A cyber attack on a football club, a ransom call: Man United latest victim

Written by Shahid Judge | Mumbai | November 29, 2020 8:09:39 am When Manchester United confirmed they had become a victim of a “sophisticated” cyber-attack, the club asserted the damage had been minimised. That was on November 20. On Thursday, however, the National Cyber Security Centre (NCSC) announced that they were also working on the case – leading to a belief that the attack was far more sinister than what the club had revealed. “The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand the impact,” read a statement by the government body that deals with computer security threats. So far, United hasn’t learnt of any motive behind the attack, and claim the club has regained control of their computer servers, the Daily Mail reported that a ransom to the tune of “millions of pounds” could be demanded. Sports the favoured target According to the Daily Mail, the NCSC revealed that “70 percent of sports organisations (in the UK) had experienced cyber incidents” over the last year, which is double than what businesses in the country experienced. An unnamed English Football League (EFL) Championship team had received a ransom demand of GBP 5 million (approximately Rs 49 crores) after a cyber-attack last year. A sporting outfit had also paid the sum of GBP 4 million (over INR 39 crore), which is the highest amount to be paid, according to the Daily Mail. The newest case involving Manchester United, however, is the most high-profile incident of a cyber-attack involving a sports team. United statement After the attack on November 20, the club issued a statement. “Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption. “Although this is a sophisticated operation by organised cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. Our cyber defences identified the attack and shut down affected systems to contain the damage and protect data. Possible consequences At the moment, it has been reported that employees at the club cannot access their official emails. The Times (London) reported that experts had confirmed that Manchester United may have to pay the hackers else it could result in sensitive information being published on public forums, including fan information (usernames and passwords on the fansite). The club could face a fine of either “GBP 9 million (approximately Rs 89 crore), GBP 18 million (approximately Rs 177 crore) or two per cent of their total annual worldwide turnover if the attack is found to have breached their fans’ data protection,” according to the Daily Mail. The club however, has claimed there has been no breach of personal data. “This attack was by nature disruptive, but we are not currently aware of any fan data being compromised,” read the statement. Not the first for Manchester Two years ago, United’s local rivals Manchester City were alleged victims of a cyber-attack. Rui Pinto, a Portuguese national, who according to The Guardian, has “147 criminal offences (in Portugal) including computer hacking,” had allegedly hacked and gained access to confidential documents that revealed the club had been flouting UEFA’s Financial Fair Play Regulations. Pinto submitted the documents to German magazine Der Spiegel, leading to the club being handed a two-year ban from the Champions League – a decision which was later overturned by the Court of Arbitration of Sport (CAS). Match day problems The unnamed EFL club that had been given a demand of GBP 5 million by cyber-attackers last year had refused to pay the amount. Consequently, the club could not access their CCTV cameras, nor operate the turnstiles in the stadium ahead of a game. Transfer money a target During a transfer window, a Premier League team’s managing director’s email account was hacked. The club had been in the process of making a GBP 1 million transfer for a player from another European club. The hackers however, attempted to transfer the sum into their own bank account, but were prevented from doing so after the club’s bank’s anti-virus system raised alarm.

A cyber attack on a football club, a ransom call: Man United latest victim
Written by Shahid Judge | Mumbai | November 29, 2020 8:09:39 am When Manchester United confirmed they had become a victim of a “sophisticated” cyber-attack, the club asserted the damage had been minimised. That was on November 20. On Thursday, however, the National Cyber Security Centre (NCSC) announced that they were also working on the case – leading to a belief that the attack was far more sinister than what the club had revealed. “The NCSC is aware of an incident affecting Manchester United Football Club and we are working with the organisation and partners to understand the impact,” read a statement by the government body that deals with computer security threats. So far, United hasn’t learnt of any motive behind the attack, and claim the club has regained control of their computer servers, the Daily Mail reported that a ransom to the tune of “millions of pounds” could be demanded. Sports the favoured target According to the Daily Mail, the NCSC revealed that “70 percent of sports organisations (in the UK) had experienced cyber incidents” over the last year, which is double than what businesses in the country experienced. An unnamed English Football League (EFL) Championship team had received a ransom demand of GBP 5 million (approximately Rs 49 crores) after a cyber-attack last year. A sporting outfit had also paid the sum of GBP 4 million (over INR 39 crore), which is the highest amount to be paid, according to the Daily Mail. The newest case involving Manchester United, however, is the most high-profile incident of a cyber-attack involving a sports team. United statement After the attack on November 20, the club issued a statement. “Manchester United can confirm that the club has experienced a cyber-attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption. “Although this is a sophisticated operation by organised cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. Our cyber defences identified the attack and shut down affected systems to contain the damage and protect data. Possible consequences At the moment, it has been reported that employees at the club cannot access their official emails. The Times (London) reported that experts had confirmed that Manchester United may have to pay the hackers else it could result in sensitive information being published on public forums, including fan information (usernames and passwords on the fansite). The club could face a fine of either “GBP 9 million (approximately Rs 89 crore), GBP 18 million (approximately Rs 177 crore) or two per cent of their total annual worldwide turnover if the attack is found to have breached their fans’ data protection,” according to the Daily Mail. The club however, has claimed there has been no breach of personal data. “This attack was by nature disruptive, but we are not currently aware of any fan data being compromised,” read the statement. Not the first for Manchester Two years ago, United’s local rivals Manchester City were alleged victims of a cyber-attack. Rui Pinto, a Portuguese national, who according to The Guardian, has “147 criminal offences (in Portugal) including computer hacking,” had allegedly hacked and gained access to confidential documents that revealed the club had been flouting UEFA’s Financial Fair Play Regulations. Pinto submitted the documents to German magazine Der Spiegel, leading to the club being handed a two-year ban from the Champions League – a decision which was later overturned by the Court of Arbitration of Sport (CAS). Match day problems The unnamed EFL club that had been given a demand of GBP 5 million by cyber-attackers last year had refused to pay the amount. Consequently, the club could not access their CCTV cameras, nor operate the turnstiles in the stadium ahead of a game. Transfer money a target During a transfer window, a Premier League team’s managing director’s email account was hacked. The club had been in the process of making a GBP 1 million transfer for a player from another European club. The hackers however, attempted to transfer the sum into their own bank account, but were prevented from doing so after the club’s bank’s anti-virus system raised alarm.