'Trial' DDoS Attacks on French Sites Portend Greater Olympics Threats

Against the backdrop of the upcoming Paris Olympics, Russian hacktivists have claimed denial-of-service (DoS) attacks against a few notable French websites.

For months now, the news media has warned of both physical and cyber threats to the upcoming Olympic Games. The fears are well-founded: Any major event these days is a target, and prior Olympics have seen their fair share of incidents.

A potential opening salvo rang out in June, Cyble notes in a new report, when the Russian hacktivist groups HackNeT and the People's Cyber Army claimed a series of distributed DoS attacks on their social media channels. The Sandworm-linked People's Cyber Army referred to the attacks as mere "training."

Pre-Olympics DDoS Attacks

On June 23, the hacker collectives posted a series of screenshots of victim websites, and website uptime monitoring tools to demonstrate their downing.

At 8:30 UTC, for example, the People's Cyber Army claimed an attack on the website of the La Rochelle International Film Festival. Shortly thereafter, HackNet published news of another attack against the site for the Grand Palais. Cyble labeled these many claims as "possibly true" but couldn't confirm their legitimacy.

The pattern of targeting relatively mundane websites belonging to popular tourist attractions fits neatly into a picture of amateurish hacktivists seeking attention.

"I think it's mostly about being recognized as a formidable player in this whole space of cyber hacktivism — being seen taking up causes, and appearing to be fighting for it," says Kaustubh Medhe, head of research and intelligence at Cyble. "You have to keep your voice heard and be in the headlines all the time. And it's also a chance for groups to gather more mass support."

The People's Cyber Army in particular has historically done quite well on those fronts. Though it's only just over two years old, its Telegram channel sports more than 50,000 subscribers.

Cyber Threats to the Paris Olympics

When it comes to the myriad cyber threats to the Paris Olympics, "I delineate between risks that are scary, and those that are more of a nuisance," says Bojan Simic, co-founder and CEO of HYPR.

"Nuisance types of scenarios are: the Olympics app doesn't work and people don't know where the next event is and it's annoying. And taking down specific events from TV or streaming," he says. Politically motivated hacktivism against static websites — of the kind so boasted about by HackNet and the People's Cyber Army — also falls under this banner.

The problem, Medhe warns, is that nuisances can provide a screen for more ambitious attacks. "There have been instances in the past where DDoS attacks are a distraction to throw off a security team, to focus them on something less important, while some other threat groups are trying to get in some other way, and there is a more advanced attack in progress," he says.

Besides physical threats to athletes and fans, advanced cyber attacks might take the form of a major data breach, such as when Russia's Fancy Bear stole sensitive medical data on athletes at the 2016 games in Rio. This was a major interference, like the Olympic Destroyer attack at Pyeongchang 2018 that disrupted broadcasting, ticketing, various Olympics websites, and Wi-Fi at the host stadium. Attacks might also take some other form not yet seen at prior Games.

"I think they're generally reasonably well prepared," Simic says of the Olympic committee this time around, "but I think their preparations are going to be largely based off of previous attacks. I think they've been on the lookout for DDoS attacks, making sure that they have the ability to automatically scale the environment if they need to, to make sure that disruptions are minimized. Their ability to stop newer attacks is to be seen.

"We haven't really seen organizations adapt to modern, AI-based attacks involving malware and social engineering. That gives me some discomfort around the Olympic Committee being able to stop [certain] attacks."