Athens Olympics Steps Up Cybersecurity

Though security technology has improved since the 2000 Olympics in Sydney, the threats have, too.
ATHENS, Greece (AP) -- Everyone is on the lookout for Olympic infiltrators. Greek police get no vacation this August. The military has warships and anti-terrorist commandos primed. NATO will offer surveillance planes. Washington has sent over radiation scanners.

Another security front line is quietly watched over by a French executive armed with only a clipboard and flow charts. His foes include distant hackers, invisible computer viruses, code-burrowing worms, and the Trojan horses of the cyber age.

"We can't let our guard down for even a moment," said Claude Philipps, program director for major events at Atos Origin, a Paris-based technology firm that first took over Olympic data services at Salt Lake City in 2002.

The job description for Athens is essentially the same: providing sports results, tracking credentials, and distributing doping reports and other background information. But the intensity and interest makes the Summer Games a bigger show and a bigger target.

Atos expects to deliver more than 50 million pages of results and statistics to Internet sites and on paper. Another 50,000 pages of material on the games and athletes will be available on an Intranet network.

"Just since Sydney (in 2000), the threats have increased a lot. There are more hackers and viruses," Philipps said. "But the technology has improved, too."

It was put to the test last month.

For five days, they threw everything they could at the $400 million system. Hackers tried to slip in. Internal "dissidents" typed in bogus passwords. Nearly every hour some new headache scenario was dished up: blackouts, bomb threats, canceled events, crashing servers, emergency reprogramming.

Then the real thing hit in the early afternoon last Monday. Greece's worst power failure in decades left Athens and the rest of southern Greece without electricity for hours.

Atos was forced to shut down its system because the generators and auxiliary power were not "in games-time mode," Philipps said.

The verdict? Philipps declined to talk about specific blemishes or worries. "Let's just say there's not much that could happen that would surprise us now," he said.

That's pretty much the feeling of everyone associated with Athens' preparations for the Olympics, Aug. 13-29. Greek organizers have rewritten the manual on scraping by.

On the technical side, that's meant testing results systems and sensitive uplinks while work crews fitted sections of the half-built roof of the Olympic Stadium and measured for new seats.

"We don't behave the same in each host city," said Philipps, whose company has the Olympic technology contract until the 2008 Beijing Games. "We have to make accommodations for the local culture."

The hacker culture, however, is global and can exploit any vulnerability.

The Olympic computer network is mostly a closed system with limited "points of entry from the outside," Philipps said.

"This reduces our exposure to hackers," he explained. "But some will try, I'm sure of that."

A more probable security breach would be an inside job.

"You know, a disgruntled employee or maybe someone on the staff paid to try to corrupt the system--that sort of thing," said Vladon Todorovic, a security specialist for the Olympic system.

He taps the keys on a small but powerful virtual detective called eTrust. Its job is to instantly sift through possible security threats, consolidate them and, finally, list them in order of concern. It may sound simple, but planners predict up to 2 million security "events" a day--ranging from a failed password to a serious virus attack.

"Look at this," Todorovic said, hitting a few keys.

A list of potential violations runs down the screen.

"OK, here," he pointed. "This is one password failure. Not a big deal. Here's three failures. We pay more attention. If we see a pattern of failures in the same work area, then we think someone's trying to break in. That's when we alert someone."

The Olympics have so far avoided any major high-tech disruptions from hackers or viruses. But that doesn't mean the "bad guys" aren't thinking about it, said Peter Tippett, chief technologist at TruSecure Corp., a security intelligence company based in Herndon, Va.

"We track something like 11,000 bad guys. ... These are the hard-core hackers. Some of them are posting messages talking about practically going to war during the Olympics," Tippett said. "We've seen this type of talk before, but it rarely turns into anything."

Or the damage could already be done and waiting to strike.

Olympic programmers need to be aware of possible "Trojan horses," or bits of programming code planted in the system during installation that could later open the door to hackers, Tippett said.

The limited links between the Olympic network and the wider Internet is good defense against viruses, but also poses a possible Achilles' heel--to use another timely analogy from the Trojan war.

It's called a "denial of service" attack, Tippett said. A hacker floods the portals with data to clog the system.

"Imagine a bunch of cars parked on your street so you can't get to work," he said.

Computer security experts estimate at least 1,500 successful hacks into systems each day worldwide.

"So you bet that some of these guys are thinking about the Olympics," he said. "It's too big to ignore."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing