A hacked result could mean the difference between an Olympic gold medal and an athlete watching the award ceremony from the sidelines.
As sporting events increasingly go digital — from the stadium systems to scorekeeping — experts warn those systems can be hacked.
The Berkeley Center for Long-Term Cybersecurity released new research on Tuesday that says hackers could disrupt everything from ticketing to announcement systems in an effort to cause chaos or win medals at massive sporting events.
The study focused on the Olympic Games over the next 10 to 15 years. The research is backed in part by the Los Angeles Organizing Committee for the Olympic and Paralympic Games 2028.
The California city is hosting the summer Olympics in just over a decade.
Current cybersecurity efforts are still largely focused on areas like protecting websites or email accounts. Betsy Cooper, executive director of the Berkeley Center for Long-Term Cybersecurity and the paper’s lead author, said people should consider a broader range of threats.
“The worst thing that most people think about happening is ‘What if the website goes down?'” she said. “But just as we’ve seen in the 2016 election, you have to be really creative in thinking about the types of implications that someone [may] impose on a major sporting event.”
The report lists eight key areas of risk for Olympic meddling, including hacks on photo or video replays, athlete care, transportation, and panic-inducing actions. In the not-too-distant future, the report says, the world might see a headline like this one: “Austrian Swimmer Allegedly Hired Hacker to Gain Access to Competitors’ Email.”
The Olympics is ostensibly a neutral platform but is often politicized or manipulated. During the Cold War, attention focused largely on the the U.S. and Russia competition. In 1972, a group of Palestinian terrorists kidnapped and eventually killed 11 Israeli Olympic team members at the Munich Olympics. In 2016, the former head of Russia’s anti-doping laboratory exposed a state-run drug program designed to make Russian athletes win at the 2014 Sochi Olympics.
Sports is already a focus of hackers. Last year, Russian hackers leaked medical data related to 25 Olympic athletes. Organizations and websites affiliated with the Rio Olympics experienced distributed denial of service (DDoS) attacks in the summer of 2016. Hackers targeted the 2014 World Cup in Brazil. The hacker group Anonymous launched a DDoS attack on the Formula 1 website in 2012.
Machines monitor a lot of sporting activity, and in one sport, computerized decision making is the norm. A system called Hawk-Eye is used in major sports like tennis and lets players challenge whether the ball was in or out. The digital technology’s decision overrules the human umpire.
“If somebody could get into the Hawk-Eye system and manipulate the way it makes decisions, it could actually affect the outcome of the sport,” Cooper said. “As we include more digital technologies into sports and use them to detect false starts and to measure the amplitude of a jump, we also incorporate new vectors of possible risk.”
Cooper says attackers could also use hacks to cause physical harm. For example, a terrorist hacker could put messages on a scoreboard that cause people to panic and rush out of the stadium.
Cooper hopes the research helps people better understand the potential risks of adding digital technologies to sports without weighing the consequences.
“In events like sports, like elections, like all sorts of systems in our world, we need to start thinking about cybersecurity as something everyone has a role to play in, not just the IT manager,” she said.