Euro 2016: An End-to-End Cyber War

Many of the cyber opponents present at the Euro 2016 are cyber criminals; hackers that are sniffing for new prey, finding new vulnerabilities to exploit that will grant them easy access to users.

The more enthusiastic and avidly loyal the Euro 2016 crowds are, the easier it is for hackers to reap the benefits of their fervor.

Social media protection and effective threat identifiers are must-haves for football fans who want to truly enjoy the matches. While the quarter finalist sides of Wales, Portugal, France and Germany are working through repeated training sessions that fortify their game thresholds for the next match, it’s just as well for cyber.

If we want to win the cyber war — our defenses need to be fully ready and loaded to respond.

‘Added time’ can never be an option when it comes to the hackers’ game. As soon as weaknesses are exploited, the threat actors have pervaded, and there’s no such thing as scoring at the death.

What are Our Weak Spots when Watching the Matches?

It seems like the hackers have figured out where to meet their victims — mobile app stores and tournament websites.

Euro 2016 fans and crowds are drawn to these attack honeypots because they dish out quick avenues of information that tell the fans all the scores and stats they are digging for.

UEFA Is a Mobile Magnet

In May alone, there were already seven iOS apps that were launched by UEFA (Union of European Football Associations), the organizer of Euro 2016.

As for Android, there are 19 official apps built by UEFA, of which there were over 8 million app downloads.

The official UEFA apps themselves are precisely the apps that are leaking data, including user credentials. One example of an app which leaked data is the ‘UEFA Euro 2016 Fan Guide’, which has been downloaded by 100,000 users (or more) on the Google App store alone.

From this app alone, user credentials (including username, password, address and phone number) were raked by hackers via an insecure connection, as users submitted these details to the online UEFA store website, not knowing what they were really shopping for.

Although there have been reports from a UEFA spokesman that “all security vulnerabilities have been solved”, 4,000 users had their contact details compromised via the ‘myfanzone’ section, a third party component that gathers contact details such as names, email addresses, and phone numbers.

Social Media Thrives on Football

On average, a ‘normal’ day brings 100k Tweets per minute, and 2% of them include malicious content. You do the math; 2k malicious Tweets are dished out per hour.  

And when it comes to Euro 2016, Twitter never stops for a split-second, not even during half-time. Over the first weekend of Euro 2016, the France vs. Romania match hashtag (#FRAROU) was used 600k times.

On a wider scale, each match brings on a different primary hashtag, all of which see viral traffic scores;

France v Romania (#FRAROU): 2.3 million

England v Wales (#ENGWAL): 2 million

France v Albania (#FRAALB): 1.7 million

In one ‘last minute winner’ like Dimitri Payet’s in England v Russia, as many as 177 Tweets per second will fly.

The hackers are faced with a hotbed of Tweets to inject with malice, and they know it, too.

Social Media Attacks

Because web traffic on News and sports websites have seen a reported increase of 38% since the Euro tournament took off, with a peak in Portugal, Ireland, Turkey and Spain specifically.

There has also been a 67% surge in the use of social media networks related to the matches. Both of these contributors have given hackers more opportunities to lure tournament followers into their security traps.

One notedly suspicious area for hackers is code signatures that are used on Twitter due to character limitations in tweets, that cannot always be detected via anti-virus softwares.

Several phishing campaigns have been spotted on social media that trick people into buying last minute tickets online, on Facebook and on Twitter.

Phishing websites have also been identified, with tournament fans come across in their rush to break into a sold-out match, and are likely to act too fast to notice a suspicious looking link or page.

One example (shown below) was pointed out by “hoax-slayer.net” — an email (which was unleashed in April) claiming to be UEFA, ‘informing’ the recipient won a £760,000 in the UEFA Euro 2016 online e-draw.

Malicious Content on Websites

Unfortunately for UEFA enthusiasts, there are many scam websites as well as malicious links that come up on Google when fans are searching for Euro 2016 schedules or other information relating to the matches.

The majority of these malicious websites are accessed in France, a country that is actively targeted by hackers, writes SC Magazine, as 72% of malicious websites and 41% of exposed passwords are traced back to France.

Ransomware Instead of Match Timings

Locky ransomware has also made its way into the Euro matches. There has been a victim who searched for Euro 2016 schedules on Google, which led him to a link that claimed to be an i-Cal style file that would upload all match timings to his Outlook Calendar.

Instead of syncing with the match times, Locky began encrypting servers and Dropbox folders.

Two Can Play That Game

All the threats and hacker traps that we’ve listed are of a “better be safe than sorry” nature. Unless you are safeguarded against, or at least aware of these types of attacks, be it phishing, malicious links, social media, etc., not much can be done once the damage has happened.

Internet users who are hungry for ‘all you can eat’ match reports; scores, scheduling, pre-gaming, meetups, discounts etc., are only quicker to submit their personal details to different websites and apps, which means the more leverage that hackers can obtain unto this wealth of data.

In order for avid fans to keep accessing the goods, like last-minute ticket deals and meetups, they need to be able to think fast, yet without losing their defenses.