Exclusive: World Cup Russian hacking threat is real, security experts warn

All eyes are on Russia and the World Cup 2018 this summer – with the security situation in the controversial host nation of particular interest. But as well as the very real physical threat posted to travelling fans by Russian hooligans, there’s a perhaps less obvious World Cup security risk – cyber attacks. In this Trusted Reviews exclusive, we speak to three leading cybersecurity experts to separate fact from fiction and reveal what fans should know about using their devices in Russia this summer.

Russian authorities have promised ‘unprecedented’ security this summer. England’s training base is surrounded by heavily armed guards, hooligans have been pre-warned by police what to expect if they misbehave the way they did at Euro 2016, and FIFA has given referees the power to call off matches over abusive chants.

Yet as feared as Russian ‘ultras’ are, and as colourful as football language can get, the biggest threat at this year’s World Cup could be the silent threat posed by cyber attacks.

Related: How to watch World Cup 2018 in 4K

Earlier in the year, the UK, US and Australian governments all issued official warnings about the general threat posed by Russian hackers. And ahead of this year’s mega-tournament, FBI agent and director of the US National Counterintelligence and Security Center, William Evanina, cautioned World Cup attendees against using their mobile devices whilst in Russia.

How much truth is there to these high-level fears?

According to a trio of security experts we spoke to ahead of the World Cup, it’s far from a storm in a teacup.

“It is a pretty big ask of the FBI to request that World Cup travellers do not bring any connected devices to Russia with them,” Allen Scott, McAfee consumer EMEA director, told Trusted Reviews.

However, it’s one that “people need to listen to and consider,” he added.

“No matter how insignificant someone might think they are, they will be at severe risk as unfortunately, hackers hold no prisoners. Having a rush of tourists entering the country opens so many doors for these criminals to make financial and intelligence-driven gains,” Scott said.

It’s a view that’s echoed by Kaspersky Lab Principal Security Research, David Emm, who pinpoints unprotected Wi-Fi networks as the biggest threat to ordinary fans.

“When large-scale events like the FIFA World Cup are paired with a lack of traffic encryption, it makes wireless Wi-Fi networks a target for criminals who want easy access to people’s personal data,” he explained to Trusted Reviews.

Emm added that Kaspersky researchers found a number of Wi-Fi vulnerabilities in World Cup host cities.

“We found that around one fifth of access points in FIFA World Cup host cities were open [and] unprotected. Even the others shouldn’t be considered fully secure: there’s still a risk, for example, of a criminal creating a fake hot-spot that masquerades as the legitimate one. Our research shows, once again, that cybersecurity involves addressing not just certain aspects, but the entire infrastructure. FIFA World Cup 2018 has advised people to be aware that free public Wi-Fi in Russia is a prime target for hackers,” he revealed.

Of course, security software companies have something of a vested interest in stoking fears, so we also asked senior threat intelligence analyst Caitlin Huey of EclecticIQ what she thought of the widespread World Cup security warnings.

Related: What is VAR? The new referee tech explained

While noting that the cybersecurity threat should come as “no surprise,” she added that the “rise in political tensions in the run up to the World Cup” made the situation especially severe.

“At high-profile events like this, cybercriminals may attempt to steal personally identifiable information, banking and credit card information and more. It’s important that attendees and players alike go to the games with a strong level of cyber-awareness. Advice to go one step further and not take electronic devices to Russia at all may not be practical for the majority of attendees, but may be the only sure-fire way not to fall victim to opportunistic cybercriminals at the World Cup,” Huey told us.

So, the risk of being hacked at the World Cup is real, it seems, but what can fans do to mitigate the threat that doesn’t involve going offline for the duration of their visit?

Scott, Emm and Huey were unanimous in advocating the avoidance of unsecured public Wi-Fi networks, and they also advised attendees to make sure their device’s security was up to snuff – that your lock screen had a security measure enabled (gesture, facial recognition, or password) and that your device’s data was set to encrypted.

Scott and Emm added that you should consider connecting to the internet via a VPN for extra peace of mind  – check out our guide to the best VPNs if you haven’t already got one installed.

Beyond the steps outlined above, common sense is also vital, as losing your device (whether lost or stolen) makes it infinitely easier for hackers to prise sensitive personal information from your phone, tablet, or laptop.

Related: Best World Cup TVs

Take heed of our advice and you should have a fantastic, care-free World Cup – beyond the inevitable England exit on penalties, of course.

How real do you think the Russian hacking threat is at the World Cup? Tweet your thoughts to us @TrustedReviews.