FIFA World Cup 2014: Brazilian Security Command Center Accidentally Shows Wi-Fi Password, Sensitive Info in Press Photo
If you haven't heard about the heavy security surrounding the FIFA World Cup 2014 in Brazil, you haven't been paying attention. Brazilian security authorities had had no major incidents -- until a big goof this week, when a press photo of one of the country's special World Cup security command centers clearly displayed both the center's Wi-Fi SSID and password on its futuristic big screen (via The Register).
For Brazilian newspaper Correio Braziliense's report on World Cup security in Sao Paulo, it interviewed police chief Luiz Cravo Dorea in one of Brazil's dozens of World Cup security command centers, in the Arena de Sao Paulo.
Accompanying the spread was a photo of Dorea standing in the center of the futuristic command-and-control room. In the back right corner is a clear shot of the "Wi-Fi network:" and "password:" fields clearly displayed with the pertinent information in the center's mission control-type big board.
The photo was published on the newspaper's website, and after Twitter user Augusto Barros noticed it, he set off a cascade of social media reposts pointing out the mistake.
Wanna know the pwd for the Brasil world cup security center WiFi nw? It's on the whiteboard ;-) #fail pic.twitter.com/XD6ujqk5nq
— Augusto Barros (@apbarros) June 23, 2014
On top of the Wi-Fi information, the board also displayed a nonpublic internal email address used to communicate with the Brazilian government.
On top of even that, security blog Naked Security pointed out that the Wi-Fi name and password were pretty terrible from a cybersecurity standpoint. "What surprised me the most is that you need to display it on the big screen when it is so simple as to be guessable," Naked Security's Chester Wisniewski said. "The SSID is clearly WORLDCUP and the password appears to be 'brazil2014' in leet speak."
Leet speak is a common alternative alphabet used on the Internet and in online gaming, where numbers and common keyboard symbols replace some letters. In the case of the Sao Paulo security center, the password "b5a2112014" is a pretty easy translation from the obvious World Cup-related keyword -- which, if you notice, is displayed as a big screen "Brazil 2014" logo right next to the sensitive information.
"In fact it took me longer to find that photo than it would have taken me to guess the password," Wisniewski said.
As we reported, Brazil is (supposedly) taking World Cup security so seriously that it's spent almost an estimated $900 million on everything from command centers and "Robocop"-like police armor to drones, military deployments, bomb robots and sophisticated surveillance systems.
All to have one of its security centers potentially compromised by sloppy security habits and a PR blunder.
And how to prevent this blunder?
"Don't write down passwords in public places. ... No sticky notes, white boards, smoke signals, billboards, televisions or even cave walls," Wisniewski said. "Oh, and while you are at it, choose a better password than the name of the event you are protecting."