Super Bowl cyber threat? Free, open Wi-Fi could be risky
The free high-speed wireless Internet access being offered at Super Bowl 50 events is "very likely" to attract significant cyber threats, according to the FBI's cyber threat assessment.
An FBI document obtained by CBS San Francisco warns that hackers could target open Wi-Fi networks at the events.
"Open Wi-Fi is just that, it means that there is no security on the Wi-Fi system, they need to realize whatever they are sending out there, it can be viewed by others," said Jeff Harp, a former FBI agent and CBS San Francisco security analyst.
While no specific criminal cyber operations targeting Super Bowl 50 have been identified by law enforcement, the FBI in collaboration with the Northern California Regional Intelligence Center (NCRIC), maintains that cyber criminals are to be expected.
The FBI states that cyber criminals are likely to use so-called "spear phishing" techniques and website compromises to gain private information from individuals' mobile devices at Super Bowl events. Spear phishing attacks are when hackers obtain personal data by sending an email masquerading as a message from an acquaintance or legitimate business. For example, before a 2011 Manny Pacquiao fight, some fans got emails that appeared to be from the ticket site StubHub asking them to confirm their orders; instead, the link sent them to phishing sites.
The FBI's cyber threat assessment says that there is "high confidence based on passed behavior by cyber criminals during major sporting events" that cyber attacks will occur.
Leading up to last year's Super Bowl, a number of victims lost money or gave up personal information after falling for online ticket and lodging scams.
Hackers who are financially motivated are likely to try to use point-of-sale malware to swipe credit card numbers or ring up false charges, or ransomware or extortion tactics against websites or social media channels broadcasting Super Bowl events, according to the FBI documents.
The FBI is also concerned hackers will be able to intercept mobile transactions or introduce malware to people's phones via the public Wi-Fi networks.
Harp added that anyone making purchases at the stadium with a credit or debit card could potentially have their information intercepted as well. "We've seen it happen on a number of occasions in a number of different vendors," he said.
Harp suggested paying with cash at Super Bowl venues to reduce your vulnerability.
- Super Bowl 50 is Sunday, Feb. 7 on CBS.
- CBS rolls out next-gen technology for Super Bowl 50
- Where to watch the 2016 Super Bowl live