The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History

Security: ”The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History:
How digital detectives unraveled the mystery of Olympic Destroyer—and why the next big attack will be even harder to crack.”
WIRED, October 17, 2019
by Andy Greenberg

Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang’s vast, pentagonal Olympic Stadium. He wore a gray and red official Olympics jacket that kept him warm despite the near-freezing weather, and his seat, behind the press section, had a clear view of the raised, circular stage a few hundred feet in front of him. The 2018 Winter Olympics opening ceremony was about to start.


As the lights darkened around the roofless structure, anticipation buzzed through the 35,000-person crowd, the glow of their phone screens floating like fireflies around the stadium. Few felt that anticipation more intensely than Oh. For more than three years, the 47-year-old civil servant had been director of technology for the Pyeongchang Olympics organizing committee. He’d overseen the setup of an IT infrastructure for the games comprising more than 10,000 PCs, more than 20,000 mobile devices, 6,300 Wi-Fi routers, and 300 servers in two Seoul data centers.


That immense collection of machines seemed to be functioning perfectly—almost. Half an hour earlier, he’d gotten word about a nagging technical issue. The source of that problem was a contractor, an IT firm from which the Olympics were renting another hundred servers. The contractor’s glitches had been a long-term headache. Oh’s response had been annoyance: Even now, with the entire world watching, the company was still working out its bugs?


The data centers in Seoul, however, weren’t reporting any such problems, and Oh’s team believed the issues with the contractor were manageable. He didn’t yet know that they were already preventing some attendees from printing tickets that would let them enter the stadium. So he’d settled into his seat, ready to watch a highlight of his career unfold.

Ten seconds before 8 pm, numbers began to form, one by one, in projected light around the stage, as a choir of children’s voices counted down in Korean to the start of the event:


“Sip! … Gu! … Pal! … Chil!”


In the middle of the countdown, Oh’s Samsung Galaxy Note8 phone abruptly lit up. He looked down to see a message from a subordinate on KakaoTalk, a popular Korean messaging app. The message shared perhaps the worst possible news Oh could have received at that exact moment: Something was shutting down every domain controller in the Seoul data centers, the servers that formed the backbone of the Olympics’ IT infrastructure.

Read the Full Article »