How the London Olympics dealt with six major cyber attacks
Six major attacks out of 165 million 'security events' identified
The London Olympics faced six major cyber attacks during the Games out of some 165 million individual security-related "events" identified by the IT team put together by Gary Pennell, the CIO of the London 2012 Olympics.
"There were 165 million security-related events. Most of those, let's be clear, were trivial - password changes, logon failures and things of that nature," said Pennell. "But there were 97 actual security incidents that got raised to my technology operations centre... [And] only six made it to the top, to me as CIO responsible for the technology of the Olympics."
Pennell was speaking at the Inside Government conference, "UK Cyber Security: Protecting our National Infrastructure".
The serious attacks kicked off the day before the Olympics, on 26 July, said Pennell, when the IT infrastructure was probed for some 10 minutes by, believes Pennell, a high-profile group of hackers based in Eastern Europe who have a track record of analysing high-profile websites for vulnerabilities and then publishing them.
"They didn't find anything, nothing was published and they went away and we never saw that again," said Pennell.
On the 27th - the day of the opening ceremony - there was reportedly an attack on the power systems in the Olympic Park. "At 5pm that evening, that's when we had probably our most serious attack in terms of a denial of service attack. That lasted for 40 minutes, 10 million requests coming from 90 IP addresses across North America and Europe," said Pennell.
"It was one of those attacks where everything was synchronised time-wise. It was clearly an automated attack, not an amateur attack where multiple people try to attack the same website at the same time. So it looked like a botnet-style attack."
However, that attack was handled at the edge of the network and the impact was zero. "Again, we never heard any more from them," he added.
The next day, the "hacktivists" woke up and published a number of adverts online urging their community to "#letthegamesbegin". The community was publicly urging hacktivists via social media to mount denial of service attacks against the Olympics IT infrastructure at pre-determined times.
However, social media was being closely monitored and the attacks were therefore easy to deal with. "We were monitoring all social media as far as we could so that we could see that it was happening and we were ready with any responses that we needed to make," said Pennell. "In practice, it wasn't even detectable from a systems point-of-view and on my list, it didn't even count as an attack, only as a threat."
Indeed, the most damaging aspect of the hacktivists' efforts was their treatment of the Olympic Games' five-ring logo in their advertising. "It went on for four or five days, but never amounted to a hill of beans."
[Please turn to page 2]
How the London Olympics dealt with six major cyber attacks
Six major attacks out of 165 million 'security events' identified
Internal enemies
One of the biggest security challenges for the London Olympics, as it turns out, was effectively an internal security flaw - not with the Games' organisers, but by a major press agency whose IT infrastructure was riddled with malware.
Its systems had been pumping out so much spam that the IP address range was blocked by Spamhaus and other anti-spam blacklists, which also blocked access for all press agencies that were using the same access and pooling their reports.
"We had to make a lot of calls to the press agency to get them to clean their systems up, during which we were accused of spying on them when we were just trying to help. We also worked with the anti-spam services to explain what the problem was and to get it resolved," said Pennell. "That was one I didn't expect."
However, the organisation concerned still had not sufficiently cleaned up its IT act by the time the Olympic Games wound towards its close.
On the 3 August, a government agency advised that a major distributed denial-of-service attack was expected. Indeed, it had "taken out" another, unnamed agency before the attackers turned their attention to the London Olympics.
"Just as we were coming towards the end of the games, we had what was in many ways the most serious and committed attack. Someone out there decided to launch a 300,000 packets per second denial-of-service attack on that same IP address that had previously been blocked, which the press agencies had been sharing," said Pennell.
Again, that was contained by the firewall, but the attack continued for some 15 minutes. "Somebody was seriously trying to disrupt the operation," said Pennell. "But in terms of impact on the operation, there really wasn't any."