10:30 AM
Travis Jarae
Travis Jarae
Connect Directly
E-Mail vvv

For Data Thieves, the World Cup Runneth Over

Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.

The World Cup, the biggest sporting spectacle in the world, is bound to be a bonanza for fraudsters, spies, and data thieves.

While the superstars of football excite and delight on the field, professionals of a different kind — thieves, engaged in deceptive, hard-to-detect data collection — will lurk in the shadows. These opportunists will use every ability — including fake Wi-Fi hotspots, cell signal spoofing, and theft of ID cards — to profit from identity theft. These nefarious attendees could potentially gain information valuable to international espionage, whether it be blackmail material, national security secrets, or sensitive corporate information.

Well-attended events and highly populated areas have always been havens for criminals and spy agencies, but in recent years, the threat has shifted to less-intrusive collection exercises. At the 2018 FIFA World Cup, some of the things that offer customer value and an enhanced experience — such as FIFA's FAN ID program — are targets.

FIFA's FAN ID document is required by the Russian authorities for all attendees of the World Cup. Ticket holders must have a FAN ID with a valid match ticket in order to enter any of the stadiums hosting matches at the World Cup.

Conveniences like FAN ID offer easier access to stadiums during 2018 FIFA World Cup matches and free access to public transportation. But these also lead to data harvesting and malicious behavior on mobile and personal devices — of both officials and fans.

The FAN ID information collected by Russian authorities includes personal information such as name, photo, nationality, and passport number. Russia has said the FAN ID is designed to crack down on unrest and keep away potential threats, but blacklisted fans have found ways to bypass the system and gain entry. Russian officials received nearly a million applications for the FAN ID program.

The Russian Threat
In light of recent events in international data theft, it's notable that the World Cup is being held in Russia, where the world's hotbed of international espionage has attracted hundreds of thousands of people within its borders, and the host country collected personal information on all of them. And it all comes just as the country is ramping up efforts to destabilize democracies and interfere with elections around the world. Consider:

  • In February, the US Department of Homeland Security warned Americans attending the Winter Olympics in Pyeongchang that they would be targeted by cybercriminals. Before the games occurred, McAfee found that more than 300 Olympic computer systems were attacked, and many were compromised.
  • Once the opening ceremonies began, Russian military spies were found to have hacked computers in South Korea in a "false flag" operation, designed to make it look like the attacks were perpetrated by North Korea.
  • In March, DHS confirmed that unauthorized cell-site simulators, known as "stingrays," have been set up throughout Washington, DC. These devices, also known as IMSI (international mobile subscriber identity) catchers, can be used to spoof cell towers and intercept communications. The availability of this technology is so wide that agents can now have it planted in our nation's capital and go undetected for some time while collecting information.
  • Russia has shown a key interest in collecting data on citizens in foreign countries, using that targeted information to stir up unrest and influence elections. National security experts believe that after working to influence the 2016 presidential election, Russia is once again ramping up to interfere with the 2018 midterm elections in the US.

Piecing it all together — increased Russian espionage, wide availability of Wi-Fi and cellular spoofing tools, cyberattacks on the rise, and the games being hosted in Russia — anyone can see how the 2018 FIFA World Cup is prime territory for cyber theft.

Easy Targets
Still, Russia has been a popular destination for tourists for many years, and the vast majority of those who attend will not likely be targeted. The greater threat for most could be communications concerns, particularly with respect to cell spoofing and public Wi-Fi hotspots. Here again, the fears are justified.

Mobile data, particularly with international roaming charges, doesn't come cheap, which means many visitors will be inclined to utilize free public Wi-Fi hotspots they might encounter during their stay. These can be a gold mine for fraudsters, intercepting all communications coming from mobile devices, including sensitive personal information. A recent study found that more than 7,000 public Wi-Fi hotspots in World Cup host cities are insecure.

The threat of public Wi-Fi is not new — Apple's iPhone warns users before they connect to an unsecured network that it provides "no security" and exposes "all network traffic." But thieves know that human nature is the biggest threat to security, and the desire by fans to be connected while in Russia will drive many to make poor decisions.

How to Stay Safe

  • Don't participate in Internet banking or use any apps that might share personal data. The UK's National Cyber Security Centre advises that match goers bring pay-as-you-go mobile devices rather than their regular smartphone. And when possible, use secure mobile data, such as an end-to-end encrypted connection through a VPN, to maximize security.
  • In terms of spending, credit cards are preferred over debit cards, due to the protections offered by credit card companies. 
  • Those in Russia should also be wary of phishing attempts and email spam. World Cup attendees should also let their friends and family know they will be at the games, as fraudsters will frequently reach out to known family members via email, falsely claiming that the person traveling abroad is in trouble, in what is known as the "stranded traveler" phishing attack.

Related Content:


Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Travis Jarae is the Founder and CEO of One World Identity, an independent identity research and strategy company focused on digital commerce and infrastructure. Travis founded One World Identity with the goal of facilitating the development of foundational identity, trust, ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-03-22
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X...
PUBLISHED: 2019-03-22
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
PUBLISHED: 2019-03-22
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.