Cyber Security

HIGHLIGHTS

Crisis Planning Lessons From The Olympics

YouTube to Label State-Funded Broadcasters in Drive Against Misinformation

Editor’s News Picks: Emerging Malware, Cryptojacking Riches, Spying for Less, Equifax Makes an Attempt

Advertisement

Commentary & Analysis

Crisis Planning Lessons From The Olympics

By Kate Fazzini

The 2018 Winter Olympics could be a lab for cybercrime.

The site of the games in Pyeongchang, South Korea, is a cyber-threat hot zone. North Korea has been suspected in a number of high-profile attacks, notably the WannaCry ransomware attacks of 2017 and the 2014 cyberattack against Sony Pictures Entertainment.

The U.S. Computer Emergency Response Team, a division of the Department of Homeland Security, issued a warning Thursday to tourists attending the events in Pyeongchang, hinting at threats the agency anticipates.

“Cyber criminals may attempt to steal personally identifiable information or harvest users’ credentials for financial gain. There is also the possibility that mobile or other communications will be monitored,” CERT said in a statement. The agency recommended updating mobile applications and operating systems and switching off WiFi and Bluetooth connections when not in use.

The games are expected to attract more than 2,000 athletes and more than 150,000 tourists, including political leaders, business executives and wealthy individuals. The international broadcast audience is expected to top 2 billion, based on prior Olympics statistics.

“The Olympics are a good global stage to make statements of all kinds,” said Nathaniel Fick, chief executive of Endgame Inc., which provides endpoint security services.

The security relationship between North and South Korea may be somewhat less strained, because North Korea will be participating in the games. But cyber disaster planners at the Olympics likely will be focused on a game of 4-D chess, with multiple layers of technology and possible attackers, said Mr. Fick. Attackers could include hacktivists who want to leverage the visible Olympic platform, nation-states seeking to sow uncertainty and criminals wishing to exploit an international collection of wealthy tourists, he said.

Companies can learn a lot from the Winter Games, security experts say, about how to prepare for cybercrime not just during a high profile event, but at any time.

Coordinate Cyber and Physical Security

Formulating a crisis strategy for a company bears similarity to creating one for a complex event such as the Olympics, said David Strumpf, a senior principal with Promontory Financial Group, a division of International Business Machines Corp. First, he says, identify potential risks.

These typically include the full scope of possible cyber, physical and terrorist attacks, as well assaults that blend these elements, said Mr. Strumpf.

Many cyber attacks might have physical aspects, such as a shutdown of certain operations or a loss of power, or might have elements of terrorist attacks, such as defacements of a website or the use of a company’s Twitter account to spread inciteful messages. Coordination among specialists in physical security, cybersecurity and the communications organization is critical, he said.

“When things go wrong, what I’ve seen most often is that lack of a communication plan,” said Mr. Strumpf, who previously served seven years in business continuity and crisis leadership roles at Goldman Sachs Group Inc. “And in every post-mortem [of a crisis], the first thing that so often comes back is that ‘we felt like nobody was communicating with us.’ ”

Monitor Attack Trends

The types of attacks facing Olympic planners will dovetail with those facing most companies throughout 2018, experts said, So it’s wise to pay attention to what may be a cyber threat trend at the games.

The pool of consumers and international businesses at the games represent high-value targets for hackers, said Marcin Kleczynski, chief executive of antivirus software company Malwarebytes Inc. Ransomware and mining of cryptocurrencies, in particular, could be problems for both visitors and sponsors or vendors with a retail presence.

Hotels, where security is often relatively weak, will be jam-packed with tourists and their many devices, presenting a great hunting ground for cryptominers that hijack a consumer’s computer and use it mint cryptocoins such as bitcoin, said Mr. Kleczynski.

Write to Kate Fazzini at kate.fazzini@wsj.com.

Advertisement

More From Dow Jones

YouTube to Label State-Funded Broadcasters in Drive Against Misinformation

By Jack Nicas

YouTube’s logo is seen in Berlin. The video-sharing giant has come under fire for spreading misinformation online. SOPHIA KEMBOWSKI/ZUMA PRESS

YouTube said it is planning changes to give users more context for videos promoting conspiracy theories or state-sponsored content, the latest effort by an internet giant to clean up its platform amid criticism over its role in spreading misinformation.

YouTube said it would on Friday start labeling all videos from what it identifies as state-funded broadcasters. The step would affect a range of sources, including the U.S.’s Public Broadcasting Service, or PBS. But it is significant in part because YouTube has been a major conduit for RT, the Russian state news organization that U.S. intelligence officials called “the Kremlin’s principal international propaganda outlet.”

A label on a video by the Korean Broadcasting System, the national public broadcaster of South Korea. YouTube will on Friday begin labeling videos from state-funded channels. COURTESY YOUTUBE

YouTube—part of Alphabet Inc.’s Google unit—is also considering surfacing relevant videos from credible news sources alongside clips peddling conspiracy theories, such as those claiming the moon landing was a hoax, YouTube Chief Product Officer Neal Mohan said in an interview. YouTube has long been rife with such videos.

The company said that change was early in development, so it’s unclear when it would take effect—or how it would select conspiracy theories.

Google and other Silicon Valley giants have scrambled in recent months to address a wave of criticism from Congress, academics, and others how their platforms influence public opinion and discourse. The debate was stoked in part by evidence that Russian actors seeking to manipulate U.S. voters before and after the 2016 election reached more than 100 million people via the tech giants’ sites.

After initially playing down the influence of their platforms last year, the companies have offered a string of mea culpas and proposed solutions. Facebook Inc. Chief Executive Mark Zuckerberg pledged last month to fix problems on his site, including by promoting “broadly trusted” news sources. Twitter Inc. said this week that is has notified roughly 1.4 million people who interacted with accounts now known to be backed by a Russian government-linked group.

Journalists and academics over the past year uncovered an abundance of objectionable content on YouTube, including videos that promoted racist and extremist views and put children in compromising situations. In many cases, YouTube ran ads before the unsavory videos, prompting many top advertisers to pull spending from the site.

Mr. Mohan said that he last year directed his team to improve YouTube as a place to get news, including moves to promote “an ever-changing list of authoritative news sources” that it selects with the Google News team.

“The principle here is to provide more information to our users, and let our users make the judgment themselves, as opposed to us being in the business of providing any sort of editorial judgment on any of these things ourselves,” he said.

He declined to comment on RT, which as of late last year had nearly 5.5 billion views across more than 20 YouTube channels— among the site’s most-watched news networks.

The new policy to label state broadcasters would extend to any news organization that received government funding, he said. So RT’s videos will have a label appended to the bottom that says, “RT is funded in whole or in part by the Russian government.”

PBS will carry a label calling it a “publicly-funded American broadcaster.”

YouTube in recent months also quietly expanded a change to its search engine, in order to return more mainstream news sources for news-related queries.

YouTube first tweaked its search results for breaking news in October after it was criticized for surfacing conspiracy theories about a mass shooting that killed 59 people during a concert in Las Vegas.

The change appears to have improved the search results for some key news events that have attracted conspiracies. Three days after the Las Vegas shooting, for instance, the fifth result for a search on YouTube about the attacks was a video titled: “Proof Las Vegas Shooting Was a FALSE FLAG attack—Shooter on 4th Floor.” But on Thursday night, the results were all mainstream news sources.

A search for "GOP train crash" on Wednesday yielded as the first result a stream from controversial Alex Jones, of the conspiracy-theory site Infowars. JACK NICAS

The policy hasn’t always worked, though. On Wednesday, after a train carrying some Republican lawmakers collided with a truck, searches for “GOP train crash” on YouTube returned as the first result a live stream from Alex Jones, the founder of conspiracy-theory site Infowars, and as the third a video titled, “Train Crash ~ Attempted Assassination of GOP Congress Members?”

YouTube said its algorithm hadn’t quickly enough recognized the search as a news-related query.

“With several other major events over the past few months we have been pleased with the results, but there is more work to do,” it added.

Write to Jack Nicas at jack.nicas@wsj.com

Advertisement

Editor's News Picks

Emerging Malware: A German antivirus testing firm said malware that exploits the Spectre and Meltdown computer vulnerabilities already is being tested by attackers, ZDNet reported. Researchers from the firm identified 139 samples of malicious code that seem to be early attempts at exploiting the bugs, but the researchers did not confirm that all of the attacks were successful. Chip makers and operating system vendors have released patches since the Meltdown and Spectre bugs were disclosed, but computers and connected devices that haven’t been updated still are at risk.

Cryptojacking Riches: A new report from Cisco Systems Inc.’s Talos division found that a single team of hackers can make up to $100 million a year from cryptocurrency mining malware, Forbes reported. The mining code is loaded onto infected computers, where it leaches CPU power to generate digital coins on behalf of the hacker. Talos researchers said that each infected computer can generate around $0.28 of digital coins a day, and that some attackers can infect hundreds of thousands or even millions of devices.

Spying for Less: Cyber espionage programs run by intelligence agencies and criminal organizations are surprisingly cheap, according to new research published by Citizen Lab and reported by CyberScoop. Over the course of more than a year, a hacking group with suspected ties to China spent $1,068 to set up 172 malicious domains, three servers, 58 decoy documents, and 43 custom HTTPS protocol certificates in an effort to spy on people linked to Tibet. “Low cost techniques reduce the barrier for entry to cyber-espionage, opening it to a wide range of actors, but still do require some skill to implement successfully,” researchers said.

Equifax Makes an Attempt: Months after a massive security breach that potentially exposed the personal information of about 143 million U.S. consumers, Equifax Inc. released a free app Wednesday that allows people to lock their credit files through their mobile phone, the New York Times reported. Reviewers spent hours on the app and encountered several glitches that prevented them from setting up a credit lock.

Cyber Security