Russians spies hacked ‘hundreds’ of computers and tried to implicate South Korea, says US

Analysts believe disruption was retaliation for banning country from participating in this season's sporting events because of doping violations 

Ellen Nakashima
Sunday 25 February 2018 19:03 GMT
Comments
The opening ceremony was hindered by disruptions including interferences with the broadcast systems
The opening ceremony was hindered by disruptions including interferences with the broadcast systems (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympics in South Korea, according to US intelligence.

They attempted to make it appear as though the intrusion was conducted by North Korea, in what is known as a “false-flag” operation, said two US officials who spoke on the condition of anonymity to discuss a sensitive matter.

Officials in Pyeongchang acknowledged the games were hit by a cyberattack during the 9 February opening ceremony, but had refused to confirm whether Russia was responsible. That evening there were disruptions to the internet, broadcast systems and the Olympics’ website. Many attendees were unable to print their tickets for the ceremony, resulting in empty seats.

Analysts surmise the disruption was retaliation against the International Olympic Committee for banning the Russian team from the Winter Games due to doping violations. No officials from Russia’s Olympic federation were allowed to attend and while some athletes were permitted to compete under the designation Olympic Athletes from Russia, they were unable to display the Russian flag on their uniforms and if they won medals, their country’s anthem was not played.

As of early February, the Russian military agency GRU had access to as many as 300 Olympic-related computers, according to an intelligence report this month.

The Office of the Director of National Intelligence declined to comment.

The intelligence, which has not been publicly affirmed, is consistent with reports from private-sector analysts who have said they saw signs Russia had targeted the 2018 Olympics. It also would continue a pattern of such attempts, including during the 2016 Summer Olympics in Rio de Janeiro.

Some US officials are concerned the Russians may try to disrupt the closing ceremony on Sunday. “We’re watching it pretty closely,” said one. “It’s essentially a Korean problem,” the official added. “We will help the Koreans as requested.”

Apart from accessing the computers, GRU cyber-operators also hacked routers in South Korea last month and deployed new malware on the day the Olympics began, according to Western intelligence agencies. Such access could enable intelligence collection or network attacks, officials said.

It is not clear whether the disruptions during the opening ceremony were the result of that access, but the development is concerning regardless, information security experts said.

“Anyone who controls a router would be able to redirect traffic for one or more selected targets or cause total disruption in the network by stopping the routing entirely,” said Jake Williams, a former National Security Agency cyber-operator and co-founder of Rendition Infosec, a cybersecurity firm.

“Development of router malware is extremely costly and Russia would likely use it only in locations where it contributes to accomplishing a high-value goal,” said Mr Williams.

The GRU hackers are thought to work for the agency’s Main Centre for Special Technology, or GTsST, according to intelligence agencies. That unit has been highly active in information warfare against the West and was behind the NotPetya cyberattack that crippled computers in Ukraine last year.

Two years ago, the GRU penetrated a database containing drug test results and confidential medical data and posted information about noteworthy US athletes including tennis stars Serena and Venus Williams, four-time gymnastics gold medallist Simone Biles and women’s basketball standout Elena Delle Donne.

That action was widely seen as payback after nearly every member of Russia’s track and field team was banned from the 2016 Olympics. Numerous investigations uncovered a widespread, government-run doping scheme that dated back years.

Russia has a long history of undertaking such “active measures” against the Olympic Games, noted Thomas Rid, a professor of strategic studies at Johns Hopkins University. During the 1984 Olympics in Los Angeles, Soviet intelligence released fake Ku Klux Klan leaflets threatening violence against African athletes as part of an effort to embarrass the United States, he said. That year, the Soviets led a 14-nation boycott of the games in retaliation for a US boycott of the 1980 summer games in Moscow, which was prompted by the Soviets’ 1979 invasion of Afghanistan.

The 1984 effort failed, Rid said, because the US government “very quickly” revealed the Soviet attempt. As a result, no African athletes withdrew from the games.

While “old-school” tactics relied on leaflets among other things, the internet has provided new tools to spread disinformation, he said.

In this case, the GRU sought to make it appear as though the intrusions were the work of North Korean hackers by using North Korean IP addresses and other tactics, said the officials. Such deception is common for the GRU.

The Washington Post

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in