Security at this year's World Cup is undoubtedly tight, and this year's World Cup is no exception. However, a Brazilian security chief has unknowingly compromised the security of the tournament's internal WiFi access.
According to International Business Times, police chief Luiz Cravo Dorea was interviewed by local newspaper Correio Braziliense, who then allowed the paper to photograph him standing in the middle of the World Cup main command and control security center, which is located in the Arena de Sao Paulo. Although the photo was innocent enough, people who had an eye for things noticed that the newspaper had photographed what seemed to be top-secret information about the center's WiFi connection.
In the photo, Dorea is seen standing on the left of the photo, showcasing a bank of computer monitors. One of the computer screens, however, was showing not only the security center's WiFI SSID and password, but a secret internal email address being used to communicate with a local government agency.
The photo, which was published initially by Correio Braziliense and had since been taken down, did not escape Twitter users who were able to note the security fail. Twitter user Augusto Barros re-shared the photo, which caused a social media storm among football fans, geeks and security experts alike.
The photo, which was posted by Barros on June 23, came with a caption that read, "Wanna know the pwd for the Brasil world cup security center WiFi nw? It's on the whiteboard ;-) #fail"
Security experts were more vocal about the grave lapse especially by a World Cup security chief, knowing the fact that he would have at least ensure that no internal information is compromised when he had allowed non-personnel inside the security center.
In a blog post, security vendor Sophos blasted World Cup security personnel for using such a blatant password. IBTimes said that the password for the internal WiFI access was "brazil2014" in Leetspeak, which is a way of typing in English popularized by hackers.
"Oh, and while you are at it, choose a better password than the name of the event you are protecting. I suppose that does render the photo less damaging, but that isn't the smartest strategy," Sophos said.
There is no known report yet on whether FIFA has responded to the obvious security lapse, but Dorea might be getting a pink slip soon, or at the very least, will not have a private career in data security.
