How the London Olympics dealt with six major cyber attacks

The London Olympics faced six major cyber attacks during the Games out of some 165 million individual security-related "events" identified by the IT team put together by Gary Pennell, the CIO of the London 2012 Olympics.

"There were 165 million security-related events. Most of those, let's be clear, were trivial - password changes, logon failures and things of that nature," said Pennell. "But there were 97 actual security incidents that got raised to my technology operations centre... [And] only six made it to the top, to me as CIO responsible for the technology of the Olympics."

Pennell was speaking at the Inside Government conference, "UK Cyber Security: Protecting our National Infrastructure". 

The serious attacks kicked off the day before the Olympics, on 26 July, said Pennell, when the IT infrastructure was probed for some 10 minutes by, believes Pennell, a high-profile group of hackers based in Eastern Europe who have a track record of analysing high-profile websites for vulnerabilities and then publishing them.

"They didn't find anything, nothing was published and they went away and we never saw that again," said Pennell.

On the 27th - the day of the opening ceremony - there was reportedly an attack on the power systems in the Olympic Park. "At 5pm that evening, that's when we had probably our most serious attack in terms of a denial of service attack. That lasted for 40 minutes, 10 million requests coming from 90 IP addresses across North America and Europe," said Pennell.

"It was one of those attacks where everything was synchronised time-wise. It was clearly an automated attack, not an amateur attack where multiple people try to attack the same website at the same time. So it looked like a botnet-style attack."

However, that attack was handled at the edge of the network and the impact was zero. "Again, we never heard any more from them," he added.

The next day, the "hacktivists" woke up and published a number of adverts online urging their community to "#letthegamesbegin". The community was publicly urging hacktivists via social media to mount denial of service attacks against the Olympics IT infrastructure at pre-determined times.

However, social media was being closely monitored and the attacks were therefore easy to deal with. "We were monitoring all social media as far as we could so that we could see that it was happening and we were ready with any responses that we needed to make," said Pennell. "In practice, it wasn't even detectable from a systems point-of-view and on my list, it didn't even count as an attack, only as a threat."

Indeed, the most damaging aspect of the hacktivists' efforts was their treatment of the Olympic Games' five-ring logo in their advertising. "It went on for four or five days, but never amounted to a hill of beans."

[Please turn to page 2]