Jun 14, 2018

How the World Cup plays out among hackers

A hand with an umpire's whistle and a circuit board

Illustration: Sarah Grillo/Axios

The World Cup begins today in Russia, and hackers are watching the games.

Why it matters: In prior years, Cybersecurity firm Akamai has seen declines in cyberattacks while the World Cup games are in play — "at least until games are out of reach," said Patrick Sullivan, Akamai director of security technology.

Once games are well in hand, attacks from the losing team's nation spike well above normal. Often, said Sullivan, that takes the form of attacks designed to take down news stories in the victor's country that tout a home-team win.

Hacktivists: Sullivan notes activists frequently use various forms of cyber attacks during major sporting events to protest the host nation — often targeting sponsors to get their point across. He points to protestors upset with the amount of money spent in the recent Brazillian World Cup as an example.

  • But threat intelligence firm Flashpoint tells Codebook there is little credible chatter from activists looking to use the Russian games as a soapbox this year.

Nations: Some recent Olympics have been marred by destructive nation-led attacks, including attacks against the World Anti-Doping Association and wide-spread malware attacks. However, it appears World Cup host nation Russia was behind the bulk of these assaults, with occasional ducks behind fake personas like "Anonymous Poland."

  • "It is telling that those [cover personas] who claimed to be exposing hypocrisy in sports have been quiet when the event is in Russia," said Roman Sannikov, director of European research and analysis at Flashpoint.

Tourist traps: The U.S. and U.K. governments are warning tourists and soccer players to leave behind any device not essential to their survival, to avoid both cyber espionage and cyber criminals — Russia has thriving ecosystems of both.

What all this means for your favorite sport: Maybe soccer isn't your thing. But every time there is a successful cyberattack at a sporting event, said Craig Williams, director of outreach for Cisco's Talos research group, the threat creeps closer to a big event — sports or otherwise — that you care about.

  • "There's never been a publicly acknowledged Olympic Destroyer type attack at a U.S. sporting event," said Williams. "But you have to think of this like arson. Every time there's a successful attack, the arsonists gets emboldened."
Go deeper