With their increasing reliance on information technology, the large sports organizations are being plagued by cyber threats. Hackers are not only targeting these sports organizations but their fans as well (like you and me).
The consequences of cyber attacks on sports organizations can be disastrous. Confidential financial information, players’ data, and customers’ accounts are all in jeopardy, as is the reputation of the NFL, NBA, MLB, and other popular sports enterprises.
One problem is that people are using easily guessed passwords. The time it takes to crack a password is related to its strength. Hackers use sophisticated password cracking programs where a computer attempts to use every possible password until it succeeds.
These are called brute-force attempts. Other methods include dictionary attacks where the hacker strings together words in a pre-arranged listing of words from a dictionary. Once in, the hacker can access confidential data that they can sell on the Dark Web.
When Sig Mejdal turned over his laptop to the St. Louis Cardinals after accepting a job at the Houston Astros, he inadvertently gave the Cardinals’ scouting director Chris Correa access to his new boss’ deepest secrets.
Correa successfully used Mejdal’s password information to access Houston’s “Ground Control” database. He logged into the database 50 times between 2013 and 2014 to look for scouting assessments, player trade information and other confidential data. Correa was punished for his theft, lost his job and got 46 months in prison along with a fine of $280,000.
In 2016, hackers impersonated Milwaukee Buck’s president Peter Feigin in a phishing email requesting players’ and staff’s W-2 records. The email recipient, thinking this was a legitimate request, provided the tax records that included Social Security numbers, tax records and financial data like compensation packages for players.
No one in Buck’s headquarters knew this happened until weeks later. By then the hacker had time to use the information in additional phishing schemes. Phishing schemes like this can result in the large-scale theft of sensitive data that can be used to commit other crimes like filing fraudulent tax returns.
In 2007, hackers found vulnerabilities in the Miami Dolphins’ websites. A lot of people were viewing this site in anticipation of the 2007 Super Bowl that the Dolphins were playing in. They infected the Dolphins’ sites with malware and executed attacks on the computers of many who visited them.
Believe it or not, this isn’t unusual. Websites related to the Super Bowl are popular hunting grounds for hackers who want to spread malware that cripples IT infrastructures and holds data hostage for payments.
A distributed denial of service attack hit British bookmaker William Hill and the Australian Olympic swimming governing body in 2016. Mr. Hill missed out on a number of soccer matches that cost him over £4 million due to interrupted internet service caused by the DDoS attack.
The governing body of the Australian Olympic swimming team was also hit with a DDoS attack that took out their website. This was perpetrated in retaliation for illegal doping by one of their competitors against a Chinese swimmer.
Social Media Account Hacking
The NFL’s official Twitter account was hacked in 2016. The hacker, being a joker of sorts, posted a Tweet saying: “We regret to inform our fans that our commissioner Roger Goodell, has passed away.” This, of course, wasn’t true. Imagine waking in the morning to learn of your premature demise. To date, the “joker” hasn’t been found.
Hackers Hurt Sports Organizations Outside The US As Well
Organizers of the upcoming Asian Games are concerned over the over the potential of cyber attacks affecting their major events. The reason is that during last year’s Winter Olympic Games in Pyeongchang, a virus called “The Olympic Destroyer” got into their system.
It was disguised by duplicate software. And because it wasn’t discovered, the virus took down their WIFI during the Opening Ceremony affecting numerous broadcasts and shutting down their large television screens.
It also affected their websites. Customers couldn’t view the results of the Olympic events, nor could they print tickets they purchased.
The identity of the hacker(s) was never discovered. However, it’s rumored to be criminals from Russia and North Korea.
The question remains…
Are You Going To Be The Next Victim Of Cyber Attacks On Sports?
Make sure you aren’t by protecting your IT network and staying informed about cybersecurity.
For more information, visit our Blog. Here are a few examples of what you’ll find:
What is CVE-2018-6177? Today’s new releases of browser software are supposed to be improvements over past versions in terms of functionality, helpful features, security, and the speed of overall operation. However, these changes often involve new vulnerabilities which hackers can target and exploit.
What’s WPA3? WPA3 is an improvement to WPA2 security, which is still commonly used after having made substantial improvements over WPA. It is expected to better protect users from software hacking. In partial development for approximately 10 years, this improved form of security allows users to experience the benefits of additional features
What’s PhishPoint? Phishing attacks are attempts to get e-mail recipients to provide sensitive information that can be used by the sender, generally presented as the authority of some account or business. They request that recipients provide information that could be misused for some type of illegal practical gain of the sender.