Hackers could use World Cup for their own end game

It’s not long now, in June the FIFA World Cup 2018 is set to kick off in Russia. Football is one of the most common shared interests in the world, fans are emotionally committed and play a big part in the success of their national teams. Unfortunately, we can also often react irrationally based on strong feelings – just like falling in love – and hackers will often try to exploit this to manipulate our behavior. Major events are always a good playing field for cybercriminal activity. Events like a world championship unite people around the world and offer cybercriminals a whole range of opportunities from phishing and spam mails to sabotaging infrastructure and manipulating results.

Although spam has become little more than a background nuisance with users ignoring or blocking unsolicited messages, recipients may be more likely to open an email with a tempting subject such as “Last chance – World Cup final tickets available!” if they really want to see a live match and have not been able to get hold of tickets. Still spam is spam – even if a fan did manage to get highly-sought after tickets rather than being redirected to a blank page or advertising for food supplements, the tickets would certainly be forgeries. Unwitting fans might be left in an even worse situation if the spam mail also contains a phishing exploit that attempts to capture bank or PayPal details or contains malware which infects their system.

As the whole world will be watching the World Cup, it is a worthwhile target for sabotage and getting mass public attention. If an attacker were to succeed in sabotaging the scoreboard in the stadium causing it to fail or – even more dramatically – display their own content, this would be highly damaging for host organizations and a real win for the hackers. The sabotage of critical infrastructure such as traffic management systems, power plants or waterworks would also have much more drastic consequences as such major events attract large numbers of people in a single location, putting key infrastructure under pressure. Of course Russia will do everything to protect itself from such attacks, but there are many politically motivated groups who have been waiting for such an opportunity for a long time and will intensify their attacks during the four-week World Cup.

Recently a vulnerability was discovered in a common card security system for hotel door locks. Hackers could try to block the doors to demonstrate their power or simply clear out all valuables with an electronic master key. And another risk is likely to be significantly greater for visitors than usual: Many will use public hotspots to go online. Data is relatively easy to intercept without security measures like a virtual private network. Applications such as online banking and PayPal use SSL for securing data transfer but people who use the same password for a financial website and for a football community website could be confronted with an empty account. And then they will have more to worry about than the winning or losing team.