“The alert is crimson red.” This is the typical reaction of a cybersecurity specialist interviewed on the eve of the Paris Summer Olympics. First, because the danger continues to grow from edition to edition. No fewer than 200 million threats were recorded in London in 2012. Some 500 million in Rio four years later. Then around 4 billion in Tokyo in 2021 – as a reminder, the Covid crisis led to the Games being postponed by a year. The French capital is promised a biblical flood in the summer of 2024: “ten times more” alerts than in Japan, fears the Organizing Committee of the Olympic Games, Cojo. Each of them can, ultimately, affect the venues, ticketing, why not break down the air conditioning in an athlete’s room before a decisive event or a referee’s clock. The main risk categories have been identified: sabotage, data leaks, image damage and fraud.
“Technology is everywhere,” explained Paris 2024’s deputy director for information systems security, Franz Regul, at the end of November during a press briefing. Telephones, computers, connected objects, Wi-Fi networks… Potential vulnerabilities are found as easily as oxygen in the air. The cyber threat is getting more and more sneaky: from denial of service (DDoS) attacks that can take down a website in seconds, to ransomware that blocks access to data for a sum of money. Always more sophisticated, too. Certain hacker groups, the APT, are notoriously financed by states such as Russia or China.
And then there is the charged geopolitical context: the conflict in the Middle East, the war in Ukraine… The Olympics are the most followed international sporting event in the world. The opportunity to make your message heard, or to denigrate the host country. “The image created by these Games will be associated with that of the country,” emphasizes Franz Regul.
The Olympiad Destroyer
But should we lose our minds in the face of these figures? “They are deceptive. It is actually easy to obtain 10 billion, or even 50 billion threats, since bots – or robots – can alone generate several million attacks simultaneously. But not all are equal,” says Karim Benslimane, head of the company DarkTrace, specializing in the cyber security of major sporting events. Most are processed automatically by tools powered by artificial intelligence. Still, the probability that a single one could achieve its goal, and truly disrupt the Games, remains significant. “One bullet is enough,” summarizes Karim Benslimane.
The cyber “Waterloo” of the Olympics is still fresh in everyone’s minds. On February 9, 2018, in Pyeongchang, South Korea, a few minutes before the opening ceremony of these Winter Games, the program Olympic Destroyer [destructeur d’olympiades], enters the track. Suddenly, the networks become unstable, the official Games application no longer responds, as do certain stadium security gates. Panic on board. Nobody saw it coming. “The intrusion into the systems had begun, in silence, three years ago…”, breathes Karim Benslimane. Dizzy.
Cojo started its cyber preparation five years ago… just after Pyeongchang. “Team recruitment was carried out earlier than previous editions,” indicates the Parisian cyber organization. In the intelligence services, the state of mind flirts with paranoia. “The question is not whether the event will be attacked but when and how. […] It is plausible that one or more information systems contributing to the organization of the Paris 2024 Olympic Games are already compromised and ultimately make it possible to launch a potentially coordinated attack on several sites”, said before the summer a note from the command of the gendarmerie in cyberspace, unearthed by BFMTV. Pirates are always one step ahead. A recent example: despite the attention paid to the Rugby World Cup, organized this fall in France, the French Federation was hit by powerful ransomware two months before the opening of the competition.
“Digital solidarity”
To its credit, the Cojo did not skimp on the means to strengthen its system. At the end of 2022, the budget dedicated to cybersecurity was extended by 10 million euros. The American Cisco and the French Atos, traditional partners of the Games, together oversee the systems, accompanied by the very serious policeman of French cybersecurity, Anssi. Several dozen people will be gathered during the Games in the TOC, the Technological Operations Center, a real cyber HQ. Now it’s time for “refining”. “Like any athlete who participates in the Games, we are putting ourselves in condition to be ready on the big day. We will launch a major program of tests and exercises to continue to improve our controls, our policies and our procedures, and strengthen cyber -resilience of the Paris 2024 systems”, we warn Cojo. On the menu: “bug bounty” – hunting for flaws – and other “ethical” hacks. The Yes We Hack platform will be responsible for testing the limits of the Games’ cyber system. “We use the same techniques as the bad guys,” explains Guillaume Vassault-Houlière, its CEO, rather confident as the Games approach: “We are one of the most mature countries in the world in terms of cyber. human expertise.”
Karim Benslimane nevertheless calls not to let down our guard. “There are almost 70 Olympic sites and none at the same level of cyber preparation. The attackers will not break their teeth on the best fortresses.” Finally, be careful not to underestimate the strike force of the latter, who can attack anywhere. Hospitals, stations and transport, regularly targeted, will be just as strategic during the Games. “To cause trouble and annoy the country, there is no need to target Cojo,” judges the boss of DarkTrace. Ransomware enthusiasts could use the event to put even more pressure on their targets and collect more money. The organizers are well aware of this. “We also have a broader strategy mobilizing cybersecurity players in the French economic fabric. “Digital solidarity”, to be stronger and more secure together,” they detail. Without wanting to panic, the message is clear: no one will be safe.
.