Endpoint

7/10/2018
10:30 AM
Travis Jarae
Travis Jarae
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
0%
100%

For Data Thieves, the World Cup Runneth Over

Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.

The World Cup, the biggest sporting spectacle in the world, is bound to be a bonanza for fraudsters, spies, and data thieves.

While the superstars of football excite and delight on the field, professionals of a different kind — thieves, engaged in deceptive, hard-to-detect data collection — will lurk in the shadows. These opportunists will use every ability — including fake Wi-Fi hotspots, cell signal spoofing, and theft of ID cards — to profit from identity theft. These nefarious attendees could potentially gain information valuable to international espionage, whether it be blackmail material, national security secrets, or sensitive corporate information.

Well-attended events and highly populated areas have always been havens for criminals and spy agencies, but in recent years, the threat has shifted to less-intrusive collection exercises. At the 2018 FIFA World Cup, some of the things that offer customer value and an enhanced experience — such as FIFA's FAN ID program — are targets.

FIFA's FAN ID document is required by the Russian authorities for all attendees of the World Cup. Ticket holders must have a FAN ID with a valid match ticket in order to enter any of the stadiums hosting matches at the World Cup.

Conveniences like FAN ID offer easier access to stadiums during 2018 FIFA World Cup matches and free access to public transportation. But these also lead to data harvesting and malicious behavior on mobile and personal devices — of both officials and fans.

The FAN ID information collected by Russian authorities includes personal information such as name, photo, nationality, and passport number. Russia has said the FAN ID is designed to crack down on unrest and keep away potential threats, but blacklisted fans have found ways to bypass the system and gain entry. Russian officials received nearly a million applications for the FAN ID program.

The Russian Threat
In light of recent events in international data theft, it's notable that the World Cup is being held in Russia, where the world's hotbed of international espionage has attracted hundreds of thousands of people within its borders, and the host country collected personal information on all of them. And it all comes just as the country is ramping up efforts to destabilize democracies and interfere with elections around the world. Consider:

  • In February, the US Department of Homeland Security warned Americans attending the Winter Olympics in Pyeongchang that they would be targeted by cybercriminals. Before the games occurred, McAfee found that more than 300 Olympic computer systems were attacked, and many were compromised.
  • Once the opening ceremonies began, Russian military spies were found to have hacked computers in South Korea in a "false flag" operation, designed to make it look like the attacks were perpetrated by North Korea.
  • In March, DHS confirmed that unauthorized cell-site simulators, known as "stingrays," have been set up throughout Washington, DC. These devices, also known as IMSI (international mobile subscriber identity) catchers, can be used to spoof cell towers and intercept communications. The availability of this technology is so wide that agents can now have it planted in our nation's capital and go undetected for some time while collecting information.
  • Russia has shown a key interest in collecting data on citizens in foreign countries, using that targeted information to stir up unrest and influence elections. National security experts believe that after working to influence the 2016 presidential election, Russia is once again ramping up to interfere with the 2018 midterm elections in the US.

Piecing it all together — increased Russian espionage, wide availability of Wi-Fi and cellular spoofing tools, cyberattacks on the rise, and the games being hosted in Russia — anyone can see how the 2018 FIFA World Cup is prime territory for cyber theft.

Easy Targets
Still, Russia has been a popular destination for tourists for many years, and the vast majority of those who attend will not likely be targeted. The greater threat for most could be communications concerns, particularly with respect to cell spoofing and public Wi-Fi hotspots. Here again, the fears are justified.

Mobile data, particularly with international roaming charges, doesn't come cheap, which means many visitors will be inclined to utilize free public Wi-Fi hotspots they might encounter during their stay. These can be a gold mine for fraudsters, intercepting all communications coming from mobile devices, including sensitive personal information. A recent study found that more than 7,000 public Wi-Fi hotspots in World Cup host cities are insecure.

The threat of public Wi-Fi is not new — Apple's iPhone warns users before they connect to an unsecured network that it provides "no security" and exposes "all network traffic." But thieves know that human nature is the biggest threat to security, and the desire by fans to be connected while in Russia will drive many to make poor decisions.

How to Stay Safe

  • Don't participate in Internet banking or use any apps that might share personal data. The UK's National Cyber Security Centre advises that match goers bring pay-as-you-go mobile devices rather than their regular smartphone. And when possible, use secure mobile data, such as an end-to-end encrypted connection through a VPN, to maximize security.
  • In terms of spending, credit cards are preferred over debit cards, due to the protections offered by credit card companies. 
  • Those in Russia should also be wary of phishing attempts and email spam. World Cup attendees should also let their friends and family know they will be at the games, as fraudsters will frequently reach out to known family members via email, falsely claiming that the person traveling abroad is in trouble, in what is known as the "stranded traveler" phishing attack.

Related Content:

 

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register before July 27 and save $700! Click for more info

Travis Jarae is the Founder and CEO of One World Identity, an independent identity research and strategy company focused on digital commerce and infrastructure. Travis founded One World Identity with the goal of facilitating the development of foundational identity, trust, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18519
PUBLISHED: 2018-11-19
BestXsoftware Best Free Keylogger 5.2.9 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.
CVE-2018-19355
PUBLISHED: 2018-11-19
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfi...
CVE-2008-7320
PUBLISHED: 2018-11-18
** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision.
CVE-2018-19358
PUBLISHED: 2018-11-18
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig...
CVE-2018-19351
PUBLISHED: 2018-11-18
Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py, NbconvertFileHand...