World Cup Cybersecurity: Olé, Olé, Olé, We Are the Hackers


Every four years, international soccer’s FIFA World Cup features amazing feats of on-field magic from qualifying national teams, but also presents a tempting target for cybercriminals.

The World Cup is an electrifying event that brings supporters from around the world together for about a month, during which only one thing matters: being crowned World Cup Champions. It is a serious endeavor with approximately 715.1 million people watching the final match broadcast and billions of dollars spent on corporate sponsorships.

Considering the stakes, it is important for the competing teams to keep sensitive information—including strategies, injuries, and tactics—secret from opposing teams. A FIFA spokesman told Bloomberg BNA that it had received a letter from the English Football Association (FA) expressing concerns about sensitive information being leaked before matches during the 2018 World Cup in Moscow.  The letter cited a malware attack launched by hackers known as Fancy Bear.

In 2016, Russian hacker group known as Fancy Bear gained access to World Anti-Doping Agency’s Anti-Doping Administration and Management System, and released purported drug testing records of athletes. The FIFA spokesman said that “with respect to the Fancy Bears attack in particular it is presently investigating the incident to ascertain whether FIFA's infrastructure was compromised.” He said the investigation is “still ongoing.”

FIFA doesn’t provide cybersecurity advice to national soccer teams, the spokesman said. FIFA relies on third party vendors for its cybersecurity, so isn’t in a position to directly offer advice to teams, he said.

FIFA isn’t the only soccer/football-related entity that relies on third parties on privacy and security-related matters. East London-based Premier League club West Ham United announced a partnership with a U.K.-based digital forensics company to prepare for new European Union data privacy rules. Across the Atlantic, the New England Patriots (0-1 at the time of this writing) announced a partnership with email and data security company to protect Patriots employee inboxes from cyberattacks. 

Nor is FIFA the only organization facing a quadrennial cybersecurity headache. The International Olympics Committee had to plan for cybersecurity vulnerabilities leading up to the 2016 Summer Olympic Games in Rio de Janeiro.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.