Fearful of data breaches and keen to avoid embarrassing images surfacing in the home of ‘kompromat’, several teams at the World Cup in Russia have enforced rigid guidelines to shield their players from hacks.
Whereas in past tournaments teams went to extraordinary lengths to keep the paparazzi at bay, the stars of Russia 2018 have a more high-tech approach to guarding their privacy.
The Australian football federation is one of several to use its own mobile internet connection while in Russia, in theory to make it harder to access information contained on the devices of players and staff.
The Socceroos are forbidden from joining unprotected Wifi networks and must instead connect via one of the team’s own VPN-fitted 4G mobile routers.
Team official Adam Mark told AFP the players had been told “just to be smart about while they’re here, i.e. not logging on to public Wifis.”
“Cybersecurity is something that we are concerned about,” said Croatia team official Tomislav Pacak. “Concerning security in general, we don’t share anything with any media or the public other than what is said during press conferences.”
The anxiety to avoid hacks at this World Cup is so great in some camps that several teams sought advice from their national security services before leaving for Russia.
England were briefed by Britain’s GCHQ intelligence service and players’ smartphones and other connected devices have been fitted with special encryption software for the tournament.
Guillaume Poupard, the head of France’s information security agency Anssi, told AFP his organisation had advised the national team on online safety while in Russia.
“It was rather general advice, a bit like what we tell people travelling for business… pay attention to where you connect, don’t take all your personal data with you,” Poupard said.
– Public at risk? –
While this sounds like good advice no matter where high-profile millionaires such as footballers ply their trade, it is not just the players that may be at risk in Russia, known for the practice of kompromat — gathering compromising personal material for nefarious means.
Russian hacking group Fancy Bear, for example, published emails of the International Olympic Committee in 2014 after Russia was banned from competing in this year’s Pyeongchang Winter Olympics for its doping programme.
Such an attack on tournament organisers FIFA, for example, “would have a significant impact on its image”, according to Chris Hodson, of cybersecurity firm Zscaler.
Yet the most common targets of online hacks and scams remain members of the general public, and Anssi has launched an awareness campaign to coincide with sport’s biggest event.
Cybersecurity firm Checkpoint last week uncovered a phishing campaign, whereby users are tricked into handing over their personal details via fraudulent emails, camouflaged as a World Cup matches wall chart.
“With so much anticipation and hype around the World Cup, cybercriminals are banking on employees being less vigilant in opening unsolicited emails and attachments,” said Checkpoint’s Maya Horowitz.
“As such, it is critical that organisations take steps to remind their employees of security best practices to help prevent these attacks being successful.”
Internet users have been advised to be wary of streaming matches on pirate feeds that may contain malware, and to avoid unofficial ticketing sites.
For Nicola Caproni, consultant at web security firm Sekoia, internet users need to be vigilant but not obsessive over their data during the tournament in Russia.
“Don’t take business data with you, don’t leave your telephone or computer at the hotel, be careful with your devices, don’t just connect to any Wifi hotspot, and use a VPN.”