On the site of the Olympic and Paralympic Games (JOP) ticket office, “the phryges” provide reception. Since December 1, the Paris 2024 mascots have marked out the visitor registration process.
The procedure is seemingly easy. The other side of the decor is much more complex. It mobilizes a hundred people under the leadership of the Organizing Committee for the Olympic and Paralympic Games (Cojop). It is actually the entire cybersecurity community that is on the bridge.
ANSSI, the national information systems security agency, has been asked by the Prime Minister to lead the cyberattack prevention strategy. “Like most major events, the Paris Games are a prime target”points out the agency.
“We have a very strong team, from marketing to IT, and a group of experts made up of the companies CTS Eventim, already in charge of ticketing at the Rio Games, Francebillet and Orange Business Services”, lists Damien Rajot, director of commercial operations for Paris 2024.
1.42 billion euros in expected revenue
Ticketing is a major issue. Especially in light of the “hiccups” recorded during the Champions League football final at the Stade de France at the end of May (many counterfeit tickets were detected), or, more recently, during the World Cup in Qatar, with the “disappearance of some tickets due to a bug in the FIFA app.
“The ticket platform is experiencing thousands or even millions of attacks, sometimes coordinated, and which have been increasing sharply in recent years”, notes Aline Barthélémy, cybersecurity consultant at the Swiss company Enova. The ticket office for the Games has something to attract covetousness: with 13.4 million tickets, Paris 2024 is expecting 1.42 billion euros (including hospitality revenue) out of the 4.38 billion budgeted revenues.
“For hackers, it’s a way to make money. For activists, a way to gain visibility. And for foreign powers, a way to tarnish the reputation of the country “lists the specialist.
Protecting the ticket office first consisted of providing a fairly powerful system. ” We know that at all international events, the systems fail when we give people a single date to register. Managing the opening flows, via purchase airlocks, is a first security “, emphasizes Damien Rajot.
More and more realistic fake sites
In the case of Paris 2024, to access the shopping area, spectators will be drawn by lot. They will then have a 48-hour slot, starting February 15, to acquire up to 18 tickets online. What to avoid the saturation of the site and to prevent the compulsive purchase of places by robots.
“It’s a good idea to smooth out the demands, but you still have to plan for power. We are talking here about the equivalent of several concerts, simultaneouslynotes Aline Barthélémy. Hackers could also send a lot of requests, so the system can’t keep up with the load.”.
Every day new crossword puzzles, Sudoku and found words.
Added to this is the threat of counterfeiters. The arrival of spectators with falsified entries could create tensions around the event, beyond the induced financial loss. For the organization, part of the solution lay in the choice of dematerialized tickets. ” The paper ticket can be photocopied and falsified, as we saw at the Stade de France. For the Games, tickets will be sent to spectators’ cell phones, a few days before the events, with a QR code that will be renewed.explains Damien Rajot.
Another preventive measure: a single platform ensures the sale. On the site, a phryge slips its “coaching advice” : “If you see another website offering Paris 2024 Olympics tickets, you can be sure it’s not a legitimate sales channel.. »
It’s no easy feat when hackers create increasingly realistic fake sites. ” State services will monitor the domain names that are registered, to see if there are not addresses that copy them, sometimes to the nearest letter”, explains Aline Barthélémy.
“Researchers assess the state of threats”
The specialist also anticipates sending to messaging and social networks ” hundreds of invitations to contests » with people “who will think they have won tickets – wrongly – and will show up at the gates of the stadiums”. “It could create a nice mess.”
In cybersecurity, prevention is therefore better than cure. “Hacker groups are referenced by country and type of target. Researchers connected to the dark web are assessing the state of threats to see which groups could attack the Games,” exposes the consultant.
ANSSI has set up a system, with the Cojop and the Ministry of the Interior, to “secure critical information systems for the preparation and smooth running of the Games, protect sensitive data and prepare the State’s operational response in the event of an attack affecting the event”.
Difficult to know more, discretion is required. However, the organization recognizes that no system is impenetrable. “You have to be vigilant and have the right systems. There are still things to adjust, but the launch phase is off to a good start,” says Damien Rajot.
To live up to the challenge, Cojop’s budget revision, validated by the Board of Directors on December 12, recorded an increase in cybersecurity expenditure from 17 to 28.3 million euros (including 15.7 million for the Cybersecurity Operations Center).