The UEFA Euro 2024 soccer championship tournament began with a bang last weekend, but the focus shifted from the game itself to a cyberattack on Polish public television, TVP. The attack targeted the online broadcast of Poland’s Group D opening match against the Netherlands, causing disruptions for fans tuning in to watch the game.
TVP confirmed that the attack was a distributed denial-of-service (DDoS) effort that coincided with the start of the match. In a statement posted on social platform X, the broadcaster revealed that the attack originated from IP addresses in Poland. However, quick response from national operators helped mitigate the attack and restore the broadcast service within minutes.
As speculation grew about the nature of the attack, Bartłomiej Wypartowicz, an editor at Eastern European cybersecurity outlet Defence 24, suggested that the incident may not have been deliberate. He pointed out that a significant portion of the Polish population tried to access the stream, with a large number of IP addresses belonging to fans of the Polish national team. This led to questions about whether the crash was accidental due to high traffic volume rather than a targeted cyberattack.
On the other hand, Pawel Olszewski, Poland’s deputy minister of digital affairs, dismissed the idea of an accidental crash and pointed fingers at Russia. Olszewski claimed in a media interview that the attack was malicious and orchestrated by Russia to prevent Polish citizens from watching the match online. This accusation is not uncommon, as cybercriminals have a history of targeting major sporting events to disrupt broadcasts and cause chaos.
From the infamous Russia-led Olympic Destroyer attacks during the 2018 Winter Olympics in Pyeongchang to attempted disruptions during the 2022 UEFA World Cup in Qatar, cyber threats have loomed over global sporting events. The upcoming Summer Games in Paris are also at risk, highlighting the ongoing cybersecurity challenges faced by organizers and broadcasters alike.
In the case of the TVP cyberattack, Olszewski was adamant in attributing the incident to Russia. He stated in an interview with Radio RMF24 that “all leads lead to the Russian Federation” and emphasized that the DDoS attack was specifically designed to disable the broadcast service. Despite the quick response from IT teams to repel the attack, the incident raised concerns about the vulnerability of online platforms during high-profile events.
As the UEFA Euro 2024 tournament progresses, cybersecurity measures will be crucial to ensure the smooth running of online broadcasts and prevent further disruptions. The incident serves as a stark reminder of the ever-present threat of cyberattacks on digital infrastructure, especially during major events that attract a global audience. Organizers and broadcasters will need to remain vigilant and proactive in defending against malicious actors seeking to disrupt the spirit of sportsmanship and unity that these events aim to promote.