Special Note: As the World Cup continues, we will update this post with any relevant information on cybersecurity incidents and news. Original Publication Date: 6/13/2018
July 3: Badge of honor or Tracking Device? Fan IDs have become the piece of fan memorabilia for over 1.6 Million World Cup attendees. The badge is roughly the size of a standard conference badge and includes each attendees name and credentials. In addition to entry into the games, the badge gives attendees access to a number of other perks, including visa-free entry into Russia, free transport in an around cities hosting each WC game, as well as discounts in some restaurants and stores.
The badge is more than just a memento of one of the greatest sporting events in the world however, it also doubles as a tracking device for Russian authorities. Touted as a way to ensure the safety of fans, the badges also give World Cup organizers and security officials the ability to track the location of fans during the tournament and provides authorities fans' personal information including: names, dates of birth, passport numbers, phone numbers, emails and home addresses. Despite concerns, Russian authorities have assured FIFA organizers, the governing body of the World Cup, all personal information will remain strictly confidential.
However, the badges have already been used to track and detain at least one fan wanted by his own government. For more on this development head over to The New York Times.
June 18: Two phishing scams are targeting Wold Cup fans: one offering a schedule of fixtures and result tracker, and the other promising a "free" subscription for Adidas shoes, for $50 a month.
With so much anticipation and hype around the World Cup, are banking on employees being less vigilant in opening unsolicited emails and attachments. As such, it is critical that organizations take steps to remind their employees of security best practices to help prevent these attacks being successful.
- Maya Horowitz, Threat Intelligence Group Manager, Check Point
Head over to Info Security to checkout the full story.
June 13: FIFA fans beware: If you attend the World Cup, and plan to take any form of computer or device with you, you are likely to be hacked. In fact, 72% of cybersecurity professionals anticipate an attack during the World Cup, which takes place in Russia over the next month.
William Evanina, Director of the National Counterintelligence and Security Center, issued a statement to Reuters earlier today, stating no attendee, whether there in an official or spectator capacity, is too insignificant a target. Evanina further advises attendees that if they absolutely must take a device, to take one that is not their usual device (ie: a "burner" device) and to remove the battery when not in use. British officials are also issuing the same warnings to their own attendees and players.
If you’re planning on taking a mobile phone, laptop, PDA or other electronic device with you — make no mistake — any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals.
- William Evanina, Director, National Counterintelligence and Security Center
June 10: In related news, the official streaming app for Spain's La Liga soccer division has admitted to spying on its users. According to Spanish newspaper El Diario, the app maker claims the app, which has over 10 million downloads in the Google Play store, enables the microphone to be turned on when a user enters a bar, in an effort to discover if the venue is illegally streaming a match.
La Liga is claiming the issue only affected users in Spain, and only those who opted in to allowing the app to access their device's microphone and gather GPS data. However, this opt-in was tied to the apps privacy policy and was enabled when users accepted the terms and conditions for using the app (who really reads the small print right?). La Liga justified its actions by claiming the illegal streams have cost the league over 150 million Euros, and claims they only gather statistical, not personal data. According to the newly implemented GDPR however, these sorts of practices are now illegal.
Special Note: As the World Cup continues, we will update this post with any relevant information on cybersecurity incidents and news.
#WorldCup #FIFA #Football #Soccer #CyberSecurity #Hacking #Phishing #Adidas #Cyber #Apps #Russia #Spain #KnowYourRysk #ReduceYourRysk