FIFA is hacked… Once again

The organization has admitted that much of its information was leaked by an attacker still unknown

The International Football Federation Association (FIFA), the governing body of football worldwide, admitted that, once again, has suffered a security incident, as reported by specialists in digital forensics and information security from the International Institute of Cyber Security.

The first hacking attack on FIFA, in 2017, led to the publication of the failed anti doping tests of multiple soccer players, was attributed to the Russian group of hackers known as Fancy Bear or APT28.

Gianni Infantino, president of the international institution, admitted the new hacking incident as he spoke to the press after a FIFA council meeting last week in Kigali, Rwanda, and told the media that FIFA is preparing a report on the incident.

Even so, the digital forensics and cybersecurity community believes that there are still no clarity or technical details about this second attack, although the first FIFA investigations suggest that some officials of the Union of European Football Associations (UEFA) would have been the victims of a phishing campaign. Until last Tuesday, this organization had not found traces of a hacking.

According to information security and digital forensics specialists, the first to access the recently leaked FIFA documents were Football Leaks, a platform that shares leaked information, known as the football version of WikiLeaks.

Football Leaks supplied the leaked documents to a consortium of European media organizations called European Investigative collaborations (IEC), and IEC members began publishing a series of stories based in part on these documents in the recent days. Der Spiegel was the first media agency to do this, but other media soon began publishing articles based on the analysis of leaked documents classified as confidential and highly confidential. Even some media have called this incident “the most important information leaking case known.”

IEC says the reports they have made are based on the investigation of more than 70 million documents, with a total of 3.4 terabytes of leaked data from the FIFA servers.

FIFA is, for obvious reasons, very annoyed by the incident. It has recently issued a statement condemning the leaks: “FIFA condemns any attempt to compromise the confidentiality, integrity and availability of data in any organization using illegal practices.”