When hackers decide to play football

When hackers decide to play football
What digital security measures Greek teams are taking to avoid being "screwed" like Barca and Real Madrid.

Last August the international football market was shocked by the attacks on the social media accounts of Barcelona and Real Madrid, and realised how much exposure the digital accounts and the tools they use are exposed and how easy it is to suffer a damage much greater than that suffered by Barcelona when at 4am on 24 August they completely lost control of their Facebook and Twitter accounts for about 50 minutes. What happened to Barcelona? On August 24 she saw the announcement of the acquisition of Angel Di Maria on her accounts.

Two days later, Real Madrid did the same when they saw their accounts announce the acquisition of Lionel Messi.

For companies the damage of losing control of social accounts is huge, but also very small compared to the damage they suffer when the hackers who attack them manage to take control of their websites and get into their eshop database and copy personal data of customers, including their credit card numbers.

This is why the world's top football brands have already started, over the last 10 years, to cooperate with IT security companies in order to protect their networks and digital data. These companies have been set up by former 'illegal' hackers who cross over and provide their 'anti-hacking' expertise.

These services also make sense to several football personalities who are engaged in commercial digital activity and who, logically, wish to protect their social media accounts, whose passwords are shared and circulated among the members of the teams they set up to manage these accounts.

The other day a Portuguese journalist was telling me about the panic that gripped Marisa Mendes, daughter of Cristiano Ronaldo's agent, who has been in charge of managing the Portuguese superstar's social media accounts for about a year now, following the hacking of Romelu Lukaku's instagram account.

On August 23rd, Cristiano Ronaldo came across a comment on his Instagram post from Lukaku stating, "Messi is better than you." He immediately learned that the account of Belgian forward Lukaku from Manchester United had been hacked and demanded assurance from his own social media team that the same wouldn't happen to him. Just about a month earlier, on July 2nd, Mesut Özil had fallen victim to a similar incident when his Instagram account was hacked, and a love message to his ex-girlfriend was posted. These consecutive attacks caused panic among football celebrities and prompted them to seek digital account security services.

With all this in mind, I wanted to find out what is happening in Greece regarding the preparedness of Greek football clubs (Panhellenic Athletic Associations, or PAEs) to protect themselves from potential damage caused by social media hacks and the theft of personal data of those who have made purchases from their digital stores. I reached out to Theofanis Kasimis, the owner of Audax Cybersecurity, a Greek company that provides such services in Greece and worldwide. For the past five years, Kasimis has been the most popular Greek cybersecurity expert, precisely because he was previously the most famous hacker in Greece.

At the age of 28, he found himself being arrested by the Cybercrime Prosecution Unit and heard Manolis Sfakianakis, the then head of the Directorate, urging him to establish a company that would provide the technical knowledge and expertise to help those engaged in digital business activities, and more, to anticipate risks and fortify themselves against possible attacks. "I hear and read that major football and basketball teams have equipped their stadiums with modern surveillance systems to identify individuals involved in incidents. And I wonder why many of these teams-companies do not do the same with their websites. Besides providing informative articles, their websites also have online stores selling authentic team products.

And here lies the great danger. If teams have not conducted security checks, there is a serious risk that these websites will fall victim to hacking. And what happened, you may wonder. What happened? Many things can happen from now on. If an online store falls victim to hacking, it will have a negative impact on the team's corporate reputation, and consequently, the trust shown to them by consumers will be undermined. And if hackers manage to reach the database of the online store, they will have the ability to retrieve all customer information, such as names, credit cards, addresses, mobile and landline phones, with unforeseen consequences," explained Mr. Kasimis, whose company already collaborates with Greek football clubs that have taken precautions, and even with companies associated with Premier League clubs thanks to his collaboration with foreign companies. "Teams should not neglect their digital security, as we have seen in the past major football clubs falling victim to hackers, such as AEK Athens FC a few years ago and recently PAOK FC, which saw all customer names freely circulating from its online store," Kasimis states, while looking at screenshots like the one below, showing the complete customer details from PAOK FC's online store.

Mr. Kasimis continued to enlighten me: "Furthermore, once hackers have access to the website, they can easily read all emails, 'download' the entire electronic mail, and monitor the team's social networks. We have seen this happen several times, where the social profiles of teams are hacked. Additionally, digital security is not limited to the website. Security checks should be conducted at least twice a year in the football clubs' offices to identify vulnerabilities within the local network before these vulnerabilities become perceivable by cybercriminals who may attempt to gain control of the entire internal network, leading to unforeseen consequences. Finally, cybersecurity companies have adopted an additional service, which is to educate employees in large enterprises, providing them with regular training on new forms of attacks and how to respond to them."

The advice for an individual who is the sole administrator of a social media account or an email account is simple: change the password regularly and do not share it with anyone. However, the recommendations for companies and team operators of social media profiles are much more complex. Kasimis suggests: "Football clubs should regularly conduct security audits and provide training to their employees who handle sensitive departments of the organization, such as accounting, correspondence, and social networks. Only through these measures can they digitally fortify themselves against cybercriminals." Source: gazzetta.gr .