Endpoint

7/10/2018
10:30 AM
Travis Jarae
Travis Jarae
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
0%
100%

For Data Thieves, the World Cup Runneth Over

Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.

The World Cup, the biggest sporting spectacle in the world, is bound to be a bonanza for fraudsters, spies, and data thieves.

While the superstars of football excite and delight on the field, professionals of a different kind — thieves, engaged in deceptive, hard-to-detect data collection — will lurk in the shadows. These opportunists will use every ability — including fake Wi-Fi hotspots, cell signal spoofing, and theft of ID cards — to profit from identity theft. These nefarious attendees could potentially gain information valuable to international espionage, whether it be blackmail material, national security secrets, or sensitive corporate information.

Well-attended events and highly populated areas have always been havens for criminals and spy agencies, but in recent years, the threat has shifted to less-intrusive collection exercises. At the 2018 FIFA World Cup, some of the things that offer customer value and an enhanced experience — such as FIFA's FAN ID program — are targets.

FIFA's FAN ID document is required by the Russian authorities for all attendees of the World Cup. Ticket holders must have a FAN ID with a valid match ticket in order to enter any of the stadiums hosting matches at the World Cup.

Conveniences like FAN ID offer easier access to stadiums during 2018 FIFA World Cup matches and free access to public transportation. But these also lead to data harvesting and malicious behavior on mobile and personal devices — of both officials and fans.

The FAN ID information collected by Russian authorities includes personal information such as name, photo, nationality, and passport number. Russia has said the FAN ID is designed to crack down on unrest and keep away potential threats, but blacklisted fans have found ways to bypass the system and gain entry. Russian officials received nearly a million applications for the FAN ID program.

The Russian Threat
In light of recent events in international data theft, it's notable that the World Cup is being held in Russia, where the world's hotbed of international espionage has attracted hundreds of thousands of people within its borders, and the host country collected personal information on all of them. And it all comes just as the country is ramping up efforts to destabilize democracies and interfere with elections around the world. Consider:

  • In February, the US Department of Homeland Security warned Americans attending the Winter Olympics in Pyeongchang that they would be targeted by cybercriminals. Before the games occurred, McAfee found that more than 300 Olympic computer systems were attacked, and many were compromised.
  • Once the opening ceremonies began, Russian military spies were found to have hacked computers in South Korea in a "false flag" operation, designed to make it look like the attacks were perpetrated by North Korea.
  • In March, DHS confirmed that unauthorized cell-site simulators, known as "stingrays," have been set up throughout Washington, DC. These devices, also known as IMSI (international mobile subscriber identity) catchers, can be used to spoof cell towers and intercept communications. The availability of this technology is so wide that agents can now have it planted in our nation's capital and go undetected for some time while collecting information.
  • Russia has shown a key interest in collecting data on citizens in foreign countries, using that targeted information to stir up unrest and influence elections. National security experts believe that after working to influence the 2016 presidential election, Russia is once again ramping up to interfere with the 2018 midterm elections in the US.

Piecing it all together — increased Russian espionage, wide availability of Wi-Fi and cellular spoofing tools, cyberattacks on the rise, and the games being hosted in Russia — anyone can see how the 2018 FIFA World Cup is prime territory for cyber theft.

Easy Targets
Still, Russia has been a popular destination for tourists for many years, and the vast majority of those who attend will not likely be targeted. The greater threat for most could be communications concerns, particularly with respect to cell spoofing and public Wi-Fi hotspots. Here again, the fears are justified.

Mobile data, particularly with international roaming charges, doesn't come cheap, which means many visitors will be inclined to utilize free public Wi-Fi hotspots they might encounter during their stay. These can be a gold mine for fraudsters, intercepting all communications coming from mobile devices, including sensitive personal information. A recent study found that more than 7,000 public Wi-Fi hotspots in World Cup host cities are insecure.

The threat of public Wi-Fi is not new — Apple's iPhone warns users before they connect to an unsecured network that it provides "no security" and exposes "all network traffic." But thieves know that human nature is the biggest threat to security, and the desire by fans to be connected while in Russia will drive many to make poor decisions.

How to Stay Safe

  • Don't participate in Internet banking or use any apps that might share personal data. The UK's National Cyber Security Centre advises that match goers bring pay-as-you-go mobile devices rather than their regular smartphone. And when possible, use secure mobile data, such as an end-to-end encrypted connection through a VPN, to maximize security.
  • In terms of spending, credit cards are preferred over debit cards, due to the protections offered by credit card companies. 
  • Those in Russia should also be wary of phishing attempts and email spam. World Cup attendees should also let their friends and family know they will be at the games, as fraudsters will frequently reach out to known family members via email, falsely claiming that the person traveling abroad is in trouble, in what is known as the "stranded traveler" phishing attack.

Related Content:

 

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Travis Jarae is the Founder and CEO of One World Identity, an independent identity research and strategy company focused on digital commerce and infrastructure. Travis founded One World Identity with the goal of facilitating the development of foundational identity, trust, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff 11/16/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19406
PUBLISHED: 2018-11-21
kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.
CVE-2018-19407
PUBLISHED: 2018-11-21
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
CVE-2018-19404
PUBLISHED: 2018-11-21
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= ...
CVE-2018-19387
PUBLISHED: 2018-11-20
format_cb_pane_tabs in format.c in tmux 2.7 through 2.8 might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
CVE-2018-19388
PUBLISHED: 2018-11-20
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_x86!ReleaseFXURLToHtml issue.