Russia hacked Olympic computers and routers but tried to frame North Korea

Russian military hackers hacked hundreds of computers at the 2018 Winter Olympic Games, but tried to make it look like the hacks were conducted by North Korea, according to a report by The Washington Post.

U.S. officials clinging to anonymity told The Post the “false-flag” operation conducted by the Russian military agency GRU included obtaining access to hundreds of Olympic-related computers as well as routers in South Korea. The hacks are believed to be retaliation against the International Olympic Committee (IOC) for banning the Russian team from the Winter Games due to doping violations.

Citing an intelligence report, The Post said Russian military hackers had obtained access to “as many as 300 Olympic-related computers” by early February. Additionally, “GRU cyber-operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began.”

It was unclear if the cyber attack during the opening ceremony, which caused disruptions to the internet and broadcasting systems, was a result of the infected routers. During the attack, organizers took down the servers to prevent more damage. That caused the Winter Olympics website to go down and some attendees could not print out their tickets.

When officials confirmed the attack, Olympic Games spokesman Sung Baik-you said, “We know the cause of the problem,” but “we decided with the IOC we are not going to reveal the source” of the attack.

Rendition Infosec’s Jake Williams, who previously worked for the NSA, told The Post, “Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely. Development of router malware is extremely costly, and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal.”

U.S. officials were reportedly concerned the Russians might conduct another attack during the closing ceremony as Russian athletes were not allowed to parade under their own flag.

A team of 168 Russians competed in the Winter Games, but had to compete as neutral Olympic Athletes from Russia (OAR) due to state-sponsored doping at Sochi 2014. After the OAR team won the ice hockey gold, the team defied the ban by singing the Russian national anthem during the medal ceremony.

When the IOC announced Russia’s ban, IOC president Thomas Bach said the doping at Sochi “was an unprecedented attack on the integrity of the Olympic Games and sport.” Yet the IOC was considering lifting the ban for the closing ceremony. However, the ban wasn’t lifted after two Russian athletes failed the drugs tests for this Olympics. Therefore, the athletes could not wear their national colors or display the Russian flag.

Nevertheless, Bach said, “There is no evidence of systemic doping and no evidence of the involvement of the Russian Olympic Committee in these cases.”

According to The New York Times, the IOC reportedly intended to welcome Russia back as a full-fledged Olympic nation if all of its remaining drug tests were negative.

The Washington Post gave a run-down of GRU hacks which were “seen as payback” after Russian athletes were banned for the government-run doping scheme. Even before that, the Russians conducted disinformation tactics against the Olympic Games.

This time around for the GRU’s “false-flag” operation, the Russian military hackers used North Korean IP addresses and other tactics to make it appear like North Korea was behind the hacks.