icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

Winter Olympics hack: Probe into culprits deepens mystery (POLL)

Winter Olympics hack: Probe into culprits deepens mystery (POLL)
Hackers who caused a tech meltdown at the PyeongChang Winter Olympic opening ceremony, leaving many spectators unable to print their tickets, have been subjected to an in-depth probe by cyber security ‘experts’.

The unknown group used a unique malware – now aptly named the ‘Olympic Destroyer’ – to target the official Olympic website, the stadium’s WiFi and broadcasters of the event. While the organizing committee quickly recovered their equilibrium and claimed there would be no repercussions for the culprits, ‘experts’ in the field have made it their mission to identify the group (or country) behind the sophisticated attack.

The Olympic Destroyer moves in the form of a network worm, which worked its way through internal servers via Windows network shares to shut down infected systems. Pyeongchang2018.com, network servers of the ski resorts and servers of Atos, the event’s IT service provider, were all targeted in the attack.

Of course the usual suspects were the first in the firing line. North Korea, Russia and China were all placed under the spotlight by various investigators looking into the hack. Kaspersky pointed out that their team suspected “North Korean cyber criminals” or “more specifically, the Lazarus Group.”

After studying a sample of the malware, Kaspersky researchers found digital fingerprints that “point directly to Lazarus as the author.” A deeper investigation, however, showed the resemblance may have been the result of a deliberate copycat operation.

Furthermore, the malware’s “fingerprints” also allegedly pointed to the work of Russian hacker group Sofacy (aka Fancy Bear and APT28). Meaning neither group can be confirmed nor ruled out. The investigation leaves open the possibility that cyber criminals could have implanted the digital remnants of both group as a cunning decoy, or perhaps a collaboration of all of the above is to blame?

Overall, the investigations appeared to turn up more questions than answers, but we want to know: What do you think?