

“Cyber intelligence companies and western government officials warn that the two-week sporting festival, which began last Friday, could lead to some of the highest levels of cyber criminal activity in years.” — Financial Times
Even without its current status of the 2016 Olympics host, Brazil is one of the world’s weakest cyber victims (all year round), and has become a go-to target for online criminal activity (specifically online banking fraud). It’s even been described as “one of the most pervasive cybercrime environments worldwide”.
Between 2010 and 2015, Brazil saw a 400% increase in serious cyber attacks — with a “notable spike” aka 200% increase, in 2014 alone, while the country hosted the football World Cup.
In general, PwC considers Brazil to be in a “poor state of cybersecurity”, and among the worst in developed nations, implying that business dealings in this region come with a serious risk-level.
Brazil was ranked the 10th largest hub of cybercrime (in a 2015 Internet Security Threat Report), and the source of 2% of all detected global cyber threats in that year.
Given Brazil’s characteristic weaknesses to digital security and their reputation for poorly protected corporate networks, the country as a whole is notably attractive to organized cyber crime and to the hacktivists involved.
How so?
Business and Personal Assets
Public/Tourist Facilities
Websites
What’s Been Happening/Observed Until Now
International Olympic Committee: A Sought-After Target
The International Olympic Committee (IOC) keeps a very active Security Operations Center (SOC), which monitors (and responds to) security incidents, including phishing and malware campaigns. Many of these campaigns originate with malicious domains, and so far 230 of them have been added to a domain blacklist.
Employees of the IOC are a sought-out target for cyber criminals, largely because of the lucrative credentials that are connected to their online activity.
In February 2016, a malicious domain campaign, masquerading as the IOC’s Intranet portal, was identified. The hackers involved were aiming to steal credentials of IOC employees. See the fake website shown below:
We expect there to be approximately 4x the amount of attempts at cyber crime than there were at the London Olympics in 2012 (165 million) — a direct outcome of the increased levels of tech evolution and the growing number of people connected to the internet which have respectively blossomed since 2012.
For some perspective about these growth rates:
(source:internetlivestats.com)
How do the expected attack vectors of the Rio games compare to the vectors that were attacked in London in 2012?
According to the Independent, London 2012 was “the largest peacetime security operation in British history” — no small matter, to say the least.
That being said, the security operation did indeed amount to a price of £500m, with an initial struggle to recruit and train enough staff — resorting to draft in armed forces to support the massive police presence during the games.
The UK Home Office in no way denies the cyber incidents that made their way into the Olympic Village. On the contrary, they explicate what the proved attack vectors were, and how the cyber criminals targeted them;
How did they do it?
British Telecom (BT) was responsible for protecting the London 2012 computer systems from hackers and fraudsters. CEO of BT Security, Mark Hughes, attributed the successes of the company’s cybersecurity efforts to “design, extensive testing, and having the right people”.
Thanks to one of the event hashtags, “#letthegamesbegin”, criminals were unintentionally alerting security forces when they were on the verge of executing an attack, when they tweeted messages like “let’s have a go at the website”. In cases like these, thwarting incidents came down to a matter of monitoring social media for dangerous conspiracy chatter.
Although the 2012 games were undoubtedly a prime target for hackers, hit by about 165 online cybersecurity incidents overall, the reach of online criminals is said to have grown considerably over the four year that have passed, with a growing emphasis on organized cyber crime.
Intelligence
Use an intelligence-led, risk-based approach in order to react in real-time;
By using network analytics to derive intelligence; sharing cyber threat information between agencies and intelligence bodies enables targets and/or security forces to prepare their defenses prior to attack. In other words, by knowing what the adversary is doing, you can stop them from bypassing your defenses.
Personnel
Hire technologists who can work at marathon speeds (much like Olympic athletes).
Last but not least, CIO of the London 2012 Olympics, Gerry Pennell advised:
“Prior experience only goes so far…It is important to have fresh thinking for each Olympics, but it is also important that there be a preponderance of people from the host country in IT so that the IT plan reflect the unique aspects of the technology landscape in that country.”