The Winter Olympics have officially come to a close. There have been heartwarming headlines of athletes overcoming adversity, upsets, dominant performances, and countless clips of the mascot Bing Dwen Dwen throughout the past two weeks. The headline that cyber professionals are waiting for a yet to arrive.
In the weeks leading up to the opening of the Olympic Games athletes were required to install the My2022 app to track their health. The app is supposed to track Covid-19 and monitor the health of those staying in Olympic Village. The Federal Bureau of Investigation advised using burner phones and laptops for the app’s installation in hopes of protecting information. With close to 16,000 athletes, trainers, coaches, and journalists all leaving Beijing, China, the FBI fears that those who have installed the app may be returning with Malware infected devices[1].
China along with Russia are two nations frequently associated with backing cyber espionage activities that blur the line between espionage and criminal activity. Statements from the Mandiant Cybersecurity Firm support that there have been no signs of malicious activity by Olympic associated parties, but in Cybersecurity, data breaches and security incidents are often not discovered for weeks, months, or even years after targets are initially compromised.
Security concerns about the use of information collected by the My2022 app have been raised. Athletes from all nations were warned that all of their online activity will likely be monitored. It is not likely that China has any interest in specific athletes, rather they are collecting data and storing it on the off chance that an athlete from the games becomes a politician or influential leader in the future.
Athletes from both the United States and Canada made use of Virtual Private Networks (VPNs) to bypass China’s Great Firewall, which is used to censor internet usage. Among the sites that are blocked by the Great Firewall are Netflix, YouTube, Instagram, Google, and Wikipedia. Many athletes went without streaming shows or posting pictures, but others, like Canadian snowboarder Laurie Blouin was vocal about using here phone throughout the games, telling ABC, “I’m on my phone for sure. I think we’re all on our phones.” Those who attended the games have been advised to change personal account passwords and to monitor access to accounts.[2]
Cybersecurity professionals will surely have their ears to the ground for news surrounding the initial security concerns. It will be interesting to see whether the Olympics continue to make headlines after the games have closed.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.industryleadersmagazine.com/cybersecurity-worries-plague-beijing-olympics-returnees/
[2] https://abcnews.go.com/Business/wireStory/olympics-cybersecurity-worries-linger-background-83021033
Comments