The FA has told the England team not to use public or hotel Wi-Fi at next summer’s World Cup in Russia amid fears of being hacked.
Russia is becoming notorious for politically motivated hacks, and the FA believes that malicious actors in the country could try to expose sensitive information such as squad selections, tactics and private communications.
The FA’s concerns aren’t far-fetched. In August, the Russian hacking group Fancy Bear leaked several documents on drug use in football.
The documents revealed that 200 players failed drugs tests in 2016, and 25 players were allowed to use banned substances during the 2010 World Cup as part of the Therapeutic Use Exemptions – with a suspiciously high number of players apparently suffering from asthma.
The Guardian reports that the Fancy Bear attack was in response to the International Olympic Committee’s decision to ban Russian athletes from Rio 2016 after systemic doping in the country was exposed. And with tensions between England and Russia seen inside and outside football stadiums, a cyber attack on the England team wouldn’t be a surprise.
The FA had already been exploring cyber security measures for the World Cup before the Fancy Bear leak, but it has now announced its strict policies. All equipment belonging to the England squad will be fitted with anti-hacking software, the team will be advised to limit their use of social media, particularly regarding any comments or photographs that could reveal details about their location, and the FA will provide its own Internet access at the team’s training facility.
The FA also wrote to Fifa about its concerns, and the organisation responded: “Fifa has informed the FA that [it] remains committed to preventing security attacks in general [but] Fifa is itself relying on expert advice from third parties.
“It is for this reason that Fifa cannot and does not provide any computer security advice to third parties.”
Staying secure in public
The FA’s fears are standard for any company – particularly high-profile ones – relying on public Wi-Fi to share sensitive information. As Zoe Kleinman, the BBC’s technology reporter, writes: “Once a hacker has access to a Wi-Fi router they can snoop on any of the data being shared on other devices that are connected to it. They can also install a digital backdoor to guarantee re-entry should their access be blocked.
“It would also be easy to spoof a free Wi-Fi hotspot, so that the user might think they were logging on via an official platform but what they would actually be doing is opening up their entire device to a scammer.
“Messaging apps such as Whatsapp and Signal use end-to-end encryption, which means messages cannot be read if they are intercepted – the players will no doubt be encouraged to communicate using the most secure possible platforms.”
Improving awareness of cyber security is a critical aspect of an effective cyber security programme.
Unlike general staff awareness training, the IT Governance Security Awareness Programme helps you build staff awareness that delivers long-term results, while creating engaging and stimulating learning experiences.
The programme combines a needs assessment to identify the areas that your organisation should focus on with tools and services to address the problems that arise. These tools and services include hands-on support from a specialist consultant and a selection of digital assets, games, posters, pocket guides and e-learning courses. All components of the programme are geared towards the individual organisation’s unique challenges and culture, and can be branded to fit the organisation’s corporate identity.