The author, Conor Deane-McKenna, is Doctoral Researcher in Cyberwarfare, University of Birmingham. This article was originally published in The Conversation, an independent source of news and views from the academic and research community.
Visitors to the 2018 World Cup in Russia will be eager to enjoy the football and soak up the culture. But safety concerns are lurking in the background of this tournament. Whether it is the threat of racial abuse,football hooliganism, or falling victim to fraud, many football fans have good reason to be wary. But alongside these traditional threats, travelling fans and players also need to be vigilant of cyber crime.
The 2018 World Cup presents a number of opportunities for criminals. There will be those looking to take advantage of the festival atmosphere by stealing money, devices or data from travelling supporters and footballers. With the amount of money stolen through cyber crime expected to double from $3 trillion in 2015 to $6 trillion by 2021, the threat is very real. Here are all the ways visiting fans and footballers could fall victim to a cyber attack, and the best advice for staying safe.
To avoid purchasing expensive data roaming packages, many fans will not be using 4G connections. Instead, they’ll rely solely on free WiFi at their hotel, coffee shops and restaurants. Supporters eager to refresh scores of important matches, check their bank account, or download maps to the local stadium might need to think twice before using public WiFi. The lax security controls on public WiFi makes it easy for hackers to steal your information while browsing. Taking control of the network, hackers have the ability to see the information sent between the device and the destination. So if you use passwords or send sensitive information, hackers could steal that data. The ease of setting up public hotspots from phones or other devices means that hackers can have more invasive access without using existing WiFi hubs.
Some fans will travel to Russia without tickets, either to enjoy the atmosphere surrounding the World Cup or with the hope of obtaining tickets while there. Supporters should be wary in the latter case.
Although the public have become more cautious of ticket touts and potential fake sellers, there is still a thriving market online for reselling genuine and fake tickets. This is perpetuated by an increase in the number of website domains registered under the guise of appearing official. Illicit sites that might be confused with official websites increase the risk and likelihood that some visiting fans might be duped into providing personal and financial information in exchange for tickets. Because many individuals use the same password for all of their accounts, using that same password to log in to a fake site leaves wider personal information at risk.
As supporters update their phones with the latest World Cup apps, data collection remains a significant worry. With seven out of ten smartphone apps sharing data with third-party services, it is therefore paramount that fans are careful about the type of information they share on these apps. Consequences might be that the apps collect information or have access to other folders such as contacts.
Fake apps promising the best coverage or ticket deals pose serious threats to personal information stored on devices. Apps that require personal information or more permissions than normal have the potential to steal information.
Smartphones, tablets, watches and other devices form an important part of the experience of football. Supporters can check scores, view team line-ups and share their own thoughts on a variety of platforms. Some may choose to take their devices to Russia but leave them in the perceived safety of their hotels, hidden away in the sock drawer or locked in the safe. A worrying concern is phone cloning software that allows the user to copy a phone, and then gain the ability to intercept calls and texts. Phone cloning technology has become far more readily available.
The potential threats mentioned above apply to the squads themselves and the football associations as a whole. In fact, sports players and football associations have been the victims of cyber attacks before. As a result many countries will be especially concerned with protecting their own players.
Last year in the US, data from 1,200 American football players was stolen in a large cyber hack. The English Football Association has also already fallen victim to a cyber attack. Last summer, it found itself at the centre of a hack which named a number of footballers who were cleared to use banned medicines in the 2010 World Cup.
The contingent of players, coaches and backroom staff present any number of cyber security challenges. No wonder England players will be briefed by GCHQ regarding devices and general cyber security.
In summary, it’s good advice to avoid using public WiFi where possible – and in cases where there are no options use it sparingly. Apps such as Whatsapp boast end-to-end encryption – but even that is no guarantee of safety.
Because fake ticket touts are infamous for their ingenuity when it comes to replicating the real thing, ensuring that your tickets come through licensed sources will limit chances of fraud. Using official apps and carefully selecting which links to click on should ensure safety from the majority of cyber threats. Supporters should also keep devices password locked and with them at all times to avoid tampering.
The World Cup should be an enjoyable experience, but supporters and fans should remain cautious in the face of a growing number of cyber threats.