Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

What I learned from hacking the Winter Olympics

Blog

Finding his way into places where he shouldn’t be is something Joshua Knight excels in. From the internal computer systems of the 2002 Winter Olympics in Salt Lake City to the aftermath of the 9/11 attacks, finding vulnerabilities and helping companies and governments prevent malicious attacks has been his key objective. 

In 2001, while working as a penetration tester, he was tasked with finding vulnerabilities in the cybersecurity systems protecting the upcoming Winter Games. In the wake of the 9/11 terrorist attacks both the federal government and large corporates sought to head off any potential attacks and make sure the cyber-infrastructure supporting the games was as secure as they thought it was. 

Hacking the 2002 Winter Olympics

Because of the sensitivity surrounding the games, the organisers were looking for the top people in the field to try and hack the games’ servers. “The advantage I had was that I specialised in hacking the Windows server environment, something of an emerging specialty back then,” Knight told the Dimension Data Tech Know Podcast. “With the games’ websites being hosted on Windows Server systems, this gave me a starting point.” 

Based in Kansas, almost 1,000 miles from Salt Lake City, and with only limited information to start with, he slowly gained access to the web servers. While being careful not to raise any alarms, he was able to backend database servers, and from there move on to systems hosting more sensitive information, including information on the athletes. 

“At this point I had achieved what I set out to do, and so I reported the issues to the security team so that they could remedy the issues,” Knight shared on the podcast. “Which more often than not meant ensuring that the operating systems and applications running on them had been properly patched,’ he says. 

A changing landscape

The terrorist attacks on 9/11 fundamentally changed that way the establishment viewed security and the amount of funding that went into cybersecurity, from both government and commercial entities. 

“Security has gone through four major paradigm shifts,” Knight added. “From the web, to internet, to cyber, and now to digital.” 

With each shift the area of concern has changed, from just attacking web servers, to attacking systems connected to the internet, to cyber-attacks on critical infrastructure such as power stations, and now with entire digital ecosystems under attack by criminal organisations and nation states. 

This change in attitude regarding the importance of cybersecurity has, become a critical issue for all organisations. 

Governance is the answer – not technology

“The increased focus also turned my career from one where I was a hacker for hire - trying to penetrate secure infrastructure in order to ensure that no-one else could - to one where the focus is more on the issues surrounding compliance, regulation, and governance,” Knight continued. “I used to think that technology was the answer to all security questions, but my experience post 9/11 taught me that governance should always be the starting point for security discussions.” 

For any cybersecurity strategy to be successful it’s critical that policies, procedures, and standards are put in place first and only once these have been established does technology come in to reinforce this. 

This has shifted not only what needs to be done when implementing a security strategy, but more importantly who is involved in the conversations. Knight points out that it’s no longer just the CIO or the CISO who are part of the security discussion. The CEO, CFO, and the audit teams are an integral part of building out a security strategy. 

“The great part of security technology today is that many of the concerns of these groups can be directly addressed via technology,” he added. “This includes governance, risk and compliance, access management and management of all digital systems.” 

Security’s next step

Every organisation is looking to the future and they are aware that securing the software-defined environment is critical. Security needs to be embedded into software-defined systems. 

“One of the key differences between 20 years ago and today is that the security story is boiled down to a place that makes sense,” according to Knight. “I believe that we are going to see the role of the CISO replaced by the Chief Trust Officer, a role that encompasses security, privacy, and audit. Security is just a part of the equation, and forward-thinking organisations are already trying to figure out what this role will look like.” 

Be sure to listen to the full story of what Joshua Knight learned from hacking the Winter Olympics on the Dimension Data Tech Know Podcast!

Previous Article: The data centre is dead! Long live the data centre! Next Article: The two-way conversation you need to have with your CEO on cybersecurity

You may be interested in

Cityscape
Blog

The two-way conversation you need to have with your CEO on cybersecurity

With cyberattacks featuring regularly in mainstream news, it’s good to see that Boards and CEOs are becoming more cybersecurity conscious.

Read blog
City
Blog

Balancing risk and innovation

There’s no question that digital is the way forward. It offers tremendous benefits to your business: faster speed to market, more business intelligence and improved customer relationships.

Read blog
Cityscape
Blog

Securing the multi-cloud

As economic and operational benefits of the cloud became clearer, business units aggressively drove cloud services adoption across the business.

Read blog
Computers
Blog

Now’s the time to engage a Managed Security Services provider

There are now more reasons than ever to engage a managed security services provider (MSSP).

Read blog