Who dat talkin’ about hacking the Super Bowl?


While the New Orleans Saints won’t be in Atlanta Sunday playing in the Super Bowl, that doesn’t mean their cheer – Who dat! – should be sidelined by security pros and fans who must be hyper-vigilant in recognizing and spurning cyberattackers.

Saints fans might argue that dim-eyed refs pose the biggest threat to the game, but Sunday’s Super Bowl Llll at the Mercedes-Benz Stadium, like any other large,high-profile event, attracts a bevy of cyber ne’er do wells intent on disruption, fleecing fans or worse, putting Atlanta officials, state authorities and federal agencies on high alert.

Pregame, hackers already have begun to pounce. Noting that fraudulent ticket sales have spiked, Forter research show that foreign fraudsters comprise 3.8 percent of attempted ticket purchases for the Super Bowl and notes that a crime ring in New York has targeted not only the ticketing industry by the Super Bowl in particular. That operation alters IP addresses and fakes their location in addition to changing personal account details frequently to evade detection. Forter said at least one of the scam’s attempt to purchase Super Bowl tickets –$10,000 worth — was unsuccessful.

Phishing and other scams are aimed at football fans seeking to buy tickets, secure hotel rooms and purchase game day merchandise. “The ZeroFOX platform found nearly 500 advertisements on marketplaces for Super Bowl-related merchandise in only a few days, many of them providing little information on where the goods came from – meaning at least some of the ads are likely offering counterfeit goods,” Kirsten Ashbaugh, threat analyst on the ZeroFOX Alpha Team, wrote in a blog post.

Even fans at home won’t escape the aim of hackers looking to cash in on the main event.

“On Super Bowl Sunday, millions of sports fans worldwide will descend onto the internet eagerly searching for a free stream. The result is every hacker's dream,” said Ray Walsh Digital Privacy Expert “This year, hackers are expected to have set up more infected streams than ever before. Anybody arriving on an infected page to hit the "Click Here To Watch the Super Bowl in HD" button is in for a nasty surprise. Malware, spyware, trojans and ransomware are all going to be on the menu – which means that sports fans are going to end up with serious infections.” 

Walsh said fans will likely be charged a “pretty penny” to retrieve access to their locked up and compromised devices. Fans shouldn’t watch dodgy-looking Super Bowl streams,” he warned. Instead, they should “stick to watching official HD streams – they are free and they won't ruin your night.”

As game day approaches, Atlanta, while recently slammed by a devastating SamSam attack, is well-prepared for whatever comes its way, city officials and security pros say.

“Atlanta has been planning for this event for the past two years” with massive coordination among local, state and federal agencies, something that becomes more key “as the threat level ramps up” heading into Super Bowl weekend,” said Tracy Reinhold, CSO at Everbridge, whose platform will be used to alert city residents, visitors, businesses and Super Bowl LIII attendees to emergencies,disruptions or any event requiring information to be shared.

Reinhold, who was a special agent at the FBI for more than 20 years, told SC Media the Department of Homeland Security (DHS) has classified the big game as a SEAR 1 (Special Event Assessment Rating), meaning that heightened security protocols are in effect to guard against terrorism or crime.

While a SEAR 1 event “doesn’t rise to the level” of, say, the State of the Union (SOTU) address, it “is a big deal,” Reinhold said.

After the 9/11 terrorist attacks and the flagging response to Hurricane Katrina highlighted gaps in information-sharing among different agencies and entities, more emphasis has been placed on coordination among the entities charged with safeguarding events.

In the days leading up to the game, Reinhold said authorities from the FBI, DHS and Atlanta Police Department would be working in conjunction through a central command to chase every potential vulnerability,analyzing threats, “with an entire team of intel analysts reviewing incoming traffic and classifying it.”

Threats that need follow-up are parsed out to specific teams to run down. While DHS is the overall security service, much of the responsibility falls to the Atlanta PD, “the group most familiar with the city,” said Reinhold.

The vigilance doesn’t end with the game’s last play, security pros’ work extends to post-Super Bowl events and to “Manic Monday”when fans begin exiting the city in droves, bearing down on transportation hubs like Hartsfield-Jackson Atlanta International Airport, which is busy on the most typical of days.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.