World Cup and Cyber Security

The World Cup underway in Qatar this month and the world is watching!  Indeed, the theme of the 2022 World Cup group stage is “Football Unites the World”[1].  However, an invitation to the world to watch the games also means there are global opportunities for fraudsters. 

While millions of fans are traveling to Qatar countless more will tune in via the Internet to watch the matches.  Law enforcement and privacy experts from around the world are warning about scams targeting fans traveling to Qatar as well as the online fans.  The fraud schemes range from state sponsored spying to sophisticated data collection and data scraping scams and phishing scams.

One intelligence report concludes that the World Cup is a target rich environment for Russia to both distract the world from the war in Ukraine and to punish Qatar for the county’s support for sanctions against Russia for the war.[2]  Russia also still harbors grievances from being banned from event for the war in Ukraine.  Other state sponsors of cyber espionage are thought to be seeking to exacerbate the differences and divisions between the Qatar and Western Nations.

On the data privacy front, the EU is warning fans not to download the World Cup app from the Apple iTunes or Google Play stores due to privacy concerns.[3]  The app was tested and determined to be collecting phone numbers and requiring access to an excessive amount of information on the phone or device.  The EU advised that if a user determines that the app is necessary, then the app should be downloaded to a blank phone or a secondary phone which can be later erased.

In addition to the official World Cup app, Ehteraz is a COVID tracking app which will be used by Qatar to track fan entrances (or to deny entrances) to stadiums and transportation.  The app by design requests that “users to allow remote access to pictures and videos, make unprompted calls, and read or modify device data”[4] when the app is installed.

CNIL, France’s data protection authority, has even suggested that travelers bring “burner” or blank phones to Qatar for use while the traveler attends the World Cup[5].  It is worth noting that France is also the home of FIFA the organization which manages and organizes the World Cup.

The cybersecurity firm, Fortinet has warned against increased phishing attacks based on emails to individuals to click on sites for updated information on the event[6].

Finally, Fortinet and other firms have warned about fictitious streaming sites which are published on social media sites.  The sites are intended to trick and tempt users to watch the matches for free only to eventually ask the user to enter a username, password, and/or credit card number to watch the matches.

Before any World Cup apps are downloaded or installed the user should:

• Review cybersecurity policies of the app;
• Review users experience with using the app;
• Use a verified VPN on all devices when possible;
• Never grant more access to information on your device than is necessary;
• Periodically review all applications installed on all devices and delete any unnecessary apps.

Practicing these techniques will help ensure you World Cup viewing is enjoyable, while not sacrificing your cyber security.

[1] https://digitalhub.fifa.com/m/57c20d1cabdec4e3/original/-1819-FIFA-partners-with-United-Nations-agencies-for-FIFA-World-Cup-Qatar-2022-campaigns.pdf

[2] https://www.recordedfuture.com/fielding-cyber-influence-and-physical-threats-to-2022-fifa-world-cup-in-qatar

[3] https://www.politico.eu/article/qatar-world-cup-app-data-warning/

[4] https://cybernews.com/news/fifa-world-cup-apps-privacy-experts/

[5] https://www.cyberghostvpn.com/en_US/privacyhub/fifa-world-cup-apps/

[6] https://www.bworldonline.com/technology/2018/06/14/165008/fortinet-sees-rise-in-cyberattacks-as-fifa-world-cup-commences/