Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Black hat vs white hat - the fight for the London 2012 Olympics

At the 2012 London Olympics this summer, hackers will be out in full force

Article comments

There will be more than one Summer Olympic Games starting later this month in London.

The official one, which everybody knows about, is the competition among the elite athletes of the world. The other is one that UK officials hope nobody will notice: the competition among the elite hackers of the cyber world, with one side trying to protect the Games' vital computer systems while the other side tries to break into them and make mischief.

As UK officials have been saying since 2008, the country is expecting an unprecedented level of attacks during the two-plus weeks of the event.

At the National Security 2012 conference on 3 July, the UK's counter-terrorism department director, Richard Clarke said the possible disruption from cyberattacks could rise to the level of physical threats at past games.

But the good guys say they are ready. And at least some security experts with government experience agree with them.

Joel Harding, a retired military intelligence officer and information operations expert and consultant said, "The security at the 2012 London Olympics is as tight as any Olympics - ever."

That is the word from Atos, the lead technology company for the summer and winter Games since 2002. Patrick Adiba, Atos executive vice president for the Olympic Games and major events, told David Stringer of the Associated Press that he believes it will be virtually impossible for malicious hackers to achieve what would amount to a gold-medal attack - putting political messages on Olympic scoreboards.

"It is very unlikely, as it all operates on a very secure network. It would be quite complicated to get into this network without being detected," he said. "It can never be 100 percent, but it is close to 100 percent."

Just for the "lulz" or potentially dangerous?

Joel Harding agrees. "The Olympics are going to attract a ton of attention, so of course hackers are going to try to put 'Go Our Country!' on the scoreboard," he said, since this would be worth a "lulz," the hacker reward for getting into a system and causing trouble.

"The more attention a hacker can cause, the more lulz and the greater the bragging rights," he said. "But we've already heard that [hacking the scoreboard) is going to be spectacularly difficult, so I tend to doubt we'll see that."

Gary McGraw, CTO of Cigital, said he thinks the worst that could happen would be that kind of "hacktivism." And while it might be embarrassing for the Olympics and cause some celebration among the black hats, "how much damage will it really do?" he asks.

There are bigger threats, Joel Harding said. "There are a ton of other things, such as schedules, transportation systems, water, physical security, telephones - you name it - all automated and networked. Those would be great targets and shutting down all the water would shut down the Olympics.

"Since all this attention is on London, however, making the London Eye Ferris Wheel stop or run backwards would be a worthy goal. The London Underground is an attractive target. The entire city is in the crosshairs," he said.

The competition between the white and black hats is expected to be fierce. Atos, which will be in charge of about 11,500 computers and servers across the UK, has done more than 200,000 hours of testing, including mounting simulated attacks, according to Adiba.

Harding said he thinks Atos is taking the right approach - more risk mitigation than risk avoidance. "They appear to be assuming that hackers are going to get into the system, so the security is oriented towards recognising malicious behavior as soon as possible and avoiding a serious failure, a meltdown, if you will," he said.

Looking out for the good ones 

"But, there is always someone with zero-day exploits, vulnerabilities that the computer security organizations of the world are not yet aware, and they will use them. Really elite hackers will attempt to make exploits on the fly, as the system responds and as they recognise new vulnerabilities, these folks will probably collect some lulz, but let's hope the response time for closing those backdoors is world-class also."

Gary McGraw said a better approach is to "do security analysis at the design level. When you build a system, don't design security flaws right into it," he said. "Think about possible attackers. Do a risk analysis and see if it is designed to resist attack. When you really want to be secure, you have to build it in. It does involve some penetration testing, but it doesn't rely only on that."

Joel Harding said he thinks both sides have some advantages. "White-hat hackers are every bit as good as black-hat hackers - sometimes they're even better," he said. "Many white-hat hackers began their career doing network security, so they understand many of the basics that bad hackers might not."

But black-hats don't worry about obeying the law. "They have access to repositories of code, which are often freely shared to save time when building new tools," Harding said. "They often have access to the latest network monitoring tools, which by their very nature, can be used offensively.

"The really bad news for the defenders is that may well be very nearly overwhelmed with the sheer volume of attempts to penetrate their systems," Harding said. "With all that noise from inexperienced or unskilled hackers, the really good ones will operate quietly and probably not attract enough attention to stop them until it's too late. Those are the dangerous ones. They have experience, patience and skills."


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *