Football squads at FIFA World Cup onside with cybersecurity training

World Cup squads briefed on cybersecurity best practices

The football associations of countries competing at Russia 2018 are taking no chances when it comes to cyber-related issues

The football associations of countries competing at Russia 2018 are taking no chances when it comes to cyber-related issues

The FIFA World Cup in Russia has passed without much incident so far. Indeed, the only controversial moments have involved the use of the video assistant referee (VAR) for the first time in World Cup history.

The doom and gloom prophecies that accompany the build-up to these major sporting events have become as commonplace as the drama that spills from the multi-million dollar modern-day colosseums during the events.

That’s not to say that these doom and gloom clairvoyants are largely ignored. Undeniably, many of their predictions are anchored with realistic scenarios and the situations that they publicize are often topics that organizers view with very real concern.

For a lot of football teams taking part in the 21st edition of the World Cup, cybersecurity has become a real worry for their traveling parties. The English Football Association (FA) are reported to have gathered members of the playing squad before they departed for Russia to stress the importance of securing their devices. Worried by the prospect of a cyberattack, the FA sought advice from the National Cyber Security Centre (NCSC) before giving players a crash course on avoiding being hacked while on World Cup duty.

Cybersecurity and squads

It’s not just the English that have taken steps to avoid any potential cyberattack. Football Federation Australia (FFA) have decided that it will only use its own mobile internet connection while based in Russia. The Sydney Morning Herald reported that FFA staff and players “were briefed to clear devices of any data and information they wouldn’t be prepared to have public”.

Staff members and players were also warned to never use public or hotel Wi-Fi. Also, in what seems to be one final attempt to avoid any cyber-related incident, players were advised to “remove from their phone emails, photos, messages that they wouldn’t want to see splashed on tabloids. Staff members have been given ‘burners’ – new phones and laptops to be discarded – to use for the duration of their stay in Russia to minimize the data hackers can obtain”.

Members of the Croatian and French World Cup teams have also been warned about the risk they may face from would-be hackers. Guillaume Poupard, the head of France’s information security agency Anssi, has stated that he offered the French squad basic sound tips when away. “It was rather general advice, a bit like what we tell people travelling for business… pay attention to where you connect, don’t take all your personal data with you”, he told the Agence France-Presse (AFP).

Concerns over cybersecurity for teams taking part at the World Cup are not confined to the past few weeks, with the English FA raising concerns over cyber-related incidents to football’s governing body in the fall of 2017. The New York Times ran a story in September of that year reporting how the English FA wrote to FIFA to express concerns about any potential leaks pertaining to confidential information through hacking, warning about the Fancy Bears’ Hack Team.

Although the English FA refused to comment on the story, the Times did get a response from FIFA that confirmed the request. “We can confirm that The F.A. has sent a letter to FIFA related to the Fancy Bears attack,” a FIFA spokesman said. “In its reply, FIFA has informed The F.A. in such context that FIFA remains committed to preventing security attacks in general, and that with respect to the Fancy Bears attack in particular it is presently investigating the incident to ascertain whether FIFA’s infrastructure was compromised.”

The apprehension from those football teams competing at Russia 2018 is nothing new, with several previous global sporting events having suffered from cyberattacks and other cyber-related issues. In the build-up to the FIFA 2014 World Cup and the 2016 Summer Olympics, both held in Brazil, threats detected included phishing attempts, hacktivism and mobile malware. UEFA’s Euro 2016 was also a target for fraudsters looking to dupe fans into buying tickets on newly-created fake websites.

Once upon a time

Football

Taking part in a major sporting event often comes with an attempt to unsettle competitors and teams. Decades before cybersecurity was even a concept, the captain of the England football team, Bobby Moore, was arrested in Bogota, Colombia, on suspicion of stealing a bracelet, in the build-up to the 1970 World Cup that took place in Mexico.

Moore was held by authorities for four days and was only released following the intervention of then-Prime Minister of Britain, Harold Wilson. The central defender went on to be one of the most outstanding performers at the World Cup and no charges were ever brought against him. Conveniently, nobody else has ever been charged with the theft. Perhaps it was just a failed attempt at some old-fashioned gamesmanship used to unsettle the English captain!

In the 1980s, a strange affliction seemed to fall upon many football teams who traveled to the Soviet Union, whereby several players would end up with severe stomach upsets. Known as ‘Moscow Tummy’, the unfortunate digestive issue seemed to befall the unlucky souls who braved the food prepared by the native chefs. Such incidents became so common that teams started importing their own food and cooks to games and tournaments.

In fact, so fresh in the memory is the dreaded ‘Moscow Tummy’ that teams still bring their food with them. The Argentina FA are believed to have brought over 2700 kilograms of food to Russia with them. Perhaps they just want to have their own food, but then again — once bitten…

The disruption to teams and players going to major sporting events is nothing new and perhaps the incidents from yesteryear seem almost trivial when placed against the threats that a breach in cybersecurity can bring. It does show, however, that fraudsters and tricksters of all persuasions have targeted these events in the past and continue to do so.

Discussion