Engineering the World Cup: Cybersecurity Behind the Scenes

As we recently discussed in our previous article on Uptane, the internet has produced an era of increasing hyperconnectivity. While it may, at times, appear convenient —the problem lies in our ability to secure it all. There are now so many devices running on so many different networks that securing everything can be a logistical nightmare.

Cybercriminals have an artillery of tools at their disposal and a breadth of targets with which to direct them. What’s more, the ‘reputational reward’ for cybercriminal groups is on the rise, and the geopolitical landscape is becoming increasingly complex. As such, high-profile networks, governing bodies, and events are becoming prime targets for cyberattacks.

To that end, what event provides a better example of international cybersecurity challenges than the FIFA World Cup?

Let’s talk logistics

Logistically, the World Cup is labyrinthine. For starters, there are 32 countries, each with their own agenda, competing across 12 stadiums throughout Russia. Each of these stadiums, conceivably, is broadcasting their own Wi-Fi network(s) for ticket holders, staff, volunteers, and competitors. Based on ticket sales, approximately 2.5 million people are attending various matches. If you factor in wearable technology, then there’s a similar number of smart devices.

Outside the stadiums, hundreds of hotels, shops, and restaurants are open for attendees to visit — many of which will, again, have a Wi-Fi network. There’s also all the ‘freebies’ that get handed out: the t-shirts, the drink bottles, the USB drives. And then, online, another 3 billion people are watching the games across dozens of network channels. There are copious websites to place bets, read the news, or buy tickets, and social media profiles for all prominent figures are running at full capacity.

To cybercriminals, the world cup is a veritable goldmine of data, money, opportunity, and reward.

Local exploits

This may seem hyperbolic to some. However, the point of this article is to highlight that both technology and people are fallible and that there are individuals and groups out there waiting to exploit this. Take the ‘simple’ Wi-Fi connections around the stadium, for example. Connecting to these networks is easy for most, and some phones now attempt to do so automatically. But, connecting to an unsecured or fake Wi-Fi network is a great way for criminals to conduct Man in the Middle (MITM) attacks. In MITM attacks, legitimate-sounding networks and nodes are created so that you will, thinking they’re legitimate, connect to them.

Unfortunately, 'secure' networks — those that use Wi-Fi Protected Access Protocols (WPA) — can still be tampered with. Last year’s Key Reinstallation Attack (KRACK) highlighted this, breaking the then most current version of the protocol, WPA2. Even after removing user error from the equation, hackers, with the right motivations, can also replicate a StingRay phone tracker system near the stadiums. This system, mimicking a cell tower, forces all nearby devices to connect to it. After you connect to any of these networks, hackers can either get data from your devices directly or monitor them to track your data use (and password entry).

Now, let’s say you’re taking precautions, and your laptop and phone are on Airplane mode. Are you safe? Well, you’re safer, but physical connections can still impact you. Remember those giveaway USB sticks you picked up before the game? Imagine what would happen if someone managed to tamper with them all before you received it. What if they had a hidden keylogger, or a background Malware program waiting for you to connect to the internet?

International exploits

So, let’s say you’re not even in Russia at this point — does that mean you're safe now? The short (and hopefully self-evident) answer: no. Unfortunately, being outside Russia during the World Cup neither guarantees the safety of your data nor removes the impact of cybercrime on you. Events like the World Cup generate international media coverage and high internet traffic. Cybercriminals are aware of this — creating malicious websites that resemble the legitimate ones. Researchers at Group-IB have detected a total of 37,000 potentially-malicious sites linked to the World Cup. Of these, at least 1,500 specifically target the 2018 event, using the event name, host cities, and other relevant details.

On these sites, you’ll find the usual suspects — fake payment forms and login pages, phishing, malware, and so on. While people are growing more internet-savvy, phishing attempts this year have still resulted in the sale of fake tickets for up to £23,000. These sites may also ask you to enable Adobe Flash, an application notorious for security flaws. Enabling Flash allows hackers to exploit weaknesses in the code and access your information. Outside of these sites, there’s also:

• Spyware embedded in mobile apps (particularly on Android phones)
• Phishing emails sent to players, staff and visitors, and
• About 76% of popular sites containing some sort of vulnerability or malicious program.

When browsing a popular site such as the FIFA World Cup page, hackers may 'hijack' your browsing session to gain information about you. There are several ways to do this, including stealing your browser cookies. These cookies, which, for either advertising or convenience purposes, store small snippets of information such as login credentials. Cybercriminals don’t typically comply with GDPR legislation and do as they please with your data. Acquiring your cookies gives a hacker easy access to your accounts.

To those of you watching at home

As a final example, suppose you’re sitting at home, eager to watch the final on Sunday. You’re not browsing the internet, you’re using a secure Wi-Fi network, you've got strong passwords, and you’ve not answered any phishing emails. Nothing can go wrong, right? Wrong. One of the key targets of a worm or DDoS attack — which overwhelms servers by flooding them with traffic — is broadcasting networks. Because of the tense geopolitical situation, one of the main challenges that Russia faces is attacks from other nation-states, or related groups, that impact the event’s success. Given the high number of viewers around the world, broadcasting is a big target. As such, you may not be able to watch that decisive free kick or penalty.

It’s not all bad, though

This isn’t to suggest that you should put your device down, unplug your router, and stop using the internet forever. See, some of the main online threats for these big events are socially-engineered in nature, meaning we can all play a part in stopping them. Because these hacks are often self-inflicted, we can reduce their frequency by continuing to educate the public. On top of this, while the fake ticketing sites have been mentioned by the media, the reason why cyberattacks aren't more prominent in the headlines is that security engineers are preventing and mitigating them.

There is no blanket solution for this, but engineers can implement robust and agile systems that buffer against attacks. They can install the core technology, improve it where possible, monitor the system, and work to stop exploits as they happen. As Stéphane Nappo, Global Chief Information Security Officer at Société Générale International Banking, said, “Exhaustive prevention is an illusion. We can't secure misconfiguration, shadow IT, third parties, human error, former employees... Focus on what matters more and be ready to react.”For the World Cup, malicious domains are monitored and shut down, malware on popular sites is blocked and removed, encryption and firewalls are put in place, and reactive systems are developed to minimise the impact of attacks.

Advanced encryption algorithms help to protect information at all stages of data transmission, and new authentication methods (multi-factor, biometric, or otherwise) make it increasingly difficult to access devices and networks. What’s more, security-as-a-service organisations are protecting their clients through a range of solutions. Radware, a leading provider of cybersecurity and application delivery solutions, has been mitigating thousands of attacks every day during Russia 2018.

Raise a Glass

A lot of work across copious fields goes into making events like the World Cup run without incident. While the inevitability of a breach forever lingers in the air, engineering efforts to prevent these disasters ultimately lead to an enjoyable experience for most. So, the next time you’re thinking about the World Cup(s), Wimbledon, the Super Bowl, or the AFL Grand Final, why not raise a glass (or two) to the engineers working behind the scenes to keep it all running smoothly.