US law enforcers are urging participants at the Beijing Winter Olympics to leave their devices at home after warning of potential state-backed and cybercrime activity at the event.
An FBI alert issued yesterday claimed it was aware of no specific threat to the games but urged “partners” to remain vigilant.
While strict Communist Party COVID restrictions mean no foreign spectators will be allowed to attend the Olympics or Paralympics, athletes could be targeted, the Feds warned.
“The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the games. The National Olympic Committees in some Western countries are also advising their athletes to leave personal devices at home or use temporary phones due to cybersecurity concerns at the games,” the notice read.
“The use of new digital infrastructure and mobile applications, such as digital wallets or applications that track COVID testing or vaccination status, could also increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware. Athletes will be required to use the smartphone app, MY2022, which will be used to track the athletes’ health and travel data.”
Alongside the potential for Chinese agents to spy on participants and other attendees, the FBI warned of the risk of disruption by third parties, who could target broadcasters, hotel networks, transport providers, ticketing services, event security and other Olympic support functions.
It cited the last event in Pyeongchang, South Korea, four years ago where Russian state actors managed to cause significant disruption to the official website and media center.
However, the reality is that few hostile nations will want to spoil China’s party, given the potential geopolitical repercussions, and Beijing will be marshaling all of its resources to keep cybercrime actors at bay.
That said, the FBI has released a set of recommended best practices for organizations and individuals with a presence at the event to mitigate network, remote working, ransomware and social engineering threats.