FBI Urges Olympic Athletes To Use Burner Phones

The threat of malicious cyber activities that could disrupt the upcoming Winter Olympics in Beijing has resulted in a remarkable warning from US federal authorities.

The FBI in a notice warned all participants of that event, and the Paralympics in March, to leave their personal devices at home.

Instead the FBI has urged all athletes to instead use a ‘temporary’ or burner phone while at the Games.

FBI warning

“The FBI is warning entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities to disrupt these events,” it stated on Monday.

The FBI said that cyberattacks could include distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, or insider threats.

“Additionally, the FBI warns Olympic participants and travellers of potential threats associated with mobile applications developed by untrusted vendors,” it said. “The download and use of applications, including those required to participate or stay in country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware.”

It then issued the ‘burner phone’ advice.

“The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games,” said the FBI. “The National Olympic Committees in some Western countries are also advising their athletes to leave personal devices at home or use temporary phones due to cybersecurity concerns at the Games.”

The FBI said it was not aware of any specific cyber threat against the Olympics, but pointed out that previous Games have been subjected to heavy attacks.

The 2020 Tokyo Olympics and Paralympics, saw NTT Corp provide its cyber services. While both events were successfully held, NTT said there were more than 450 million attempted cyber-related incidents during the event, although none were successful.

Burner phone

The huge scale of attacks at previous Games was backed up by cyber security specialist Mandiant, which said it has historically seen the Games attract the attention of cyber threat actors, but with them taking place in China this year, there are a few additional things to consider.

“As with many high-profile international events, the Olympic Games generate a spike in economic activity and press coverage in the host nation, which we’ve seen attract the attention of cyber threat actors in the past,” noted Cristiana Kittner, principal analyst, Mandiant Threat Intelligence.

“Based on our understanding of threat activity surrounding previous Olympics, this activity could be in the form of nation-state actors and information operations campaigns using the media attention to embarrass rivals through hack-and-leak campaigns, website defacements or other disinformation,” said Kittner.

“We’ve also seen financial criminal actors capitalise on events like this to exploit increased tourism and local spending or use Olympic-themed subject lures in their malware campaigns targeting the public,” said Kittner.

“With the event in China this year, known to be one of the ‘big four’ nations when it comes to cyber activity, we could also see reconnaissance activities on devices brought into the country by visitors,” said Kittner. “It’s important to be aware that cyber activity could target athletes, officials and visitors, but also the different businesses that support the Olympics too, whether that’s in industries like hospitality, telecoms or providing a sponsorship deal.”

Mandiant’s advice for visitors to the Games is as follows:

• Leave your personal devices at home and take burner devices if you need to – ones that you will only use while visiting and replace afterwards. Secure these devices and accounts you’ll access with strong passwords
• Use a VPN at all times, and enable multi-factor authentication wherever possible
• Avoid accessing social media and banking if at all possible – pick up the phone and make a call for anything that requires credentials
• Remember your connections – it’s not just about protecting yourself, but also organisations you’re linked with