The Olympics attract sports fans from around the world as much as the most militant cyber criminals. However, not all of them are put in one basket and we can distinguish three types of cyber criminals: activists, hackers and criminals.
At the Stade de France, where lightning bolts are fired at smartphones in front of hundreds of millions of spectators, a cyberattack wins the final of the premier event of the 32nd modern Olympic Games. Cataclysms. A purely hypothetical crisis situation, this scenario is not impossible. Just amazing.
Because if the defense protocols against such threats have become more perfect, the attacks are also becoming more sophisticated, that is, more dangerous. To the point of transcending the strict confines of digital technology and invading our real world…
Cyber attack: time to step up?
When it comes to cybersecurity, there is no such thing as zero risk. Partly because of the human element at the core of any security protocol. And the point is essentially there: the majority of successful computer attacks today are thanks to (or because of) a process of social engineering. In other words: through the manipulation that a person successfully exerts on another person.
Moreover, information systems are so pervasive that even when an attack is limited to the IT sphere of action, its impact goes far beyond its boundaries. Errors relaying to stadium screens, problems identifying RFID chips or printing tickets for the opening ceremony 2018 Pyeongchang Olympics witness it.
The disclosure of personal data of volunteers or spectators at the 2022 Japan Olympics shows that cybercrime is no longer limited to the destruction of data or ransomware that is usually associated with it in the news, but also refers to great creativity, infinity intruding into ever finer zones.
This is what in the sports world we call overshooting.
High level without Olympism
These confrontations, at the end of which a winner and a loser remain on the field, make cybersecurity akin to a high-level sport. For the attacker, it is about triumphing over the opponent by any means necessary. And for that, overcoming a cyber attack requires very advanced training to understand all the techniques and tricks of the opponent, but also muscles to take attacks without breaking, good coaches to advance, impeccable technique to know where to place the right defense and where to deliver saves, sense of anticipating opponent’s movements, resistance to pressure so as not to break at the worst moment, etc.
In terms of cyberattacks and cybersecurity, if competition rages to win or avoid defeat, the fair play that generally characterizes Olympism is singularly absent. It is a very special sport without a podium or a medal, without cameras or referees or even an audience, a sport that has nothing like a game, where rules are absent, where the field is constantly changing, where the symmetry of chance that guides the beginning of every sporting encounter never is also considered where all shots are allowed to defeat the opponent.
Like a hyper-technological ninja, this faceless attacker that is the cybercriminal always evolves in stealth mode. Result: he is suddenly very close, without being seen to approach, in a strong position to bypass the defensive lines and execute his plan of action. In this combat sport even more than others, letting the enemy close is usually fatal and you are knocked out very quickly.
Universal, for better or for worse
The object of all eyes, of all attention, an emblem of Western civilization and a crossroads of colossal financial flows, the Olympic Games are the universal event by definition…
They attract sports fans from around the world as much as the most aggressive cybercriminals. However, they are not all put in one basket and we can distinguish three types of cybercriminals: activists, hackers and criminals.
Where the former defend a cause by attacking an opponent (and therefore seek maximum visibility), the latter attack a system to prove they can overcome it, while the third aim to enrich themselves on the backs of their victim.
These three typologies are porous and often intertwine. They often follow the same process of action and generally require the same response and the same defense systems. In this case, they all have one additional thing in common: they all have, in one way or another, a reason to exist for an event on the scale of the Olympic Games.
They are therefore an ideal playground for those who want to enrich themselves, prove their competence or defend a social, political or moral cause. This idea of a field where one can demonstrate one’s talent or ability, or even one’s strength, still creates a remarkable symmetry with every sporting discipline represented under the auspices of the rings…
But the main difference is that a cyberattack has nothing to do with ethics, nor with fair play: just as it ignores nations, it feeds on all the weaknesses of its target. It defines a new frontier, which is no longer a division between nations, but a distinction between aggressors and attacked, not to say between aggressors and attacked. Thus following the influence of a form of harmful technological universalism, representative of both the identity of the Olympic Games in its scale and its exact opposite in its moral dimension.