Why football clubs face an increased threat from cyber criminals during the transfer window
It isn’t just football’s wheeler-dealers springing into action this month for the January transfer window.
Increasingly, it is open season too for cyber criminals who see the game as rich pickings for various forms of hacking.
“Right now there are big amounts of money changing hands,” says Max Heinemeyer of cyber defence firm Darktrace. “So this is not only the transfer window, it’s also the window of opportunity for attackers to make a lot of money.”
Premier League clubs alone spent £1.2bn in the last transfer window and £230m in January 2020.
At the same time, they have never been more reliant on IT systems for everything from buying players to operating turnstiles.
Football’s susceptibility to hackers came into sharp focus in November when Manchester United’s systems were breached.
“Attackers go where the money goes,” adds Heinemeyer, director of threat hunting at Darktrace, which works with teams in the Premier League as well as Formula 1 and Major League Baseball.
“People know football clubs, they think they have a lot of money. Often that’s the case. If you are big in the news, you’re likely a target.”
What are the hackers’ aims?
Cyber criminals typically use one of three approaches to steal or extort money from football clubs.
Firstly, they may try to insert themselves into email correspondence about a transfer deal.
Just before the intended recipient of funds gives their bank account, the hacker will impersonate the seller’s email account and stipulate another destination.
“So the £20m doesn’t go to whoever sold the player but to the hacker’s bank account,” says Heinemeyer. “We’ve seen early signs at football clubs of this.”
Cyber criminals may also attempt to access clubs’ sensitive information and threaten to publish it unless they are paid.
“That is a big threat for them, and they would pay good money not to have that happen,” he adds.
Hackers’ third favoured method is to freeze a club’s computer systems by installing ransomware.
The attack on United is thought to have been of this nature, which can be particularly effective during a transfer window.
“You’ve got the money lined up but all your IT goes down,” says Heinemeyer.
“You can’t sign the final contract, you can’t reach your partners, the window closes and you can’t get the players you need.
“The bad guys are very aware of the vulnerability at football clubs right now.”
How do hackers infiltrate clubs?
Cyber criminals’ methods of breaching a club’s defences range can be hopeful, targeted or opportunistic.
Phishing – sending emails containing bogus links that then harvest data and allow hackers to impersonate users – is a popular route.
Hackers may simply email everyone at a club in the knowledge that someone will probably click the link, or target high-ranking individuals – known as spear phishing.
“You don’t need to be a nation state or a super sophisticated hacker,” says Heinemeyer.
“It’s very easy to conduct these attacks. It’s hard to make them perfect, but it’s a very low barrier to entry.”
Zak Brown, chief executive of Formula 1 racing team McLaren, was the target of spear phishing during the Italian Grand Prix weekend in October.
Darktrace’s AI technology, which identifies threats by looking for unusual patterns in computer activity, stopped the attack by locking the bogus link.
“Targeted spear phishing is really hard to identify and defend against,” says Heinemeyer.
Systems can also be compromised when laptops are lost or stolen, as happened at a well-known European club last summer.
Darktrace suspected that information had been harvested from the device to remotely access the replacement laptop and isolated it from the network.
Who are the hackers?
The cyber-criminals targeting football clubs come from a wide range of backgrounds and locations.
But typically they will be entrepreneurial individuals or small groups with technological expertise on the lookout for an opportunity to make quick money.
“Sometimes it’s script kiddies [entry-level hackers]. Sometimes it’s hacktivists, who want to make a point, not just for the money. Other times it is nation states,” says Heinemeyer. “It’s really hard to generalise.”
Even before the transfer window, current circumstances had only accelerated the rise in cyber crime.
The pandemic has created extra incentive for hackers in countries badly affected economically, while the pivot to more working from home has increased companies’ exposure to attacks.
“There has been a huge increase, not just for the Premier League clubs and high-profile sporting companies, because it’s so easy to adopt these attacks,” says Heinemeyer.
“Everybody’s remote and the security is much harder to do that hacking attacks are on the rise. It’s a constant barrage.”