Top security officials are warning Americans who are traveling to Russia for the 2018 FIFA World Cup this week that Moscow-linked hackers may try to target them as they attend the international soccer event.
The officials say U.S. travelers should be extra cautious about what devices they bring, which servers they connect to, and the types of data they access while in Moscow.
“When it comes to Russia, Russia by far — more than any country in the world — is probably some of the most well-versed cyber crime both from the organized crime side and their intelligence networks in the world,” said Robert Anderson, a former national security executive at the FBI who now serves as a security expert with the Chertoff Group.
Russia’s strong cyber crime talent compounded with unsuspecting tourists may form a perfect storm for cyber attacks, experts say.
“I think it is an incredibly rich environment for anyone wanting to conduct cyber mischief,” said Larry Pfeiffer, who served as the chief of staff to former CIA Director Michael Hayden.
“You are going to have a lot of very happy, very drunk, very distracted people whose cyber hygiene will probably be less than optimal,” added Pfeiffer, who is now a senior adviser to the Chertoff Group.
Experts particularly warned about the risks of using public WiFi systems, whether it is in a hotel lobby or a coffee shop located close to the games.
If a traveler logs onto a public wifi with a computer or cellular device, then hackers could also gain access to a range of information, from someone’s banking information to details about their phone contacts.
“I would never use public WiFi over there. Ever. Period,” said Megan Stifel, a former top cyber official at the National Security Council (NSC).
The security experts advised FIFA-goers not to bring personal devices with them — that is, if they haven’t already arrived on Russian soil already. The World Cup’s opening game is set to kick off on Thursday, when Russia’s soccer team will take on Saudi Arabia.
“I would tell people, don’t take any electronic device that you care about because odds are it is going to get hacked, you’re going to have malware put on it, [or] your private information gets taken by somebody,” Pfeiffer told The Hill.
His remarks echo those recently made by a top counterintelligence official at the FBI, William Evanina, who specifically warned that the Russians could seek to download the information on whatever electronic devices they bring and access a tranche of personal information.
“If you’re planning on taking a mobile phone, laptop, PDA, or other electronic device with you – make no mistake – any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals,” Evanina told Reuters in a statement on Tuesday.
“Corporate and government officials are most at risk, but don’t assume you’re too insignificant to be targeted,” Evanina added. “If you can do without the device, don’t take it. If you must take one, take a different device from your usual one and remove the battery when not in use.”
Even if the attendees are not corporate or government officials, however, any American individual could be targeted.
“An average Joe is going to go, ‘Okay, I hear you, but nobody cares about me.’ Well there is a lot of average Joes in America whose identities get stolen everyday,” Pfeiffer said.
Stifel advised travelers to be hyper vigilant about what sites they try to access, warning that websites tied to banking accounts and other sensitive data could easily fall into the hands of hackers.
“Employ best cyber practices on steroids — no joke intended,” added Stifel, who now serves as both the Cybersecurity Policy Director at Public Knowledge.
Experts say attendees should consider buying burner cellular devices to use only on this trip, on a need-to only basis. They also said travelers should buy or rent international WiFi devices issued from U.S. providers so that they surf on secure WiFi networks. This is particularly because hotels and other hubs near the games could be already compromised.
“I can almost guarantee you that just about every high-class hotel in the area where people will be staying — probably elements of Russia organized crime have probably compromised their WiFi networks,” Anderson told The Hill in an interview.
In addition to vulnerable WiFi networks, hackers are likely going to try to ramp up phishing attacks, where hackers masquerade as a trusted acquaintance to trick a victim into opening an email or link that has malware built into it.
Anderson warned that hackers will play on the hype to get visitors to click on out-of-the blue, too-good-to-be-true offers, like random emails offering better seats.
“The type of technology nowadays, unfortunately, when it comes to this type of stuff is so advanced compared to even three or four years ago that it really takes absolutely no time at all to infect entire infrastructure, whether that is a laptop or a cellphone,” Anderson said.
The U.K.’s National Cyber Security Center (NCSC) echoed this warning last week, stating that their experts have observed a “rise in phishing scams,” noting in a Friday blog post that fraudsters could not only scam people by selling fake tickets, but they could also gain access to payment data through the transaction.
“Fake World Cup-associated websites have also been set up offering accommodation, flights and ‘official’ hospitality at stadiums,” the Center said.
Large-scale events like the World Cup have attracted cyber criminals in the past. Experts had also warned about high levels of cyber activity during the 2014 Sochi Winter Olympic Games in Russia.
This is because Russia plays by a different set of rules than other countries.
Russia has a surveillance system, known as System of Operative Investigative Measures (SORM), which allows the Kremlin to lawfully intercept phone calls and telephone networks operating within Russia.
Anderson said the cyber criminals are also professionally trained. When top Russian intelligence officials retire, whether it is from the SVR or FSB or SVR, their respective CIA and FBI equivalents, they go into organized crime, he said.
“You take your skills that you’ve learned over years of working cyber, human penetration, political influence and you peddle that to the highest bidder,” said Anderson.
It is “very much tolerated and promoted” under Russian President Vladimir Putin, a former KGB officer, because the criminal enterprise helps funnel billions of dollars into the Russian economy, Anderson said.
“It goes, believe it or not, to their gross domestic product (GDP),” he claimed.
Stifel argued that there should be electronic advisories when someone plans to travel abroad, just like there are issued travel advisories.
“We should do the same thing for electronics, We should be thoughtful about best practices when we travel abroad with our smart devices,” she added.
–Updated 11:12 p.m.