World Cup squads briefed on cybersecurity best practices


The FIFA World Cup in Russia has passed without much incident so far. Indeed, the only controversial moments have involved the use of the video assistant referee (VAR) for the first time in World Cup history.

The doom and gloom prophecies that accompany the build-up to these major sporting events have become as commonplace as the drama that spills from the multi-million dollar modern-day colosseums during the events.

That’s not to say that these doom and gloom clairvoyants are largely ignored. Undeniably, many of their predictions are anchored with realistic scenarios and the situations that they publicize are often topics that organizers view with very real concern.

For a lot of football teams taking part in the 21st edition of the World Cup, cybersecurity has become a real worry for their traveling parties. The English Football Association (FA) are reported to have gathered members of the playing squad before they departed for Russia to stress the importance of securing their devices. Worried by the prospect of a cyberattack, the FA sought advice from the National Cyber Security Centre (NCSC) before giving players a crash course on avoiding being hacked while on World Cup duty.

Cybersecurity and squads

It’s not just the English that have taken steps to avoid any potential cyberattack. Football Federation Australia (FFA) have decided that it will only use its own mobile internet connection while based in Russia. The Sydney Morning Herald reported that FFA staff and players “were briefed to clear devices of any data and information they wouldn’t be prepared to have public”.

Staff members and players were also warned to never use public or hotel Wi-Fi. Also, in what seems to be one final attempt to avoid any cyber-related incident, players were advised to “remove from their phone emails, photos, messages that they wouldn’t want to see splashed on tabloids. Staff members have been given ‘burners’ – new phones and laptops to be discarded – to use for the duration of their stay in Russia to minimize the data hackers can obtain”.

Members of the Croatian and French World Cup teams have also been warned about the risk they may face from would-be hackers. Guillaume Poupard, the head of France’s information security agency Anssi, has stated that he offered the French squad basic sound tips when away. “It was rather general advice, a bit like what we tell people travelling for business… pay attention to where you connect, don’t take all your personal data with you”, he told the Agence France-Presse (AFP).

Concerns over cybersecurity for teams taking part at the World Cup are not confined to the past few weeks, with the English FA raising concerns over cyber-related incidents to football’s governing body in the fall of 2017. The New York Times ran a story in September of that year reporting how the English FA wrote to FIFA to express concerns about any potential leaks pertaining to confidential information through hacking, warning about the Fancy Bears’ Hack Team.

Although the English FA refused to comment on the story, the Times did get a response from FIFA that confirmed the request. “We can confirm that The F.A. has sent a letter to FIFA related to the Fancy Bears attack,” a FIFA spokesman said. “In its reply, FIFA has informed The F.A. in such context that FIFA remains committed to preventing security attacks in general, and that with respect to the Fancy Bears attack in particular it is presently investigating the incident to ascertain whether FIFA’s infrastructure was compromised.”

The apprehension from those football teams competing at Russia 2018 is nothing new, with several previous global sporting events having suffered from cyberattacks and other cyber-related issues. In the build-up to the FIFA 2014 World Cup and the 2016 Summer Olympics, both held in Brazil, threats detected included phishing attempts, hacktivism and mobile malware. UEFA’s Euro 2016 was also a target for fraudsters looking to dupe fans into buying tickets on newly-created fake websites.

written by Shane Curtis, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s