Skip to content
Naked Security Naked Security

FIFA, hacked again, is leaking like a sieve

Football shockers started to flow on Friday, after journalists analyzed more than 70m exfiltrated documents, totaling 3.4 terabytes of data.

The Fédération Internationale de Football Association (FIFA), world soccer’s governing body, acknowledged last week that it’s been hacked – again.
The first cyberattack, in 2017 – which led to the publishing of footballers’ failed drug tests – was attributed to the Russian hacking group Fancy Bear, also known as APT28.
FIFA President Gianni Infantino admitted to the new hack while talking to the press after a FIFA Council meeting last week in Kigali, Rwanda, telling press that he was braced for a release of private information after FIFA discovered that its network had suffered another intrusion.
The New York Times reported on Tuesday that there was “no clarity” at that point about the details of the second attack, but it did report that officials at UEFA (the Union of European Football Associations) had been targeted in a phishing attack. As of Tuesday, the organization reportedly hadn’t found traces of a hack.
The first to get the newly leaked FIFA documents was Football Leaks – a whistleblowing platform that’s been called the football version of WikiLeaks.
Football Leaks fed the leaked documents to a consortium of European media organizations called the European Investigative Collaborations (EIC), and EIC members started to publish a series of stories based in part on the internal documents on Friday. Der Spiegel was the first to do so, but other media outlets soon started to publish articles based on analyzing the leaked, confidential, highly sensitive documents.
Media outlets are calling this the “largest ever leak in journalism”:

The EIC says that the revelations are based on research into more than 70 million documents, totaling 3.4 terabytes of data that cover events leading up to this year.

If you’re curious to know where you’d even begin to mine an enormous trove such as that, the EIC has a guide that spells it all out: How to Investigate Football Leaks.
As the EIC describes it, the work of plumbing the first leak entailed document processing, indexing, creation of a search interface, two-factor authentication (2FA) and a signup process. The consortium actually open-sourced all that, under the “Hoover” umbrella project.

We were in a unique position to build the tool, with constant user feedback, a large and varied real-life dataset, and hard publishing deadlines. Now we’re smoothing out the rough edges so hoover can be used in other similar projects, both at EIC and in other places.

Hoover is, in fact, on GitHub, and includes an installation utility to get started quickly. The EIC invites any and all to give it a spin.
This time around, the EIC says 15 media and almost 80 journalists from 13 countries have been working on the documents, publishing in 11 languages across Europe.
Don’t expect FIFA to be happy about any of it. Its statement condemning the leaks:

FIFA condemns any attempts to compromise the confidentiality, integrity and availability of data in any organization using unlawful practices.

1 Comment

Great article! This looks like an Own Goal for FIFA. More focus on human centered security would help to prevent history repeating itself as it has for FIFA.
Your mention of ” targeted in a phishing attack”, which seems to conclude that a spear phishing incident took place. The EIC have used a good design process to design in how journalists can mine for data and keep it safe within their own system, FIFA need to do the same thing – maybe some security awareness training might help?


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!