Hacker attacks and pro-Palestinian propaganda: what dangers the ESC faces in cyberspace

The cyberattacks began just in time for the semifinals. They continued for days. In the end, Ukraine was declared the winner of the 2022 Eurovision Song Contest – thanks in part to a successful battle behind the scenes. Pro-Russian hackers and internet activists had attempted to disrupt the song contest, largely unsuccessfully.

The ESC has always been political. The high level of attention the show attracts is perfect for conveying messages . This can also be achieved through cyberattacks or disruptions. Those responsible in Switzerland have made preparations accordingly. In addition to the increased threat of terrorism and possible protests , the police also consider cyberattacks to be among the challenges.

The Federal Office for Cyber ​​Security is leading the cybersecurity effort. Over the past few months, it has developed scenarios and established communication channels with the participating authorities, companies, and organizations. The authorities can also draw on previous incidents for guidance.

In May 2022, the Eurovision Song Contest came under fire from pro-Russian groups because the organizer, the Geneva-based European Broadcasting Union (EBU), had barred Russia from participating following the attack on Ukraine in February. As a result, there were several DDoS attacks, in which web servers are overloaded and can temporarily crash. However, the authorities reportedly managed to fend them off.

At the Eurovision Song Contest in Basel, which begins on Tuesday with the first semifinal, the conflict with Russia is less of a focus. The greater threat comes from pro-Palestinian groups, which are also calling for demonstrations on the ground. It is therefore very possible that there will be online attacks against the Eurovision Song Contest, and especially against the Israeli participant.

The focus here is on DDoS attacks that are not intended to cause damage, but rather to attract attention. Following the Hamas terrorist attack on Israel on October 7, 2023 , such attacks were observed on Israeli websites . Switzerland has experience with such overload attacks from pro-Russian sources.

The group NoName057 managed to attract public attention several times. While this didn't result in any major web server outages, the sometimes exaggerated media coverage allowed the attackers to achieve their goal: to attract attention and create uncertainty. This could also be the goal of pro-Palestinian groups.

Also conceivable are the defacements of websites. Attackers usually gain access to a web server through known security vulnerabilities and place a political message there. In these cases, too, the goal is not to cause damage to IT systems—which is usually not even possible—but to attract attention.

Attacks on the ESC's actual IT infrastructure are also conceivable. If a group were to succeed in, for example, disrupting the viewer vote or even the broadcast of the television broadcast, it would be guaranteed worldwide attention. The ESC typically reaches over 150 million people . In Turin in 2022, irregularities occurred during the jury voting of six countries. Officials did not disclose whether these were related to a cyberattack.

Another possible scenario that could cause reputational damage to Switzerland and its organizers would be an attack on ticket control. Checking spectators' tickets requires a functioning IT infrastructure. If these systems are only partially available during a critical time window, for example, this can quickly lead to delays and create chaos.

Technical malfunctions can occur even without a deliberate attack. In such cases, rapid communication is required to avoid causing uncertainty among the public and the public. To do this, it is necessary to be able to clarify the situation quickly. An example from last June, when the Ukraine Conference took place on the Bürgenstock mountain, demonstrates why this is important.

On the morning of the second day of the conference, power outages occurred in Bern and the surrounding area. The Inselspital had to switch to emergency power supply . The question immediately arose as to whether a Russian cyberattack might have been the cause. This was not the case. However, the authorities needed some time to determine the cause – a technical malfunction. They were unable to reach a contact person at the responsible energy supplier.

In the region around the Bürgenstock in central Switzerland, such a delay would likely not have occurred. Authorities had established contacts with critical infrastructures in advance of the conferences – for precisely such a case.

According to the Federal Office for Cybersecurity, cooperation between the partners and media agencies is well established for the ESC in Basel. This also includes authorities in neighboring countries, where, for example, the airport or participants' hotels are located. The event organizers have also made participants aware of cyber risks.