Cyber attack that occurred on the opening day of Pyeongchang Winter Olympics was found out to be a ransomware that destroys servers and had gone through meticulous preparation. A hacker or hackers that were responsible for this attack found out every usernames and passwords of 44 servers and carried out the attack.
Although there were times in the past when there were cyber attacks that paralyzed web services such as DDoS (Distributed Denial of Service) on past Olympics, this is the first time when destructive cyber attack paralyzed systems by preventing servers from booting. Some question if this attack was an act of a hacking group that was supported by a country.
While PyeongChang Organizing Committee for the 2018 Olympic & Paralympic Winter Games (POCOG) gave a gag order regarding cyber attacks until the last day of Pyeongchang Winter Olympics, Cisco’s Threat Intelligence Analysis Team called Talos made its results on analysis of malicious code that was used as part of the cyber attack that occurred on the opening day public.
Talos concluded that this malicious code was a destructive malicious code that was implemented to prevent matches. This malicious code is similar to characteristics of malicious codes such as Bad Rabbit and Petya that attacked European countries last year. Talos announced that responsible hackers gathered many information regarding Pyeongchang Winter Olympics. Responsible hackers found out every username, domain name, server name, and password that are related to Pyeongchang Winter Olympics and prepare this attack meticulously.
Hackers store accounts of servers and infected them with malicious codes. Hackers used technologies that made restoration of infected systems and analysis difficult. Talos explained that main purpose of these malicious codes was to destroy main hosts and make computer systems to offline state.
Talos explained that hackers were trying to make POCOG confused due to the fact that the cyber attack occurred on the opening day. Due to stoppage of services and paralysis of websites related to Pyeongchang Olympics, people could not print tickets and others. IPTV was also paralyzed due to stoppage of Wi-Fi service.
Talos focused on the fact that hackers used user credentials, which were hard-coded inside of corresponding malicious codes. Possibility of damaged infrastructures that might have tried to allow corresponding user credentials from entering cannot be dismissed either. Talso explained that route of transmission of malicious codes and names of responsible hackers were not revealed.
“Degree of this attack is the highest out of every attack that occurred on past Olympics.” said a security expert. “These malicious codes are also uncommon malicious codes and they used many sneaky tactics.” This expert also added that there were not any setbacks to any events as ___ handled the situation as soon as it happened and that POCOG cannot relax until the last day of Pyeongchang Olympics.”
When this cyber attack occurred, POCOG closed off internal servers that are connected to computer network. Homepage of Pyeongchang Olympics, which had gone through continuous errors due to interruption, was restored at 8 A.M.of the 10th. “After discussing with IOC (International Olympic Committee), we have decided not to disclose routes of this cyber attack.” said a representative for POCOG. “We put emphasis on security of players and Olympics.” said Mark Adams who is a spokesperson for IOC. “It is important to maintain security of systems related to Olympics and it is undesirable to make information that was exposed public.” IOC is planning to announce its information as a report at an appropriate time after careful analysis.
Level of cyber threats was very high even before Pyeongchang Olympics started. Some even suggested that Russia, which cannot participate in Pyeongchang Olympics due to doping stir, might be behind this cyber attack.
Staff Reporter Kim, Insoon | insoon@etnews.com