ERT Threat Alert- 2014 FIFA World Cup

Threat Alert

Anonymous Threat on 2014 FIFA World Cup

Emergency Response Team

June 6th 2014

ERT Threat Alert- 2014 FIFA World Cup

THREAT DETAILS

Recently it has been reported in the news that hacktivist group Anonymous intends to attack the 2014 FIFA World

Cup including its partners and sponsors. The threat gained public attention after an interview with an Anonymous

group spokesman, referring to himself as Che Commondore, provided select details about the planned operation.

Che Commondore revealed the socio-political motivation for the attack stating, “In 2014 the world will live the

'Brazilian dream'. It's the country of the World Cup, & blessed for God and beautiful for nature. That it's a beauty!

But, what beauty? The World [of] Cup have implicit characters, but this the Government Brazilian choose to hide.

When you arrive in Brazil, you tourists, will be surprised by assaults with guns."

According to Che Commondore, the group had already hacked into the Brazilian Foreign Ministry's database and

released sensitive email data based on the efforts of an individual called AnonManifest. AnonManifest also

promised upcoming denial-of-service attacks – Anonymous’ known weapon of choice. A Brazilian Foreign Ministry

official told Reuters on Friday that only 55 email accounts were hacked and the only documents that were

obtained were attached to emails from the ministry's internal document archive. What’s very important to note

here from a technical perspective, is that Anonymous performed a server cracking attack to reach the e-mail

servers where they downloaded file attachments to create the first leak. This can subsequently be used to DDoS

and shut down accounts, and/or gain access from password hacking/server cracking attempts.

Although some information has been disclosed regarding the rationale behind the planned attack, more specific

details are less known. It seems Anonymous is learning from prior experiences and now chooses to hold its cards

close to the chest. What it is clear is that the hacktivist group has once again chosen a target ripe for exploitation.

It is purported that as early as 2005 and 2007 Brazil fell prey to cyber-attacks resulting in major power outages.

Thus, another attack does not come unexpected. Fast forward to today, in which Brazil has been beset for months

by roiling protests on the games and their alleged drain on an already strained economy. It’s a perfect storm.

Anonymous is likely betting on that backdrop to boost support and gain advocates to help them carry out their

cyber exploit.

The FIFA World Cup as well as the Olympics are such high profile sporting events they are now starting to draw

malicious cyber attention. Radware’s ERT has been involved in similar threats dating back to the 2010 Vancouver

Winter Olympics, the 2012 London Summer Olympics and the 2014 Sochi Winter Olympics. Per a previous US-CERT

Security 2014 Olympic Games advisory the targets were similar to the recent threat. According to the Sochi

advisory “Anonymous Caucasus, has launched what appears to be a threat against any company that finances or

supports the winter games.” This group has been known in the past to launch DDoS attacks. Radware’s ERT reports

that the attempts to attack the Sochi Olympics started long in advance of the games on the Olympic committee’s

web site and resources.

In summary, Radware’s ERT sees this as evidence of a growing trend whereby high-profile sporting events are the

newest ‘hot’ target for cyber maliciousness and attack. The ERT additionally cautions that this could extend to

streaming providers and other major entertainment outlets (physical and digital) that will be known to promote

such events including cloud or infrastructure-as-a-service (IaaS) providers on which some of the current targets

rely.

Contained in the next section of this alert are general guidelines for preparation and response for potential targets

of this threat.

ERT Threat Alert- 2014 FIFA World Cup

TARGETS

The following are the partners, sponsors and supports, as stated in the FIFA World Cup site, which are considered

under threat. It is possible that more organizations will be added when the attack nears launch.

ERT Threat Alert- 2014 FIFA World Cup

INSTRUCTIONS FOR ORGANIZATION

Radware’s ERT offers the following recommendations for organizations that appear in the above list or are

affiliated with the 2014 FIFA World Cup

INSTRUCTIONS BEFORE THE ATTACK

Harden security systems as much as possible especially DoS protection, anti-scanning, and all intrusion

protection methods.

Make sure that all security systems will not fail-open under DoS/DDoS attack. Attackers today are known

to use Dos/DDoS to overwhelm security devices first, and then carry out other type of attacks.

Closely monitor for any new alert and investigate each one carefully. As admitted by Anonymous, they do

test their attack vectors in advance, and this should be used to understand their planned techniques and

prepare accordingly.

INSTRUCTIONS DURING THE ATTACK

Monitor carefully all security systems, service performance and internet pipe utilization to detect the

attack as early as possible.

During DoS attacks continue to monitor carefully all other attacks. Attackers today are known to use

Dos/DDoS as a smoke screen.

Monitor for site defacement.

INSTRUCTIONS FOR RADWARE AMS CUSTOMERS

Radware customers that appear in the above list or are affiliated with the 2014 FIFA World Cup should

contact the ERT (by contacting Radware Technical Support) for assistance with attack preparedness the

attack.

Radware customers under attack should contact the ERT immediately via phone to Radware Technical

Support to gain immediate service.