Hurdling the Olympic hacker threat
Rob Rachwald examines the hype surrounding the Olympic cyberthreat
During the Beijing Olympics it has been reported that there were 12 million cybersecurity incidents per day. Hacking has evolved tremendously since Beijing four years ago, especially in the area of automated attacks. And then there was the birth of Anonymous.
The Olympic Games super-concentrates people and commerce. This makes a very attractive target for hackers, whether seeking profits or trying to make a political statement. This will be the first Olympics where hacktivists such as Anonymous may make their presence felt. So what does this bode for London 2012?
The Games will prove a major test of cybersecurity for both government and private industry. The government and security services are braced for millions of cybersecurity incidents, and a special security unit has been set up to monitor such activity.
But the word did not appear to go out in advance. A guide produced by the Cabinet Office entitled Preparing your Business for the Games did not even mention cybersecurity.
There is a risk of data theft. Hackers have previously exposed credit card information and other sensitive data such as email addresses. They have also intercepted and published embarrassing communications.
DDoS attacks may be used in attempts to bring down websites. This can either prevent essential functions being carried out or simply embarrass companies and public organisations.
In 2008, Chinese hackers are reported to have hacked and defaced a CNN website, claiming it was in response to what they believed were biased reports of protests during the Olympic torch relay.
Consumers certainly need to be alert. They need to watch out for bogus websites and phishing scams. Such scams may appear to offer anything from hotel rooms to Olympics tickets and may well incorporate malware designed to steal credit card numbers or other sensitive information.
In fact, by the end of 2011 detectives from the UK's cybercrime unit had already identified and shut down about 2,000 sites set up by criminals with the Games in mind.
Consumers may be easy targets, but businesses can reap larger rewards for hackers, not least because many sit on databases full of financial information such as bank account or credit card numbers, along with the associated personal details.
While Dick Turpin may have been consigned to history books, a new breed of highwayman is very much alive. Increasingly, with so many businesses reliant on the internet, high-profile companies involved with the Games could find themselves victims of cyberextortion.
Demonstrations against Chinese human rights policies threatened to overshadow the last Olympics, and the UK has its fair share of enemies both abroad and domestically. Hacktivists are therefore expected to use the Games to vent their frustration.
The channel may need to pay special attention to the risk to customers. Consumers may be best advised to avoid the internet for a little while.
The key issue is that hackers by definition are innovators and early adopters. For this reason, many of the traditional technologies we rely on today are no longer effective. For example, antivirus and network firewalls are largely ineffective against today's cyberthreats.
Instead, business and government should refocus spend on protecting data and the applications that transact and access sensitive data. The vast majority of tools companies are buying are focused on detecting malware on a device or PC, finding viruses or stopping bad guys from penetrating their network.
For this to succeed by itself, you need an accuracy level of 100 per cent. If one mouse gets through or over your walls, the cheese is gone. Do enterprises have the confidence that the tools they are deploying give them the appropriate visibility to cope?
Rob Rachwald is director of security strategy at Imperva