The Paris Olympics 2024 kicked off today. But as the City of Light opens its gates to millions of spectators, officials are bracing themselves for a cyber war.
Analysts predict that there could be as many as four billion cyber attacks at this year’s Games. The official Paris Olympics 2024 app is particularly vulnerable.
“This app handles vast amounts of personal and transactional data, making it a prime target for cybercriminals,” said Sakthi Mohan, cloud security lead at California-based Synopsys Software Integrity Group.
The Paris Olympics app has already been downloaded over 10 million times on Google Play. It allows users to access a map of the Games, the schedule, live updates, replays, and more. The app also gathers your personal information, including name, address, email, photos, and videos.
Organisers have labeled it “your personal companion for the Games.” For hackers, that’s the allure.
“Malicious actors might seek to exploit vulnerabilities in the app for financial, political, or other harmful purposes,” said Kelvin Lim, senior director at Synopsys.
Back in 2022, an audit of the mandatory Beijing Winter Olympics app found that hackers actors could easily undercut encryption protections — exposing sensitive health data or passport details.
Major events, which attract large numbers of people to one place at one time, can become a feeding frenzy for cybercriminals.
Last month, hackers stole the personal details of 560 million Ticketmaster customers worldwide. The cyber villains obtained names, addresses, phone numbers, and even credit card numbers.
“The breach was a wake-up call for sporting event organisers,” said Lim.
France’s cybersecurity agency, ANSSI, has assembled a 630-strong cyber team in preparation for Paris Olympics hacking barrage. Cybersecurity firm Cisco Systems France and the US Cybersecurity and Infrastructure Agency are providing supporting services, Bloomberg reports.
The cyber dream team is expected to encounter threats ranging from phishing scams and spoofing schemes to distributed denial-of-service (DDoS) attacks that could disrupt critical services. The Olympic Games’ systems and apps as well as nearby shops, banks, and government agencies are all in the firing line.
Geopolitical tensions fuel Paris Olympics cyber risk
Russian hackers pose the greatest cyber threat, according to recent reports from three cybersecurity firms, including Google’s Mandiant.
Last month, a Russian hacktivist group called the People’s Cyber Army launched DDoS attacks on several French websites. The group claimed responsibility for the attacks, saying that they were a “training exercise” in preparation for large-scale siege during the Paris Olympics.
The Olympics have been hacked before. At the Winter Olympics in South Korea in 2018, hackers linked to Russian intelligence services disrupted the online ticketing system and cut Wi-Fi at the stadium during the Opening Ceremony.
Russia and Belarus were barred from participating in the Paris Olympics due to Russia’s ongoing invasion of Ukraine — adding to the heightened volatility.
“State-sponsored actors pose a significant risk, aiming to use cyber operations for espionage, destabilisation, or to gain a competitive edge,” said Mohan.
“With geopolitical tensions and the advent of AI-enhanced cyber threats, the cybersecurity landscape for the Paris Olympics is more complex than ever.”