Fancy Bears, Russia and the World Cup cybersecurity threat

• by Paul Kennedy  @pkedit, Sep 11, 2017

Cybersecurity has been an issue in our lives since the Internet took off in the mid-1990s. It became a central issue in the 2016 presidential campaign -- from Hillary Clinton's famous e-mails to the DNC hacking -- and introduced us to the term "trolling farms," a key part of Russia's efforts to manipulate public opinion leading up to the November 2016 election.

Now cybersecurity has emerged as an issue ahead of the 2018 World Cup in Russia. England players and staff have been warned not to use public or hotel WiFi at next summer's tournament, the fear being that they will be hacked and sensitive information, including injuries, lineups and tactical plans, could be compromised.

There has already been a World Cup hacking of sorts. Fancy Bears -- a cyber espionage group associated with the Russian military intelligence and linked to many international hacking operations -- released the names of 25 players given therapeutic use exemptions -- medical waivers -- during the 2010 World Cup in South Africa and claimed 160 players failed drug tests in 2015.

The English FA not only expressed its concerns to FIFA about these past leaks and potential leaks next summer -- England has all but qualified for the World Cup -- but that its correspondence with FIFA might be compromised. An email from the FA's head of integrity, Jenni Kennedy, was released in an August Fancy Bears dump.

FIFA confirmed the English FA's concerns but insisted it wasn't about to enter the cybersecurity business.

"FIFA has informed the FA in such context that FIFA remains committed to preventing security attacks in general and that with respect to the Fancy Bears attack in particular it is presently investigating the incident to ascertain whether FIFA's infrastructure was compromised. Such investigation is still ongoing. For the purposes of computer security in general, FIFA is itself relying on expert advice from third parties. It is for this reason that FIFA cannot and does not provide any computer security advice to third parties."