There are a lot:
The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof that this is a North Korean operation. The victim organizations include ice hockey teams, ski suppliers, ski resorts, tourist organizations in Pyeongchang, and departments organizing the Pyeongchang Olympics.
Meanwhile, a Russia-linked cyber attack has already stolen and leaked documents from other Olympic organizations. The so-called Fancy Bear group, or APT28, began its operations in late 2017— according to Trend Micro and Threat Connect, two private cybersecurity firms—eventually publishing documents in 2018 outlining the political tensions between IOC officials and World Anti-Doping Agency (WADA) officials who are policing Olympic athletes. It also released documents specifying exceptions to anti-doping regulations granted to specific athletes (for instance, one athlete was given an exception because of his asthma medication). The most recent Fancy Bear leak exposed details about a Canadian pole vaulter’s positive results for cocaine. This group has targeted WADA in the past, specifically during the 2016 Rio de Janeiro Olympics. Assuming the attribution is right, the action appears to be Russian retaliation for the punitive steps against Russia.
A senior analyst at McAfee warned that the Olympics may experience more cyber attacks before closing ceremonies. A researcher at ThreatConnect asserted that organizations like Fancy Bear have no reason to stop operations just because they’ve already stolen and released documents. Even the United States Department of Homeland Security has issued a notice to those traveling to South Korea to remind them to protect themselves against cyber risks.
One presumes the Olympics network is sufficiently protected against the more pedestrian DDoS attacks and the like, but who knows?
EDITED TO ADD: There was already one attack.
Posted on February 12, 2018 at 6:36 AM •
A CNN reporter found some sensitive—but, technically, not classified—documents about Super Bowl security in the front pocket of an airplane seat.
Posted on February 5, 2018 at 3:46 PM •
The Boston Red Sox admitted to eavesdropping on the communications channel between catcher and pitcher.
Stealing signs is believed to be particularly effective when there is a runner on second base who can both watch what hand signals the catcher is using to communicate with the pitcher and can easily relay to the batter any clues about what type of pitch may be coming. Such tactics are allowed as long as teams do not use any methods beyond their eyes. Binoculars and electronic devices are both prohibited.
In recent years, as cameras have proliferated in major league ballparks, teams have begun using the abundance of video to help them discern opponents’ signs, including the catcher’s signals to the pitcher. Some clubs have had clubhouse attendants quickly relay information to the dugout from the personnel monitoring video feeds.
But such information has to be rushed to the dugout on foot so it can be relayed to players on the field—a runner on second, the batter at the plate—while the information is still relevant. The Red Sox admitted to league investigators that they were able to significantly shorten this communications chain by using electronics. In what mimicked the rhythm of a double play, the information would rapidly go from video personnel to a trainer to the players.
This is ridiculous. The rules about what sorts of sign stealing are allowed and what sorts are not are arbitrary and unenforceable. My guess is that the only reason there aren’t more complaints is because everyone does it.
The Red Sox responded in kind on Tuesday, filing a complaint against the Yankees claiming that the team uses a camera from its YES television network exclusively to steal signs during games, an assertion the Yankees denied.
Boston’s mistake here was using a very conspicuous Apple Watch as a communications device. They need to learn to be more subtle, like everyone else.
Posted on September 22, 2017 at 6:21 AM •
Fitbit evidence is cited in an arrest warrant, stating that the device monitored steps by the victim after the suspect claimed she died.
Posted on May 2, 2017 at 6:13 AM •
At the last match of the year for Manchester United, someone found a bomb in a toilet, and security evacuated all 75,000 people and canceled the match. Turns out it was a fake bomb left behind after a recent training exercise.
Posted on May 16, 2016 at 5:15 PM •
Here’s an interesting case of doctored urine-test samples from the Sochi Olympics. Evidence points to someone defeating the tamper resistance of the bottles:
Berlinger bottles come in sets of two: one for the athlete’s “A” sample, which is tested at the Games, and the other for the “B” sample, which is used to corroborate a positive test of the A sample. Metal teeth in the B bottle’s cap lock in place, so it cannot be twisted off.
“The bottles are either destroyed or retain visible traces of tampering if any unauthorized attempt is made to open them,” Berlinger’s website says about the security of the bottles.
The only way to open the bottle, according to Berlinger, is to use a special machine sold by the company for about $2,000; it cracks the bottle’s cap in half, making it apparent that the sample has been touched.
Yet someone figured out how to open the bottles, swap out the liquid, and replace the caps without leaving any visible signs of tampering.
EDITED TO ADD: There’s a new article on how they did it.
In Room 124, Dr. Rodchenkov received the sealed bottles through the hole and handed them to a man who he believed was a Russian intelligence officer. The man took the bottles to a building nearby. Within a few hours, the bottles were returned with the caps loose and unbroken.
One commenter complained that I called the bottles “tamper-proof,” even though I used the more accurate phrase “tamper-resistance” in the post. Yes, that was sloppy.
Posted on May 16, 2016 at 6:03 AM •
Forbes estimates that football player Laremy Tunsil lost $7 million in salary because of an ill-advised personal video made public.
Posted on May 4, 2016 at 2:28 PM •
If doping weren’t enough, cyclists are cheating in races by hiding tiny motors in their bicycles. There are many detection techniques:
For its report, Stade 2 positioned a thermal imaging camera along the route of the Strade Bianche, an Italian professional men’s race in March held mostly on unpaved roads and featuring many steep climbs. The rear hub of one bicycle glowed with almost the same vivid orange-yellow thermal imprint of the riders’ legs. Engineers and antidoping experts interviewed by the TV program said the pattern could be explained only by heat generated by a motor. The rider was not named by the program and could not be identified from the thermal image.
Cycling’s equivalents of the Zapruder film are online videos that show unusual patterns of bike changes that precede or follow exceptional bursts of speed by riders. Other videos analyze riders’ hand movements for signs of switching on motors. Still other online analysts pore over crashes, looking for bikes on which the cranks keep turning after separation from the rider.
Unlike the thermal images, however, the videos have only implied that a motor was present.
In a statement, the cycling union, which commonly goes by its French initials, U.C.I., said it had tested and rejected thermal imaging.
“The U.C.I. has been testing for technological fraud for many years, and with the objective of increasing the efficiency of these tests, we have been trialling new methods of detection over the last year,” the governing body said. “We have looked at thermal imaging, X-ray and ultrasonic testing, but by far the most cost-effective, reliable and accurate method has proved to be magnetic resonance testing using software we have created in partnership with a company of specialist developers.”
Posted on April 22, 2016 at 6:22 AM •
Story of Julie Miller, who cheated in multiple triathlon races:
The difference between cheating in 1980 and cheating today is that it’s much harder to get away with now. What trips up contemporary cheaters, Empfield said, is their false assumption that the only thing they have to worry about is their timing chip, the device they wear that records their time at various points along a course.
But the use of additional technology especially the ubiquitous course photos taken by spectators and professional photographers, which provide a wealth of information about athletes’ positions and times throughout a race makes it difficult for people to cover their tracks after the fact.
“What these people don’t understand is that the photos contain so much data they don’t know that this exists,” Empfield said of cheaters. “They think that if they hide in the bushes and re-emerge or take the chip off or whatever, they’re in the clear. But the problem is that people can now forensically recreate your race.”
Reminds me of this 2012 story about marathon cheating.
EDITED TO ADD (4/27): An update with proof of cheating.
Posted on April 14, 2016 at 6:44 AM •
I think this is the first case of one professional sports team hacking another. No idea if it was an official operation, or a couple of employees doing it on their own initiative.
Posted on June 25, 2015 at 6:14 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.