Hackers trying to disrupt the Paris Olympics turned to disinformation campaigns when their electronic intrusions failed, a tactic that foreign adversaries could attempt to use against the U.S. elections next month.
Cybersecurity officials in France spent more than two years preparing for this summer’s Games, working with private companies and other parts of the government to shore up defenses. While there were constant cyberattacks from a variety of sources, none disrupted the Olympics, Vincent Strubel, the head of France’s cybersecurity agency, said in an interview this week.
Mr. Strubel said one activist hacking group, the Cyber Army of Russia Reborn, claimed that it would attack the water sanitation system in Paris to disrupt the swimming competitions in the Seine.
“We had to make sure that the attack could not happen from a technical side and then make sure they did not effectively make a fake claim,” Mr. Strubel said.
To counter the Cyber Army’s claims that the Seine water could be unhealthy, the French government both scanned for cyberattacks against the sanitation system and put out information about the water quality, officials said.
Ahead of the Games, the French agency worked with the sanitation infrastructure, strengthening its cyberdefenses, Mr. Strubel said.
American officials believe the Cyber Army poses a threat in the United States. In July, the State Department imposed sanctions against two members of the group, accusing them of attacking critical infrastructure in the United States. The department said Russia provided a haven for such groups to disrupt U.S. systems.
While the Russian group’s “lack of sophistication and victims’ responses have thus far prevented any instances of major damage,” the State Department said, “unauthorized access to critical infrastructure systems poses an elevated risk of harm to the public and can result in devastating humanitarian consequences.”
When hackers failed to penetrate critical systems in France, they sought to strike less-protected systems. Mr. Strubel said there was a “close call” involving a ransomware attack on a group supporting a museum where fencing events were held. But French authorities responded quickly, preventing any interruption of the competition, he said.
The United States could face similar challenges next month from Russian influence groups, intelligence agencies and activist hackers.
American officials have said they have spent years shoring up voting systems to make it difficult to hack into state or local governments to change vote totals. U.S. intelligence officials assess that the resilience of the system, and its hyperlocal nature, has convinced foreign adversaries that changing the results through hacking election systems is all but impossible.
But some foreign governments still believe they can influence what Americans think about the security of the election, and could spread false claims about the ability to hack the election.
Officials from Microsoft said Russian groups that had focused on spreading false claims about terrorism threats against the Olympics have now turned their attention to the U.S. election.
The Russian propagandists that Microsoft calls Storm-1679 led a campaign that flooded social media with short videos raising alarms about possible terrorist attacks in Paris.
Pure propaganda campaigns in France are not tracked by Mr. Strubel’s agency, but instead by a sister organization, Viginum, that combats disinformation online. Viginum was one of the first government groups to identify a Russian campaign aimed at pushing out fake videos about the C.I.A. and French intelligence.
French officials said they worked to aggressively counter disinformation about the safety of the Olympics by identifying and calling out Kremlin disinformation regarding terrorism, and highlighting their own efforts to secure the Games. The officials said identifying the terrorism warnings as being falsified and part of a Russian propaganda campaign was a top priority.
Mr. Strubel was in Washington this week to participate in an international effort to fight ransomware. The initiative aims to curb ransomware attacks against hospitals and the health care industry, improve incident reporting and reduce payments to criminal hackers.
But Mr. Strubel has also been meeting with counterparts and discussing the lessons his country learned from the Olympics, work that will be relevant to the United States as it fights off what officials have predicted will be an intense wave of foreign influence operations in the coming weeks.
Given the international character of cyberattacks, Mr. Strubel is a frequent visitor to the United States. In April, ahead of the Games, he visited Washington for consultations with U.S. officials after President Emmanuel Macron of France said Russia could conduct cyberattacks on the sporting events.
The opening ceremony of the 2018 Olympics in Pyeongchang, South Korea, was disrupted by a cyberattack from Russia. But despite anger in Moscow about French support for Ukraine, Russia was not able to repeat such an attack on the Paris opening ceremony, and athletes only had to deal with rain as the boats carrying them traveled down the Seine, Mr. Strubel said.
The post Unable to Penetrate Systems, Hackers Spread Lies About Vulnerabilities appeared first on New York Times.