The Winter Olympics are starting in Peking on 4 February. In recent weeks, a variety of articles have been published on the athletes’ (lack of) safety in terms of their mobile devices due to the obligatory app MY2022. This app has been developed by the International Olympic Committee (IOC) to check the health of, among others, participants and coaches. However, researchers at the University of Toronto have discovered that the app contains vulnerabilities. For that reason, the NOC*NSF has advised Dutch athletes to leave their telephones, laptops and other devices at home for fear that the Chinese government could tap them. Incidentally, China is not unique in this respect because tapping devices was also common practice during the winter Olympics in Russia (Sochi). In technical jargon the term we use is then state actors.
The General Intelligence and Security Service of the Netherlands [Algemene Inlichtingen- en Veiligheidsdienst] (AIVD) specifically refers to several state actors in the context of cybersecurity, including China, Russia and Iran.
Generally speaking, state-sponsored digital attacks take place on the basis of the following criteria:
- Cyberespionage or digital espionage, for example on the basis of key political and/or economic interests.
- Digital influencing, for example interfering in the interests of another state.
- Digital sabotage, for example damaging, disrupting or destroying vital systems and/or processes in a particular country.
Why would China act as Big Brother?
China wants to keep all of its 1.4 billion residents under control. One of the ways the regime does this is by means of the Great Firewall of China, which is used to regulate or even block certain parts of the Internet. This enables residents, companies and tourists to be closely monitored. During the Olympic Games of 2008, which were also held in China, bugging devices were installed in the hotel rooms of anyone who had anything to do with the Games, such as athletes, their family members and journalists. The same thing will now happen again, despite the fact that the number of foreign visitors is limited by the pandemic. By spying on athletes and administrators, the Chinese can increase their network of contacts and try to gather information on high-level officials. The Olympic athletes are unwittingly and perhaps unconsciously an excellent medium for achieving this goal. After all, with a bit of luck they will be invited to meet the Prime Minister or even the King when they return to the Netherlands and they will have their smartphones with them.
Is clean equipment the ultimate solution?
That depends. If you use an older and empty telephone and then log in to your Apple ID or Android account, it will not be a good solution because the device will, after all, still be linked to you. If you use a telephone without logging in, on which you do not leave any personal data and which you dispose of after the Games, then you will be protected. It is also advisable not to put any of your contacts into the phone and try to minimize any connection with the outside world.
Is there a better solution?
If you win a gold medal, you will want to shout it from the rooftops. In that case, you are very likely to use your smartphone. Encryption can offer a solution because it encrypts messages before you send them. Unfortunately, as a user, you cannot activate this on the app because it is in the hands of the Chinese government. One thing that is possible, however, is to encrypt your devices, or, in the case of companies, to encrypt your own network. This way, you can prevent third parties from looking in and you can protect any data you send by means of encryption.
There are several preventive measures you can take to protect your company data from state actors. The best way to protect your data is by using transparent encryption. In the business community, we are seeing that this type of encryption is being combined with the segmentation and separation of networks and systems. This significantly reduces the risk of damage due to malware attacks and minimizes the risk of espionage. These two measures are not only the most effective, but also have a relatively low impact on work processes and require a relatively low investment, as you can also read in the documentation provided by the AIVD.
Our advice to anyone going to the Winter Olympics in China is to make sure that your devices are empty and that you throw them away after the Games and focus on delivering a great performance.