Russian military intelligence services were planning a cyber-attack on the Japanese-hosted Olympics and Paralympics in Tokyo this summer in a bid to disrupt the world’s premier sporting event, the UK National Cyber Security Centre has revealed, disclosing a joint operation with the US intelligence agencies.
The Russian cyber-reconnaissance work covered the Games organisers, logistics services and sponsors and was under way before the Olympics was postponed due to coronavirus.
Many previous ascribed Russian cyber-attacks have been against the state institutions of Moscow’s political opponents, but some cyber-activity has been directed at the agencies conducting inquiries into Russian sports doping.
The new evidence is the first indication that Russia was prepared to go as far as to disrupt the summer Games, from which all Russian competitors had been excluded because of persistent state-sponsored doping offences.
The UK has also become the first government to confirm details of the breadth of a previously reported Russian attempt to disrupt the 2018 winter Olympics and Paralympics in Pyeongchang, South Korea. It declared with what it described as 95% confidence that the disruption of both the winter and summer Olympics was carried out remotely by the GRU unit 74455.
In Pyeongchang, according to the UK, the GRU’s cyber-unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony of the 2018 winter Games, crashing the website so spectators could not print out tickets and crashing the wifi in the stadium.
The key targets also included broadcasters, a ski resort, Olympic officials, service providers and sponsors of the games in 2018, meaning the objects of the attacks were not just in Korea.
The GRU also deployed data-deletion malware against the winter Games IT systems and targeted devices across South Korea using a VPN filter.
The UK assumes that the reconnaissance work for the summer Olympics, including spearphishing to gather key account details, setting up fake websites and researching individual account security, was designed to mount the same form of disruption, making the Games a logistical nightmare for business, spectators and athletes.
The foreign secretary, Dominic Raab, said: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.
“The UK will continue to work with our allies to call out and counter future malicious cyber-attacks.”
The UK attribution, part of an attempt to disrupt Russia’s cyber-security through maximum exposure and deter any disruption of a rescheduled summer Games next year, is likely to lead to the unsealing of indictments by the US as well as sanctions of individual Russian agents. British sources said the extent and persistence of the cyber-activity against sporting bodies was likely to have been cleared at the highest echelons of the Russian state.
Russia was banned in December 2019 from all world sporting events by the World-wide Anti-Doping Agency (Wada), including the summer Olympics, after Russia’s own anti-doping agency was found guilty of manipulating laboratory data handed over to investigators in January 2019.
At the time of the four-year Wada ban, Russia claimed it was a victim of hysteria.
The 2018 attack on the winter Olympics predates the ban, and underlines how Russia has been for many years trying to intimidate and penetrate those agencies seeking to investigate Russian doping, even now going to the length of disrupting the summer Olympics themselves.
The International Olympic Committee had in late 2017 declared that Russian athletes could only compete in the 2018 winter Olympics as neutrals, and not under the Russian flag.
The revelations potentially come at a difficult time for Donald Trump as the issue of Russian interference in US politics has reared its head again in the presidential election campaign. Trump’s personal lawyer Rudy Giuliani and the New York Post have been accused of unwittingly letting themselves be used by Russia to spread disinformation about the Democratic candidate, Joe Biden, and his son Hunter.
The UK claims the cyber-attacks are part of a pattern by the Russian state to electronically target countries ranging from the Ukraine, the US and Georgia to the UK, including the Foreign Office.
British officials pointed out that Russia at the UN general assembly had signed up to an Olympic truce, including a commitment not to disrupt, or in any way undermine the safety of the Games.
The UK said it had already acted against the GRU’s destructive cyber-unit by working with international partners to impose asset freezes and travel bans against its members through the EU cyber-sanctions regime.