Endpoint

7/10/2018
10:30 AM
Travis Jarae
Travis Jarae
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
0%
100%

For Data Thieves, the World Cup Runneth Over

Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.

The World Cup, the biggest sporting spectacle in the world, is bound to be a bonanza for fraudsters, spies, and data thieves.

While the superstars of football excite and delight on the field, professionals of a different kind — thieves, engaged in deceptive, hard-to-detect data collection — will lurk in the shadows. These opportunists will use every ability — including fake Wi-Fi hotspots, cell signal spoofing, and theft of ID cards — to profit from identity theft. These nefarious attendees could potentially gain information valuable to international espionage, whether it be blackmail material, national security secrets, or sensitive corporate information.

Well-attended events and highly populated areas have always been havens for criminals and spy agencies, but in recent years, the threat has shifted to less-intrusive collection exercises. At the 2018 FIFA World Cup, some of the things that offer customer value and an enhanced experience — such as FIFA's FAN ID program — are targets.

FIFA's FAN ID document is required by the Russian authorities for all attendees of the World Cup. Ticket holders must have a FAN ID with a valid match ticket in order to enter any of the stadiums hosting matches at the World Cup.

Conveniences like FAN ID offer easier access to stadiums during 2018 FIFA World Cup matches and free access to public transportation. But these also lead to data harvesting and malicious behavior on mobile and personal devices — of both officials and fans.

The FAN ID information collected by Russian authorities includes personal information such as name, photo, nationality, and passport number. Russia has said the FAN ID is designed to crack down on unrest and keep away potential threats, but blacklisted fans have found ways to bypass the system and gain entry. Russian officials received nearly a million applications for the FAN ID program.

The Russian Threat
In light of recent events in international data theft, it's notable that the World Cup is being held in Russia, where the world's hotbed of international espionage has attracted hundreds of thousands of people within its borders, and the host country collected personal information on all of them. And it all comes just as the country is ramping up efforts to destabilize democracies and interfere with elections around the world. Consider:

  • In February, the US Department of Homeland Security warned Americans attending the Winter Olympics in Pyeongchang that they would be targeted by cybercriminals. Before the games occurred, McAfee found that more than 300 Olympic computer systems were attacked, and many were compromised.
  • Once the opening ceremonies began, Russian military spies were found to have hacked computers in South Korea in a "false flag" operation, designed to make it look like the attacks were perpetrated by North Korea.
  • In March, DHS confirmed that unauthorized cell-site simulators, known as "stingrays," have been set up throughout Washington, DC. These devices, also known as IMSI (international mobile subscriber identity) catchers, can be used to spoof cell towers and intercept communications. The availability of this technology is so wide that agents can now have it planted in our nation's capital and go undetected for some time while collecting information.
  • Russia has shown a key interest in collecting data on citizens in foreign countries, using that targeted information to stir up unrest and influence elections. National security experts believe that after working to influence the 2016 presidential election, Russia is once again ramping up to interfere with the 2018 midterm elections in the US.

Piecing it all together — increased Russian espionage, wide availability of Wi-Fi and cellular spoofing tools, cyberattacks on the rise, and the games being hosted in Russia — anyone can see how the 2018 FIFA World Cup is prime territory for cyber theft.

Easy Targets
Still, Russia has been a popular destination for tourists for many years, and the vast majority of those who attend will not likely be targeted. The greater threat for most could be communications concerns, particularly with respect to cell spoofing and public Wi-Fi hotspots. Here again, the fears are justified.

Mobile data, particularly with international roaming charges, doesn't come cheap, which means many visitors will be inclined to utilize free public Wi-Fi hotspots they might encounter during their stay. These can be a gold mine for fraudsters, intercepting all communications coming from mobile devices, including sensitive personal information. A recent study found that more than 7,000 public Wi-Fi hotspots in World Cup host cities are insecure.

The threat of public Wi-Fi is not new — Apple's iPhone warns users before they connect to an unsecured network that it provides "no security" and exposes "all network traffic." But thieves know that human nature is the biggest threat to security, and the desire by fans to be connected while in Russia will drive many to make poor decisions.

How to Stay Safe

  • Don't participate in Internet banking or use any apps that might share personal data. The UK's National Cyber Security Centre advises that match goers bring pay-as-you-go mobile devices rather than their regular smartphone. And when possible, use secure mobile data, such as an end-to-end encrypted connection through a VPN, to maximize security.
  • In terms of spending, credit cards are preferred over debit cards, due to the protections offered by credit card companies. 
  • Those in Russia should also be wary of phishing attempts and email spam. World Cup attendees should also let their friends and family know they will be at the games, as fraudsters will frequently reach out to known family members via email, falsely claiming that the person traveling abroad is in trouble, in what is known as the "stranded traveler" phishing attack.

Related Content:

 

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Travis Jarae is the Founder and CEO of One World Identity, an independent identity research and strategy company focused on digital commerce and infrastructure. Travis founded One World Identity with the goal of facilitating the development of foundational identity, trust, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8360
PUBLISHED: 2019-02-16
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
CVE-2019-8361
PUBLISHED: 2019-02-16
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
CVE-2019-8362
PUBLISHED: 2019-02-16
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, o...
CVE-2019-8363
PUBLISHED: 2019-02-16
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-8358
PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.