Sports are a very popular thing around the world, which means that these athletic contests gather many fans to them. In turn, this means that these events are chock full of potential targets for a hacking attack. Today, we’ll examine the assortment of hacks that have taken place around sporting events.
The World Cup
The FIFA World Cup competes with the Olympics in terms of popularity, which would suggest that cybersecurity should be considered a priority - and for many of the quadrennial tournament’s host cities, it is. Once the venue has been announced, it isn’t uncommon for millions of dollars (or the equivalent in the native currency) to be invested in cybersecurity.
As far as cybersecurity is concerned, 2018’s tournament saw no apparent hack of the competition itself. However, this may have been assisted by the fact that Russia, the tournament’s host in 2018, is usually involved in such hacks against sporting events. Furthermore, foreign visitors to Russia are often targeted by these opportunistic hackers.
The World Cup itself has also been targeted by cybercriminals before. In 2014, the official website was removed by a DDoS (Distributed Denial of Service) attack, and thousands fell victim to phishing attacks that left their data exposed. The next World Cup is projected to be just as lucrative for hackers as well.
The Olympic Games
The modern incarnation of the Olympic Games have been held since 1896, with the winter games being established in 1924. As a result, these events have had more than sufficient time to build up a devoted fan base, which also serves as a considerably large feeding ground of sorts for a maliciously-motivated cybercriminal. Furthermore, since these events are only held every four years, administrators should have ample time to prepare for them, but so do hackers.
At the Pyongyang Winter Olympics, the opening ceremonies appeared to be hacked by North Korea. This hack resulted in the website being taken down. Eventually, it was discovered that the true culprit was Russia. This hack was Russia’s way of lashing out after being excluded for the use of state-sponsored performance enhancing drugs.
Just two years earlier, a Russian hacking group called “Fancy Bear” had infiltrated the Olympic databases to steal the personal information of the competing athletes in Rio De Janeiro, Brazil. Gold medal-winning gymnast Simone Biles and tennis legend Venus Williams have both had information leaked as a result of that hack, among others.
The National Football League
The NFL is close to a religion in the United States - a reported third of males who regularly attend church don’t between Labor Day and the New Year. 30 million people watch the pigskin make its way up and down the field each and every week. With so many fans, hackers once again have a sizable pool to exploit.
Roger Goodell, the commissioner of the NFL, had his Twitter feed hacked in 2016. The perpetrator, a teenager from Singapore, used his access to falsely announce that the commissioner had died. In February of 2017, the NFL’s union, the NFLPA, was hacked. As a result, 1,262 people had their information exposed, including financial data and home addresses and phone numbers.
Viewers of Super Bowl XLIII in Tucson, Arizona, were treated to a very unexpected surprise when an adult film suddenly replaced the big game that was being played over in Tampa, Florida. Frank Tanori Gonzalez, the man responsible for the hack, was sentenced to probation in 2009.
Major League Baseball
When your brand makes over $10 billion each year, you prioritize protecting that brand. This is why MLB has always prioritized cybersecurity when league business is on the table. While there have been some small instances of hacking attacks, the real hacking scandal came about as the result of the actions of a team executive.
Chris Correa, the former scouting director for the St. Louis Cardinals, had gained access to the network belonging to the Houston Astros, a rival of the Cardinals. When the Astros moved from the National League to the American league at the end of the 2012 season, they poached the Cardinals’ statistician, Sig Mejdal. However, when he transferred over, Mejdal left his laptop behind. Correa was able to deduce Mejdal’s password, thereby gaining access to the Astros network, and ultimately earning himself a sentence of 46 months in federal prison.
The National Basketball Association
While they aren’t as famous as the Hack-a-Shaq, the NBA has seen its fair share of cyberattacks. One example was when player Ty Lawson had his personal data held for ransom in 2016.
Another scandalous example came from the situation surrounding NBA forward Chris Andersen and 17-year-old model Paris Dylan. A third party, Shelly Chartier, catfished the two of them into not-great circumstances using multiple messaging accounts. Finally, the Douglas County sheriff's department raided Andersen’s home. If there were any lewd materials there that featured Dylan, Andersen would be in possession of child pornography. Fortunately for Andersen and Dylan, Chartier was arrested and sentenced to 19 months jail time, and the two were able to continue their respective careers.
The Professional Golfers’ Association of America
Not long ago, the PGA of America hosted the 100th PGA Championship outside of St. Louis, Missouri, at the Bellerive Country Club. At the same time, the championship itself was host to hackers. Administrators received a message from the hackers, along with the requisite Bitcoin wallet link and instructions: “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorthym[sic].”
In response, a security firm was hired straightaway to help resolve the issue. With any luck, they will be able to restore the data, but only time will tell.
Other leagues and athletes have had to struggle with hackers as well. The Islamic State in Syria, or ISIS, hacked the English national rugby team’s website, and Chris Froome, four-time champion of the Tour de France, had his performance data hacked when a rival team was convinced that he was using performance-enhancing drugs.
At the end of the day, no matter what your business does, there are going to be hackers out there that would be only too happy to mess with you. If you aren’t protected against these threats, you need to be. The pros at Fuse Networks can help. To find out more about defending against internal and external threats, give us a call at 855-GET-FUSE (438-3873).