News

Hackers target World Cup for cyber attacks

Hackers target World Cup for cyber attacks

WORLD CUP: In a country with rampant online crime, a challenging telecommunications infrastructure and little experience with cyber attacks, authorities are rushing to protect government websites and those of FIFA, soccer's governing body. Photo: Reuters

By Esteban Israel

SAO PAULO (Reuters) – Brazilian hackers are threatening to disrupt the World Cup with attacks ranging from jamming websites to data theft, adding cyber warfare to the list of challenges for a competition already marred by protests, delays and overspending.

In a country with rampant online crime, a challenging telecommunications infrastructure and little experience with cyber attacks, authorities are rushing to protect government websites and those of FIFA, soccer’s governing body.

Furious about the 33 billion reais ($14 billion) in federal funds being spent on World Cup preparations, more than a million Brazilians took to the streets last June in a wave of mass demonstrations, calling for better public services, greater transparency, and a crackdown on corruption.

Now, hackers say they will join the fray.

“We are already making plans,” said an alleged hacker who goes by the nom de guerre of Eduarda Dioratto. “I don’t think there is much they can do to stop us.”

Reuters contacted Dioratto and other self-proclaimed members of the international hacker network known as Anonymous by finding them online. Though unable to confirm their true identities, Reuters spoke with them in the interest of understanding their threats and what impact they might have on the World Cup.

They said the event offers an unprecedented global audience and an opportune moment to target sites operated by FIFA, the government, other organizers or corporate sponsors.

“The attacks will be directed against official websites and those of companies sponsoring the Cup,” a hacker known as Che Commodore said in a late-night Skype conversation.

While most of the fretting ahead of the tournament is focused on the completion of stadiums by kickoff on June 12, experts agree that little attention is being paid to Brazil’s telecommunications infrastructure.

Problems include overstrained networks, widespread use of pirated software and low investment in online security. To make matters worse, Brazil is home to one of the world’s most sophisticated cyber-criminal communities, which is already disrupting ticket sales and other World Cup commerce.

“It’s not a question of whether the Cup will be targeted, but when,” said William Beer, a cybersecurity expert with the consultancy firm Alvarez & Marsal. “So resilience and response become extremely important.”

Brazil says it is ready, or as ready as it can be.

“It would be reckless for any nation to say it’s 100 percent prepared for a threat,” said General José Carlos dos Santos, the head of the cyber command for Brazil’s army. “But Brazil is prepared to respond to the most likely cyber threats.”

A FIFA spokesperson declined to comment on online security.

FAST, DAMAGING AND SIMPLE

Known internationally for their high-profile attacks against the U.S. Central Intelligence Agency, Sony and even the Vatican, Anonymous flexed its muscle in Brazil in 2012 when it disabled the websites of some of the country’s biggest banks, including Banco do Brasil, Itaú Unibanco and Bradesco.

During that attack, dubbed #OpWeekPayment by the hackers, they launched denial-of-service (DDoS) attacks, in which thousands of computers simultaneously access target websites, jamming them. The method would be their preferred weapon this time, too.

“It’s fast, damaging and relatively simple to carry out,” explained Che Commodore.

With that in mind the army created a Cyber Defense Center, which leads a multi-agency task force for the Cup. Besides DDoS attacks, they may also face website defacement and data theft.

The worst-case scenario would be an attack sophisticated enough to cripple Brazil’s power grid, communications or air-traffic control systems. But General dos Santos said in a recent interview that authorities aren’t expecting anything that bad.

“The probability for that is much lower,” he said.

For their part, the Anonymous members said they would not do anything to target the Brazilian people. The government and event organizers, however, are another matter.

And despite the government’s preparations, the hackers say they are fully up to speed, and not terribly impressed by what they see as meager defenses.

“It’s nothing out of this world”, said an activist called Bile Day. “Security remains very low.”

Indeed, security experts said Brazil could be caught ill-prepared. The country, with no geopolitical enemies, is not used to being on guard and, as such, may not even be aware of the extent of its vulnerabilities.

“Brazil is a big target, it’s neutral and has a challenging infrastructure,” said Marcos Oliveira, an executive with U.S. network security firm Blue Coat. “It’s the perfect storm.”

Aside from the banks, which now invest heavily in online security, Brazilian companies pay little attention to the problem. And more than half of Brazil’s computers run pirate software, which makes them more vulnerable to a denial-of-service attack.

GROWING BREACHES

Brazil is not entirely untested.

The government grew far more sensitive to cybersecurity issues last year after reports that the U.S. National Security Agency spied on President Dilma Rousseff and millions of ordinary Brazilians.

Officials have also tracked a growing number of online security breaches during other big events in recent years. In 2012, during a United Nations conference on climate change in Rio de Janeiro, the cyber command detected 140 attempted security breaches. Attacks climbed to more than 300 for last year’s Confederations Cup, a dress rehearsal for the World Cup.

“We expect that number to be much higher for the Cup,” said General Dos Santos. And they will likely increase once again when Rio hosts the 2016 Olympics.

ATOS, a French company in charge of information technology networks for the Rio Olympics, said it detected around 255 million security events during London 2012.

“It’s huge,” said Michele Hyron, who heads the ATOS team for the Rio games. “And it had absolutely no impact on the Games.”

Problems can occur ahead of the events, though, especially in a country with fast-growing Internet access and booming online banking services, but little regulation for either.

Seeking to capitalize on the massive demand for World Cup tickets, criminals are already finding ways to steal from would-be buyers online.

Most of the attacks are so called “phishing,” where users are redirected to fake sites of banks and firms and tricked into entering their credit card data. Online security firm Kaspersky said it is blocking between 40 and 50 fraudulent sites using the theme of the Cup daily.

“The World Cup is the theme of the moment,” said Fabio Assolini, a security analyst with Kaspersky in São Paulo, “and cyber criminals are taking full advantage of that.”

(Editing by Paulo Prada and Jonathan Oatis)

Recent Headlines

in Music

Glen Matlock denies new Sex Pistols reunion

John Lydon, right, and Glen Matlock of The Sex Pistols perform at the Roxy in West Hollywood, Calif., on Thursday, Oct. 25, 2007.

Sex Pistols star Glen Matlock dashes fans' hopes of another reunion by insisting he hasn't had any contact with John Lydon in five years.

in Music

Aretha Franklin storms out of fast food joint

FILE - In this May 11, 2013 file photo, Aretha Franklin performs during McDonald's Gospelfest 2013 at the Prudential Center in Newark, N.J.Franklin won’t say what has caused her latest health problems, but says she’s had a “miraculous” recovery and is looking forward to performing soon.In a phone interview on Tuesday, Aug. 20, Franklin said that she recently had a cat scan and that it showed she was 85 percent improved. The 71-year-old has canceled several concerts and public appearances and blamed it on unspecified treatment.

Aretha Franklin stormed out a Johnny Rockets in Ontario, Canada last week after a nasty encounter with a rude employee.

in Music

The Beatles wanted to film ‘Lord of the Rings’

FILE- This is a 1967 handout image from Parlophone of The British group, The Beatles,. From left, are: Ringo Starr, John Lennon, Paul McCartney; and George Harrison. The woman who as a child was the basis for the Beatles song "Lucy in the Sky with Diamonds" is gravely ill. It was thought by many at the time that the psychedelic song from Sgt. Pepper's Lonely Heart Club Band was a paean to LSD because of the initials in the title, but it was actually based on a drawing that John Lennon's young son Julian brought home from school. He told his father the drawing was of Lucy in the sky with diamonds. Lucy Vodden, now living in Surrey just outside of London _ drifted apart after schoolyard days, but they have gotten back in touch as Lennon has tried to help Vodden cope with Lupus, a life-threatening disease.

Peter Jackson reveals John Lennon could have played Gollum in a Stanley Kubrick directed LOTR adaptation.

in Entertainment

Fans support campaign to keep Sean Bean alive in new show

British actor Sean Bean arrives for a special UK screening of Cleanskin, at the Mayfair Hotel in central London, Monday, March 5, 2012.

The "Game of Thrones" actor has died more than 20 times in his career, and fans want it to stop.

in Entertainment

‘Guardians of the Galaxy’ sequel set for 2017

Guardians Of The Galaxy

Marvel unveils plans to press ahead with a sequel to "Guardians of the Galaxy," days before the superhero movie even hits theaters.