Protecting the Beijing Olympics from hackers

The security team behind the Beijing 2008 Olympic Games have revealed how they found the real risks hidden within the millions of alerts they received every day.

Faced with 12 million alerts per day the team at the Games' worldwide IT partner Atos Origin used in-house risk management technology to reduce this to just 90 critical alarms, focusing on the most serious risk.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Honey traps were also used to trap several hackers, using results terminals with security holes to lure criminals into attempting to install applications.

At the RSA Conference 2008 in London, Vladan Todorovic, information security manager for the Beijing 2008 Olympic Games, described how the team coped with the alarms triggered on more than 12,000 devices spread over 70 venues, thousands of kilometres apart.

Todorovic said: "We were using real time risk management technology developed at previous games including Athens and Salt Lake.

"We were capable of detecting both the aggressive and slower attacks and prioritising them accordingly.

"As you know we managed it so there was no effect on the running of the Games."

The team expects to face new challenges from more wireless public networks at the London 2012 Games and also hopes to perfect new authentication technologies that were not ready for use in the Beijing Games.

The most frequent security events over the course of the Beijing Games related to port security, unauthorised access attempts and bad configurations, with the overall number of security calls rising to their highest level on the seventh day of the event.

The Atos Origin system used multiple servers to correlate unexpected incidents on the system to spot both fast and staggered attempts to hack the network.

Remaining alarms were then prioritised based on risk, for example if it was on a system at a venue where an event was taking place or on a key system.

Automated real-time security audits also allowed Atos Origin to examine every new or reconfigured device connected to the Games' system to check the device had the proper security settings and antivirus software installed.