TOKYO — As Japan gears up for the 2020 Tokyo Olympic and Paralympic Games in just over a year, the country needs to brace for sophisticated cyberattacks, experts say.
With the proliferation of smart devices and low-cost drones, such attacks are likely to increase not only in number but also complexity.
Previous Olympic organizers have faced an enormous number of cyberattacks, with an estimated 500 million during the 2016 Rio Games and 250 million at the 2012 London Games, and Tokyo is expected to face a similar scale of threat.
The games organizers already faced such a threat last September when a group of hackers tried unsuccessfully to steal private information from people in the United States and Japan by emailing fake ticket offers.
Toshio Nawa, executive director and senior security analyst at Tokyo-based security consultancy Cyber Defense Institute, warned that people must remain on guard for hackers using a combination of virtual and real-world attacks.
“Hackers could use a cyberattack to show a fake emergency alert, for example a large earthquake or nuclear accident, on the electronic scoreboard during the opening ceremony and then fly dozens of drones capable of jamming mobile signals, causing a huge panic,” he said.
The former programming executive at Japan’s Air Self-Defense Force who oversaw signals, encryption and the air defense command system, said extra caution will be required when watching the games on smartphones.
“Attackers might set up a site saying you can watch the Olympics for free, but it will have malware embedded on it. When you access the site, a malicious app will download and install on your phone, where it could do things like extract your ID and password,” he said.
Once hackers have access to your personal information, they can go on to perform a whole range of malicious acts, such as using your credit card or infiltrating your company’s network to steal company secrets, added Nawa.
Noboru Nakatani, a former cyber specialist at the International Criminal Police Organization, more commonly known as Interpol, said that crippling critical infrastructure, in particular telecommunications and transportation systems, is a common way for hackers to wreak havoc to embarrass a country.
According to a 2018 report by Rand Corp., the 2012 London Olympics suffered a 40-minute distributed denial of service attack on the venue’s power systems during its opening ceremony.
“In the United States there have been cases where subway ticketing systems have gone down. If trains aren’t able to operate during the games, it would be a huge mess,” Nakatani said.
Both Nakatani and the global policy think tank mentioned ransomware, where an attacker holds a user’s system or data “hostage” by encrypting the contents and demands money in exchange for a key, as another major threat confronting the Tokyo Games.
With hackers likely to target the less secure networks of sponsors and other companies working with the Olympic committee, “subcontractors and suppliers will also have to make sure their security is bulletproof,” Nakatani said.
The former senior assistant director for cybercrime at Japan’s National Police Agency said that information sharing and international cooperation are key to detecting potential breaches early on.
Nawa believes the law should be amended to allow for stronger countermeasures.
“At an event where the world will be watching, hackers could promote themselves or terrorists could publicize their beliefs. We mustn’t allow the Olympics to become a platform for such acts,” he said.