Olympic Destroyer: The Cyberattack on the 2018 Winter Games

Getty Images

As the opening ceremonies of the 2018 Winter Olympics began, a cyberattack crippled the games’ digital infrastructure, jeopardizing WIFI connections, event tickets, and even the Olympics app, packed full of information on event schedules, maps, and hotel reservations. At Wired, in this excerpt from his book, Sandworm, Andy Greenberg unravels this digital whodunnit. Who was bent on creating chaos at the Olympics to publicly embarrass South Korea? Was it China? North Korea? Or was it Russia?

Over the next two hours, as they attempted to rebuild the domain controllers to re-create a more long-term, secure network, the engineers would find again and again that the servers had been crippled. Some malicious presence in their systems remained, disrupting the machines faster than they could be rebuilt.

A few minutes before midnight, Oh and his administrators reluctantly decided on a desperate measure: They would cut off their entire network from the internet in an attempt to isolate it from the saboteurs who they figured must still have maintained a presence inside. That meant taking down every service—even the Olympics’ public website—while they worked to root out whatever malware infection was tearing apart their machines from within.

For the rest of the night, Oh and his staff worked frantically to rebuild the Olympics’ digital nervous system. By 5 am, a Korean security contractor, AhnLab, had managed to create an antivirus signature that could help Oh’s staff vaccinate the network’s thousands of PCs and servers against the mysterious malware that had infected them, a malicious file that Oh says was named simply winlogon.exe.

At 6:30 am, the Olympics’ administrators reset staffers’ passwords in hopes of locking out whatever means of access the hackers might have stolen. Just before 8 that morning, almost exactly 12 hours after the cyberattack on the Olympics had begun, Oh and his sleepless staffers finished reconstructing their servers from backups and began restarting every service.

Amazingly, it worked. The day’s skating and ski jumping events went off with little more than a few Wi-Fi hiccups. R2-D2-style robots puttered around Olympic venues, vacuuming floors, delivering water bottles, and projecting weather reports. A Boston Globe reporter later called the games “impeccably organized.” One USA Today columnist wrote that “it’s possible no Olympic Games have ever had so many moving pieces all run on time.” Thousands of athletes and millions of spectators remained blissfully unaware that the Olympics’ staff had spent its first night fighting off an invisible enemy that threatened to throw the entire event into chaos.

Read the story