Inside Olympic Destroyer, the Most Deceptive Hack in History

Just before 8 pm on February 9, 2018, high in the northeastern mountains of South Korea, Sang-jin Oh was sitting on a plastic chair a few dozen rows up from the floor of Pyeongchang's vast, pentagonal Olympic Stadium. He wore a gray and red official Olympics jacket that kept him warm despite the near-freezing weather, and his seat, behind the press section, had a clear view of the raised, circular stage a few hundred feet in front of him. The 2018 Winter Olympics opening ceremony was about to start.
As the lights darkened around the roofless structure, anticipation buzzed through the 35,000-person crowd, the glow of their phone screens floating like fireflies around the stadium. Few felt that anticipation more intensely than Oh. For more than three years, the 47-year-old civil servant had been director of technology for the Pyeongchang Olympics organizing committee. He'd overseen the setup of an IT infrastructure for the games comprising more than 10,000 PCs, more than 20,000 mobile devices, 6,300 Wi-Fi routers, and 300 servers in two Seoul data centers.
That immense collection of machines seemed to be functioning perfectly—almost. Half an hour earlier, he'd gotten word about a nagging technical issue. The source of that problem was a contractor, an IT firm from which the Olympics were renting another hundred servers. The contractor's glitches had been a long-term headache. Oh's response had been annoyance: Even now, with the entire world watching, the company was still working out its bugs?

Andy Greenberg is a WIRED senior writer. This story is excerpted from his book Sandworm, to be published on November 5, 2019.
The data centers in Seoul, however, weren't reporting any such problems, and Oh's team believed the issues with the contractor were manageable. He didn't yet know that they were already preventing some attendees from printing tickets that would let them enter the stadium. So he'd settled into his seat, ready to watch a highlight of his career unfold.Ten seconds before 8 pm, numbers began to form, one by one, in projected light around the stage, as a choir of children's voices counted down in Korean to the start of the event:

“Sip! … Gu! … Pal! … Chil!”

In the middle of the countdown, Oh's Samsung Galaxy Note8 phone abruptly lit up. He looked down to see a message from a subordinate on KakaoTalk, a popular Korean messaging app. The message shared perhaps the worst possible news Oh could have received at that exact moment: Something was shutting down every domain controller in the Seoul data centers, the servers that formed the backbone of the Olympics' IT infrastructure.

As the opening ceremony got underway, thousands of fireworks exploded around the stadium on cue, and dozens of massive puppets and Korean dancers entered the stage. Oh saw none of it. He was texting furiously with his staff as they watched their entire IT setup go dark. He quickly realized that what the partner company had reported wasn't a mere glitch. It had been the first sign of an unfolding attack. He needed to get to his technology operations center.

As Oh made his way out of the press section toward the exit, reporters around him had already begun complaining that the Wi-Fi seemed to have suddenly stopped working. Thousands of internet-linked TVs showing the ceremony around the stadium and in 12 other Olympic facilities had gone black. Every RFID-based security gate leading into every Olympic building was down. The Olympics' official app, including its digital ticketing function, was broken too; when it reached out for data from backend servers, they suddenly had none to offer.

The Pyeongchang organizing committee had prepared for this: Its cybersecurity advisory group had met 20 times since 2015. They'd conducted drills as early as the summer of the previous year, simulating disasters like cyberattacks , fires, and earthquakes. But now that one of those nightmare scenarios was playing out in reality, the feeling, for Oh, was both infuriating and surreal. “It's actually happened,” Oh thought, as if to shake himself out of the sense that it was all a bad dream.