The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Great win, U.S. soccer team! Now, hackers

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Dear futbol fans, please don’t be mad at me for calling it “soccer.”

Below: A U.S. governor bans TikTok from state devices, and Twitter stopped enforcing its rules around covid misinformation.  First:

Cyberattacks rain on the pageantry of the World Cup

The World Cup is one of the most-watched events on the planet and has racked up record viewership in the United States this year, too. With the U.S. Men’s National Team advancing to the next round, even more Americans are watching a sport that’s not as popular in the United States as in many other countries.

So naturally, you can expect hackers to try to ruin everything.

Two reports this week shed light on the degree to which cyberattacks are piggybacking off the event.

“The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck,” the CloudSEK report says. “The cybercriminals are motivated by financial gain, ideology or geopolitical affiliations.” 

Those two bits of research only capture a portion of World Cup-related cybersecurity fears. Some of the worries are specific to this year’s host, Qatar, a nation that has triggered growing concern from U.S. officials in recent years over its surveillance efforts. European security regulators recently warned against downloading Qatar’s World Cup apps, saying that they posed significant privacy risks.

The Group-IB and CloudSEK research follows other warnings from the cybersecurity industry.

  • State-sponsored hackers who focus on collecting intelligence “likely view the 2022 FIFA World Cup as a target-rich environment for cyberespionage and surveillance against foreign dignitaries and businesspersons alike,” Recorded Future warned this month. The firm said it didn’t expect disruptive attacks on the event from hackers backed by foreign countries, however.
  • Also this month, Digital Shadows called attention to some of the same kind of scams that Group-IB and CloudSEK did. Kaspersky, meanwhile, called attention to fake match-streaming services, among other threats.
  • The volume of malicious emails in Arab countries rose 100 percent in October, according to Trellix’s observations. “It is a common practice for attackers to utilize the important/popular events as a part of the social engineering tactics and particularly target the organizations which are related to [the] event and more promising victim[s] for the attack,” Daksh Kapur and Sparsh Jain wrote for the company.
The latest news

Nearly 3.6 billion people watched the World Cup in 2018, FIFA said. That amounted to more than half the globe’s population of people 4 and older.

Group-IB tallied other numbers. Besides the 16,000 scam domains, the firm says it turned up about 40 fake apps in the Google Play Store, more than 90 potentially compromised accounts on Qatar’s fan ID app Hayya, as well as dozens of fake social media accounts, mobile apps and advertisements.

One example: Scammers set up a phony merchandise website purportedly selling national teams’ T-shirts, hyping it with 130 ads on social media marketplaces. When a visitor enters their bank card details, the scammers make off with their victims’ money, and maybe even their card information.

CloudSEK had some math, too. FIFA World Cup 2018 was subjected to 25 million daily cyberattacks, the company said.

Financially motivated hackers are doing things like selling fake Hayya cards needed to enter a stadium on game day, or offering phony “World Cup tokens” and “World Cup coins” and promoting them as limited edition cryptocurrencies.

  • The latter idea appears to be capitalizing on the fact that is an official event sponsor. Likewise, Binance has teamed up with soccer star Cristiano Ronaldo to promote soccer-themed non-fungible tokens.

Hacktivists have also been active this year, the company said.

“The World Cup has attracted the attention of hacktivists groups, who have taken to social media to rally their followers and allies to boycott the Qatar 2022 FIFA World Cup,” according to CloudSEK. “Messages from groups such as Anonymous have also been posted on cybercrime forums to call on other threat actors to support them.”

Some of the hacktivists are focused on distributed denial-of-service attacks that flood a website with fake traffic, the company’s report said. Those attacks aren’t as destructive as other kinds of cyberattacks, but they can be frustrating for people trying to access websites. The hacktivists say they’re concerned about human rights abuses in Qatar.

The keys

China employs surveillance as part of covid protest crackdown

As it tries to stifle covid-related protests, the Chinese government is using its “pervasive surveillance system,” The Wall Street Journal’s Rachel Liang and Brian Spegele reported. Officials appear to be using mobile phone data and other tools to track down protesters and organizers. 

Police in Shanghai and Beijing checked the phones of people near protest sites to see if they had the Telegram app or virtual private networks on their phones, according to a WeChat post from Qu Weiguo, an English-language professor at Fudan University in Shanghai, our colleague Lyric Li reported today.  Protesters have used such services to avoid censors.

White House press secretary Karine Jean-Pierre said she didn’t have any new information on whether the administration planned to help Chinese internet users circumvent China’s “Great Firewall.” In September, the Biden administration offered help to Iranian protesters seeking to evade censorship and surveillance.

South Dakota state contractors and employees banned from using TikTok on government devices

The ban came in an executive order that South Dakota Gov. Kristi L. Noem (R) signed Tuesday, the Associated Press’s Stephen Groves reports. It comes amid renewed Washington scrutiny of the short-form video app over surveillance and propaganda concerns. 

“The Chinese Communist Party uses information that it gathers on TikTok to manipulate the American people, and they gather data off the devices that access the platform,” Noem said in a statement. TikTok owner ByteDance didn’t respond to the AP’s request for comment on Noem’s statement and the ban, but TikTok chief operating officer Vanessa Pappas has said previously that the company protects its American users’ data and that Chinese government officials don’t have access to the data.

The South Dakota ban comes as TikTok and a U.S. government committee with the power to block international deals work on a potential agreement. The U.S. military has similarly banned TikTok on troops’ government devices. 

Twitter no longer enforcing covid-19 misinformation policy, company says

Ever since introducing its policy against covid misinformation in 2020, Twitter has suspended more than 11,000 accounts and removed more than 100,000 pieces of content for violating the policy. Now the company is ending the ban, in its latest pivot after Elon Musk’s acquisition of Twitter.

The shift has worried some public health experts, who say it could discourage some people from getting the vaccines, Taylor Lorenz reports. At the same time, patroling which content violated the policy was a challenge for Twitter, which had been criticized for censoring some content that turned out to be true.

“However, Twitter has also struggled to police misinformation accurately and recently began labeling some factual information about covid as misinformation and banning scientists and researchers who attempted to warn the public of the long-term harm of covid on the body,” Taylor writes. “As of last weekend, many tweets promoting anti-vaccine content and covid misinformation remained on the platform.”

Global cyberspace

No answers on Pegasus hacking scandal as Spanish spy chief stays mute (Euronews)

NHS’s Palantir deal draws legal threat from patient groups (Bloomberg News)

UK Parliament launches inquiry into national security strategy around ransomware (The Record)

Government scan

TSA considers using third-party assessors in coming pipeline regulations (NextGov)

DOD wants cyber apprenticeships for contractors, but acquisition regs may remain an obstacle (FCW)


  • Deputy national security adviser Anne Neuberger, Maryland Gov. Larry Hogan (R), National Institute of Standards and Technology Director Laurie Locascio and other officials speak at the Quantum World Congress in Washington on Wednesday and Thursday.
  • National Cyber Director Chris Inglis, CISA executive director Brandon Wales and Neuberger speak at a meeting of the National Security Telecommunications Advisory Committee on Thursday at 3:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.