GT Exclusive: Hidden frontline: Bing Dwen Dwen was used as bait for cyberattacks at Beijing 2022
Published: Feb 11, 2022 10:15 PM
Cyber security. Photo: IC

Cyber security. Photo: IC

The Beijing 2022 Winter Olympic Games has reached its halfway point with athletes from all over the world showing the brilliance of competitive sports. Apart from these intense competitions in the venues, fierce battles were also launched in a "hidden frontline" - cyberspace. 

Cybersecurity experts from Qianxin, a leading Chinese security firm which bears the task of safeguarding the information infrastructure during the Beijing 2022, shared with the Global Times on Friday their experiences during the past days, and one of the most unforgettable was to resist attacks from hackers under the cover of Bing Dwen Dwen, the panda-shaped mascot.

While the unprecedented opening ceremony was being held at the Bird's Nest on February 4, a team of elite cybersecurity experts were sitting backstage, guarding against any possible attacks under minus-10 C like "soldiers."

The Global Times learned from the company that they established 11 teams of special forces consisting of 1,500 experts 30 days ago and already launched the cybersecurity services 800 days ago, as the Olympic Games has also become a stage for hackers to show their "skills." For example, during the 2016 Rio Olympic Games, the websites of the government and sponsors were attacked by APT hacking groups and a large amount of data was leaked. 

In a dark house at the Bird's Nest, Li Xubin and his team are in battle mode. Within two hours, the team gathered and analyzed about 110 million pieces of information recorded in thousands of operating, database systems uninterrupted. By sorting out the information and conducting correlation and behavior analyses, the team monitored, alerted and dealt with attacks and threats in real time, ensuring "zero accidents" for the opening ceremony. 

Qianxin's cybersecurity command center for Beijing 2022 Winter Olympics. Photo: Courtesy of Qianxin

Qianxin's cybersecurity command center for Beijing 2022 Winter Olympics. Photo: Courtesy of Qianxin

On February 5, the Chinese team won the 2,000-meter short track speed skating mixed team relay, claiming the first gold medal of the Beijing Winter Olympics for the Chinese sports delegation and achieving a good start for the country in the new year. 

"That night, when the Chinese team stormed to the championship, there was a surge in traffic across live broadcast systems. We detected a suspected attack on the telecom operator's system and dealt with it in 13 minutes with the help of SkyEye, our new generation threat perception system," cybersecurity expert Bai Yongshuai said.

Through attack and defense penetration and data analysis, SkyEye could accurately discover known advanced network attacks and unknown new types of hosts and servers in the network, using threat intelligence, machine learning and other technologies based on network traffic and terminal logs. 

During the Winter Olympics, telecom operators are responsible for communication services, scheduling and command, and live events. Any security incident may cause serious consequences. At the opening ceremony of the 2018 Winter Olympics in Pyeongchang on February 9, hackers disrupted the internet and broadcasting systems, took down the Olympic website for several hours, temporarily disabled local Wi-Fi around venues and disrupted live coverage of the opening ceremony. 

In response to the cyberattack, the Pyeongchang Olympic Organizing Committee quickly shut down internal web servers and the official website completely. The official website was not restored until 8 am the next day.

The success of the Beijing Winter Olympic Games has not only promoted a large number of athletes, but also brought the mascot - Bing Dwen Dwen - to be a buzzword on the internet. Legions of enthusiastic fans are trying to find ways to buy their beloved mascot as the cute panda has been sold out in China, and even overseas. 

Jack, a threat analyst from the company who is also a fan of Bing Dwen Dwen, found a clue while checking terminal alarms: a computer frequently accessed an unknown IP address in the past two days. Experience told him that the computer was very likely to fall in a trap.

After further investigation, Jack found the IP address pointed to a website about the Winter Olympics, where the words of sales of Bing Dwen Dwen leapt to his eyes. 

It turned out that it was a phishing website where the hackers forged the page of the Winter Olympics and seduced victims to access the page under the disguise of selling Bing Dwen Dwen. 

Once the victims registered their information, hackers can use the phishing page to steal their names, ID numbers, bank card numbers, payment passwords, and verification codes, and send the stolen information back to the attacker's server, Jack said. 

Phishing sites are just the tip of the iceberg in cyber threats during Beijing 2022. 

According to a prediction from experts at Digital World Consulting, a Beijing-based consulting company specializing in the cybersecurity industry, since the Beijing 2022 does not sell tickets to foreign audiences, which will make demand for live broadcasts of events in other parts of the world very prominent, it is estimated that at least 500 million cyberattacks are likely to happen during the Games.

Such an estimate was based on the situation in the Tokyo Olympics in 2021 when the Cyber Threat Alliance said attacks to the Tokyo Olympics would be enhanced as hackers believed the cybersecurity capability was weak at that time, especially amid the increasing demand for livestreaming broadcasts. 

The Tokyo Olympics and Paralympics saw around 450 million attempted cyberattacks when the events were held in the summer of 2021, Japan-based Kyodo News reported in October 2021.