Organisers of Brazil's beleaguered 2016 Summer Olympic Games are facing the prospect of malicious cyberattacks even as they struggle to cope with the country's deepening political and economic crisis. An estimated 3.5m people took part in anti-government protests in more than 300 cities across the Latin American nation on 13 March. Demonstrators called for an end to government corruption, the impeachment of beleaguered President Dilma Rousseff and a solution to the economic issues facing the country.
Political analysts have warned of a continuation of civil unrest in the next six months - anything from mass protests to violence against security forces - but Roussef's government will now also have to prepare for malicious cyberattacks after hacker group 'Anonymous Brasil' announced the launch of its Olympic protest campaign dubbed #OpOlympicHacking.
The August Rio de Janeiro Olympics could well provide demonstrators "with an international platform to voice popular disaffection with the government", Tom Bacon, head of risk analysis at global risk advisory firm Protection Group International, told IBTimes UK, but the consultant also warned that frustrated demonstrators are increasingly showing signs they will also be using an online platform to voice their frustration.
"We have witnessed a bigger number of online hacktivists groups who have recently announced plans for a build-up to an anti-Olympics campaign. We might see increased online hostility towards the Games developing as well through a more hacktivist perspective," Bacon explained. "It's not necessarily going to be a nefarious type of crime but rather hacktivism, which is quite an important distinction. It's protest message via an online means rather than a spike in financial activities being disrupted."
200 specialists trained to repel cyberattacks
Jennifer Bates, a political risk analyst at the firm, added: "There will be a centre of about 200 specialists believed to be from the military specialised on protecting cybersecurity. The capacities to tackling cyber crime falls within the military - and those specialists are going to be deployed quite close to the Olympic Games. They are already training."
There have been precedents for these threats, including during the Confederations Cup. In the run up to the 2014 Fifa World Cup in Brazil, meanwhile, Anonymous launched #OpWorldCup to protest social injustices surrounding the event, which David Emm, principal security researcher at Kaspersky Lab said came as no surprise.
At the time, Anonymous did so through hundreds of so-called DDoS attacks - attempts to take a website offline by overwhelming it with internet traffic - and website defacement attacks, where changes are made to the appearance of either single webpages, or entire sites. In one attack, the group claimed it had access to the internal system of the Brazilian Federal Police.
"High profile sporting events provide cybercriminals with all kind of opportunities in line with their different motives - in the case of Anonymous, to make a social and political point," Emm told IBTimes UK.
Government, organisers should take cybersecurity measures
The researcher explained it was essential that businesses and individuals alike raised their guard, to minimise their exposure to attacks, while he urged the Brazilian government to play its part in getting the message out and encouraging cybersecurity measures.
"It's vital that the government reviews security of the systems that underpin the Games, to make sure the Games themselves are not disrupted. In particular, they should seek to separate the public-facing systems (for example, used to sell tickets to events) from the systems used to control the infrastructure that supports the events," Emm advised.
"One weapon in the arsenal of cybercriminals in Brazil and elsewhere is the DDoS attack, which has been used in the past to take down ticketing systems. Therefore, it is vital that the organisers of the games ensure high availability and load-balancing on critical nodes to help mitigate this type of attacks."
To do so, Mark James, a security specialist at ESET, recommended the Brazilian government and event organisers ensure their security is water-tight and fully understand their exposure to attack. "This will mean all software and hardware will have to be completely up-to-date with the latest patches and firmware, and that all possible attack scenarios are forethought and that the proper mitigation software is in place and fully deployed," James told IBTimes UK.
According to Sean Sullivan, a security adviser at F-Secure Labs, 'viable' online threats could include crime, crypto-ransomware targeting Brazilian businesses, extortion attacks and DDoS threats aimed at ticketing venues, but Sullivan said he did not expect concerns about Anonymous to cause much additional stress.
"I sincerely doubt it will be any data of real consequence. Maybe they'll hack an email account of an official, which will certainly be an embarrassment to the individual, but hardly of interest to anybody else," he added. "Anonymous is not a 'viable' threat when compared to other security risks/threats."