This month Anonymous Brazil and an affiliate group, known as ASOR Hack Team, announced the launch of the hacktivist operation, OpOlympicHacking. The announcement used the hashtag “#OpOlympicHacking” and phrase “let the games begin.” The operation was established in protest of the 2016 Rio Olympic games scheduled for August, claiming that the only people to profit from the games were politicians and the organizations affiliated with it, and money spent for the games could’ve been used for more meaningful purpose.
At the time of writing, we have detected claims of successful data leakage, in one instance against a multinational energy corporation that has been embroiled in multiple corruption scandals in Brazil, as well as claims of successful distributed denial of service attacks. At time of writing, we were able to only confirm that the purported leaked data was posted to Pastebin, though has not yet been detected elsewhere.
This all sounds ominous. But what does it mean for organizations? For this, we can learn from the tactics, techniques and procedures (TTPs) used in previous, similar operations. OpOlympicHacking has been established as part of a very similar sentiment to OpWorldCup, which was also established by Anonymous Brazil and occurred in the summer of 2014. Between May 30, 2014 and July 9, 2014, we reported a total of 179 incidents as illustrated below. In OpWorldCup, the TTPs included data leakage, defacement, denial of service and exposure, which largely encompassed “doxing” – that is, the public disclosure of personal information online. The “other” section pertains to the release of target lists, discovery of plans and significant updates to OpWorldCup.
Figure 1 – Breakdown of 179 incidents associated with OpWorldCup by TTP
But how similar are these two operations? The levels of cyber activity associated with OpWorldCup, including the groups that participated and the resulting cyber attacks, are demonstrative of the impact that world events can have on the level of hacktivist participation in a given operation. Based on current evidence, OpOlympicHacking has a number of causative ingredients that suggest it to be likely it will a significant operation. Namely, the operation is motivated by the same sentiments as OpWorldCup and has been started by the same group, Anonymous Brazil. The announcement of OpOlympicHacking was “liked” on Facebook a total of 2,860 times and further shared by 3,339 users. This is significantly more than many other hacktivist operations that have been launched in the past. Finally, the operation is centered on an event that is globally recognized and therefore is more likely to attract wider hacktivist participation.
Figure 2 – Hacktivist groups affiliated with OpWorldCup in 2014
Based on the large number of groups that participated in OpWorldCup and the resulting levels of malicious cyber activity, as well as the global recognition and significance of the Olympic games, it is likely that there will be further malicious cyber activity around OpOlympicHacking. In addition to this, based on the previous activity observed as part of OpWorldCup, there is a realistic possibility that contributing companies and hacktivist groups will consider organizations, such as sponsors, fair game. However, these organizations can learn from the TTPs used in OpWorldCup and align their security postures accordingly.