There are lots of story opportunities to talk about here. According to the NY Times the attack was based on some stolen credentials from a member of the Korean Olympic Committee. Just likes Clams, one coughs and gives them all away. From that one credential came a cascade of troubles, including the loss of Wi-Fi, Press Room, Ticket Sales and the official Website. This was not an attack to steal credit card or personal information, it was an attack to disrupt and show prowess, while stopping short of destroying the equipment altogether.
Now candidly Cisco’s Talos team has analyzed the attack in detail and I will not try to replicate their detail.
I will (poorly) summarize the analysis. As I read the analysis it looks like Windows was the primary point of attack. The attack once successful penetrated it quickly spread through the network stealing credentials to attack other systems, using domain names that in many cases were hardcoded. Once in the system it then attacked the browsers used on the machines to further spread the malware. After grabbing credentials the computers data was then corrupted and made them inoperable.
Based on my reading of the reports, it seems the Wi-Fi was inoperable because authentication was infected. Cisco’s Talos team postulates that the systems were compromised in advance of the event.
As for the drone show that was shown on NBC based on a previous recording, there is no mention of that system being attacked. It could be that it was stand alone and there not penetrated. The official reason for the drones not flying was because of spectators being underneath the drone area.
The light show and other elements of the ceremonies worked without incident.
Bottom line, if you want to look for security issues, start with human error. My father’s favorite quote, “Never assume malice, when incompetence is an equal answer” is definitely a human factor.
Leave a Reply