact of simulated external and internal attacks against a typical workload of the network must be studied so we know what to look to detect real attacks. As regards the forthcoming London Olympics, each component of the IT infrastructure has been stressed in the period from March to May, simulating cyber attacks, and registering the response to the offences. The organisation said that a team of about 100 specialists will try to compromise the systems. Patrick Adiba from Atos, the Olympics IT supplier, told the BBC: “We are using a simulation system so it doesn’t really matter if we corrupt the data. We simulate the effect and see how people react.”

Residual risks

The unpredictable is always a constant companion in all endeavours, particularly large complex ones. To manage the unknown, the sporting organisation must be adequately equipped and staffed to meet any sudden unanticipated need rapidly. There must be a modest amount of human over-resourcing available to manage peak situations without compromising other activities.

Actively managing the event

Installing security controls and performing penetration testing are clearly critical steps. However, security is not achieved just by installing good security controls. Security is a process that must be actively managed long after initial preparations are completed.

This is best described in the Observation, Orientation, Decision and Action (OODA) loop. Event monitoring systems must be operational to observe the actual activity of all systems participating in the event. Analysis must be performed by security experts, with advanced technologies, in real-time to orientate themselves to any abnormalities and suspicious activities that could indicate an attack is in progress. If the experts determine there is a problem, a line of action must be decided on, and action taken to address that concern.

The security of a sporting event is extremely complex because of its sheer scale and the multitude of contributing factors. Due to the excellent work of private and public security organisations, previous Olympic events have been highly successful. Many of these winning processes and techniques can also be employed by medium to large organisations to protect the legitimate interests and well being of all stakeholders.

 

Sig. Paganini, Security Specialist CISO Bit4ID Srl, is a CEH Certified Ethical Hacker, EC Council and Founder of Security Affairs (http://securityaffairs.co/wordpress)

Ron Kelson is Vice Chair of the ICT Gozo Malta Project and CEO of Synaptic Laboratories Limited.

ICT Gozo Malta is a joint collaboration between the Gozo Business Chamber and Synaptic Labs, part funded in 2011 by the Malta Government, Ministry for Gozo, Eco Gozo Project, and a prize winner in the 2012 Malta Government National Enterprise Innovation Awards. www.ictgozomalta.eu links to free cyber awareness resources for all age groups. To promote Maltese ICT, we encourage all ICT professionals to register on the ICT GM Skills Register and keep aware of developments, both in Cybersecurity and other ICT R&D initiatives in Malta and Gozo. For further details contact David Pace at dave.pace@ictgozomalta.eu .


facebook linkedin twitter

cyber criminals DDoS malware monitoring security sporting events terrorist

you might also like

Pierluigi Paganini July 04, 2025
Critical Sudo bugs expose major Linux distros to local Root exploits
Read more
Pierluigi Paganini July 04, 2025
A flaw in Catwatchful spyware exposed logins of +62,000 users
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Critical Sudo bugs expose major Linux distros to local Root exploits

    Security / July 04, 2025

    Google fined $314M for misusing idle Android users' data

    Laws and regulations / July 04, 2025

    A flaw in Catwatchful spyware exposed logins of +62,000 users

    Malware / July 04, 2025

    China-linked group Houken hit French organizations using zero-days

    APT / July 03, 2025

    Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

    Data Breach / July 03, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT