Beijing Olympics on guard against mass hacking attacks

PUBLISHED : Tuesday, 18 December, 2007, 12:00am
UPDATED : Tuesday, 18 December, 2007, 12:00am

Experts expect compromises of news and commentary sites

The Beijing Olympic Games will spark an outbreak of aggressive hacker activity, topping a wave of intense malicious internet attacks expected next year, according to security experts.

They said Beijing Olympics-related websites were prime targets for so-called large-scale denial-of-service attacks. These actions prevent legitimate users from accessing a site's information or services by, for example, overloading a network with unwanted data.

'We predict compromises of popular Olympic news or other sports sites - attacks designed to install malicious software on end-users' machines and steal personal or confidential business information,' said William Tam Wai-kei, the technical manager for Asia-Pacific at Websense, a United States-based supplier of internet-filtering software.

Mr Tam said matters will be further complicated by hackers invading blogs, search engines and various social networking sites, such as MySpace or Facebook.

'We also predict that attackers will increasingly exploit the weakest links within the Web infrastructure to target the greatest number of internet users,' Mr Tam said.

He noted that compromising sites - particularly those established for Olympics-related commentary and other information - provides attackers with built-in Web traffic and minimises the need for lures through e-mail.

David Goddard, the vice-president of technical support, customer assurance and security programs at US-based networking equipment maker Cisco Systems, said: 'Any major entertainment event or gathering will have security risks that need to be considered - from physical to cyber security threats.'

He said it was important to acknowledge that the security issues which needed to be considered for the Olympics in Beijing were not necessarily specific to its location.

'Web- and broadcast-based attacks can be launched from anywhere and can impact a wider audience than those near the Olympic venues,' Mr Goddard said.

Still, the immediate threat from homegrown hackers is real. According to British anti-virus software firm Sophos, 30 per cent of all malicious software that the company has detected was written in the mainland.

'Chinese cyber-criminals are not just hitting personal computers in their own country, but impacting computer users worldwide,' said Graham Cluley, a senior technology consultant at Sophos.

'Surprisingly, 17 per cent of malware written in China is designed for the specific purpose of stealing passwords from online gamers.'

In October, a 20-year-old mainland computer engineer who cloned an Olympics website - - and made about US$50,000 from fake prize draws was arrested by police in Hainan province, according to media reports.

Hou Xinyi, the deputy director for technology of the Beijing Organising Committee for the Games of the XXIX Olympiad, has acknowledged hacking as a potential threat to the event's IT and communications infrastructure.

'We have to prepare, and prevent a lot of young and savvy hackers from breaking into our systems,' Mr Hou said in August. 'We're testing a lot of different scenarios. We have software that helps us simulate real cases when lots of data are running on the systems.', which is responsible for the Beijing Olympics website, has also been preparing for a deluge of online users.

Mr Hou said a network of Web servers has been set up in different countries and across the mainland in case of a systems breakdown.

'Cybercrime is evolving before our eyes,' said John Stewart, Cisco's chief security officer.

'You just can't afford to view information security threats as a standalone duel against a virus or a phishing attack; it is social engineering and technology, trust and pervasive use.'