FIFA Braced for Revelations After Breach

Written by

There have been more cyber-attacks against football’s organizing bodies globally and in Europe, with resulting leaks from FIFA expected to be published by the media on Friday, according to reports.

The World Cup organizer confirmed to reporters this week that it had suffered a breach in March, with the European Investigative Collaborations collective of media companies expected to go public with new revelations tomorrow, according to AP.

FIFA released a short statement claiming that it “condemns any attempts to compromise the confidentiality, integrity and availability of data in any organization using unlawful practices.”

It’s not thought that the attack was orchestrated by Russian actors as per the 2016 raid on FIFA which the US Department of Justice recently indicted seven intelligence officers for.

Instead, it’s being linked to the Football Leaks hacktivist group, which has over the past two years sought to expose corruption and illegality in the beautiful game. Its work has in the past led to revelations of tax evasion by leading players in Spain, and details of an NDA signed between Ronaldo’s lawyers and a Las Vegas woman who accused him of sexually assaulting her in 2009.

Although there are no details as yet on how FIFA was breached, European football governing body UEFA officials have been targeted in a phishing campaign, according to reports.

It’s not known if the two incidents are related and the organization hasn’t yet found any evidence of unauthorized intrusion.

Security experts used the news to reiterate the importance of anti-phishing protection, although it’s still not clear how FIFA’s hackers penetrated the organization.

“The best way organizations and individuals can help avoid future attacks is through education programs, understanding the risks and consequences of clicking unknown links and attachments is a critical defense against phishing type attacks,” explained Tripwire EMEA technical director, Paul Edon.

“Regardless of whether you believe the email to be legitimate or not, never click on inbuilt links. Always open your own web browser and log in to your account on the official website. If there is a legitimate requirement for you to update or re-enter information, it should be referenced within your specific account instance.”

Ross Rustici, senior director of intelligence services at Cybereason, put the incident into perspective.

“With the outcome of the bidding for the 2018, 2022, and 2026 World Cups being as contentious as they were, I'm sure football fans across the world will have some interesting gossip to read if the leaks become public,” he argued. “However, at the end of the day, that is likely all this hack is." 

What’s hot on Infosecurity Magazine?