Intelligence officials in the United States are warning athletes not to bring personal cellphones to the Olympic and Paralympic Games in Beijing this year due to an increased risk of cyber attacks.
In a bulletin issued Monday, the FBI said while it has not identified any specific threats, large-scale events like the Olympics “provide an opportunity for criminal and nation-state cyber actors to make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals.”
The FBI warned of a number of threat types, including the increased possibility of cyber attacks after downloading mobile applications from untrusted vendors. Some apps – like MY2022, a mandatory app athletes will use to report health data while in Beijing – might allow malicious actors easier access to personal information or opportunity to install malware.
MY2022 has already raised security concerns from some researchers. A group of experts from the University of Toronto found a “simple but devastating flaw” in the app’s audio encryption service, saying the protections can be easily side-stepped. Health forms that include passport information, medical history and other personal documents were also found to be vulnerable to attacks.
To best protect personal information, the FBI recommends all U.S. athletes leave personal cellphones at home, and use temporary devices while at the Games, which are set to kick off on Feb. 4. The Paralympic Games will begin on March 4.
Malicious actors might also target streaming services, the FBI warned, particularly as spectators are banned from in-person viewing due to the ongoing coronavirus pandemic. Streaming services are advised to use multi-factor authentication to ensure the highest level of security, and should conduct frequent audit logs to ensure all users are verified.
Companies should also make encrypted, off-line backups of necessary data in the event of a ransomware attack. The FBI “does not recommend paying ransoms,” as the payment neither ensures the return of files and it may embolden or encourage future attacks.
In 2020, the service provider responsible for the Tokyo Games received more than 450 million cyber-related attacks over the course of the event, although none were successful. The most common attacks identified were malware, email spoofing and phishing and fake websites designed to replicate official Olympic providers.
The warning to athletes came the same day that FBI director Christopher Wray said the threat to the West from the Chinese government is “more brazen” and damaging than ever before, accusing Beijing of stealing American ideas and innovation and launching massive hacking operations.
The speech at the Ronald Reagan Presidential Library amounted to a stinging rebuke of the Chinese government just days before Beijing is set to occupy the global stage by hosting the Winter Olympics. It made clear that even as American foreign policy remains consumed by Russia-Ukraine tensions, the U.S. continues to regard China as its biggest threat to long-term economic security.
“When we tally up what we see in our investigations, over 2,000 of which are focused on the Chinese government trying to steal our information or technology, there’s just no country that presents a broader threat to our ideas, innovation, and economic security than China,” Wray said, according to a copy of the speech provided by the FBI.
The Associated Press contributed to this report.