Faster, Higher, Stronger—Olympic Security Risks
The 2012 Summer Olympic Games in London, England (July 27 to August 12) will mark the third time the city has hosted this event. When previous London Olympics were held in 1908 and 1948, cyberattacks weren't even the stuff of science fiction. This time around, they are a real concern. Hackers are already taking advantage of the huge explosion in search engine requests, ticket sales, online streaming, and social media postings that will occur as a result of this 17-day sports event.
The 2008 Beijing Olympics were the target of about 12 million cybersecurity incidents per day. In February, we blogged about Olympic ticket scams associated with the 2012 London games, but that was only the beginning. Ticket scams are a major security concern due to the money involved; four years ago, tickets to the Beijing Opening Ceremony were sold on the black market for $26,000 each.
The U.K. government is preparing for all kinds of attacks, from actual terrorism to computer threats. Cabinet Office minister Francis Maude said, "We have rightly been preparing for some time--a dedicated unit will help guard the London Olympics against cyberattacks. We are determined to have a safe and secure Games." He added that an essential element of security is keeping updated on emerging threats: "Our responses have to be fast and flexible. What works one day is unlikely to work a matter of months or even weeks later."
The event has been called "the first social Olympics," and organizers anticipate social media will be more important than ever, which means online security is more of a concern than ever. Records will be broken not only on the track and in pools, but also in internet traffic. Ofcom, the U.K. telecom regulator, anticipates the wireless spectrum demand to double in London during the games. Websense® will help administrators control bandwidth consumption by using our Advanced Classification Engine™ (ACE) to classify streaming media and internet video from the Olympics into the Special Eventscategory.
Games organizers have set up an Olympic Athletes' Hub to encourage connection among competitors and fans, but at the same time, have imposed some very strict limits on how they can use social media. We first heard back in January from a friend who is one of the 70,000 Games Makers volunteers that she and her colleagues were warned their social media usemight compromise the reputation and security of the event.
Ticket purchasers are also being told that they may not "license, broadcast or publish video and/or sound recordings, including on social networking websites and the internet more generally, and may not exploit images, video and/or sound recordings for commercial purposes under any circumstances, whether on the internet or otherwise, or make them available to third parties for commercial purposes."
Whether any of this will or even can be enforced remains to be seen. The official IOC guidelines apply (in theory) only to "participants and other accredited persons," but there is a great deal of confusion and concern about what can and can't be shared, and by whom. U.K. legal consultant Rachel Boothroyd provides a useful overview, guidelines, and summaryprimarily for social media professionals.
Anyone can be targeted by email scams abusing the "London 2012" name, claiming the recipient has won tickets or a large amount of money from a nonexistent "Olympics lottery." The recipient is given a claim number and told to contact a claim agent—and of course, advised to keep the information confidential until the prize is claimed, to avoid spreading the word about the scam. As we have seen in many previous email scams, victims are told they have to make some kind of payment to claim their prize. An official lottery will pay you right away and will not require payment to release your winnings. Email scams often give themselves away through poor use of English, misspellings, U.K. phone numbers starting with 070, and personal email accounts like Gmail or Hotmail accounts.
Common sense may keep you safe in most situations, but hackers and spammers are quickly coming up with new ideas on how to attract and take advantage of new victims.
Websense is protecting our customers from scams and other security problems by ACE, our Advanced Classification Engine.