3 biggest Super Bowl XLVIII security gaffes

High profile events such as the Super Bowl require intense levels of security (including a throng of plainclothes agents and F-16s, among other things). However, for what should have been the most secure sporting event in history, there were some astounding security lapses.  Here, then, are the top 3 security gaffes from Super Bowl XLVIII.

 

 1) Super Bowl Security Command Center Wi-Fi password broadcast on national TV

 

Super-Bowl-password-665x385.jpgIt being the Super Bowl, everything is publicized, including details regarding the security of the event. It makes for good ratings, and if nothing  else the publicity serves as both a reminder that security will be tight and as a potential deterrent to all but the most foolhardy. However, in showing off the impressive new capabilities of the first of its kind Super Bowl Security Command Center, CBS This Morning inadvertently broadcast the SBSCC's Wi-Fi password and SSID on national television. I think the chaos that ensued in notifying the appropriate personnel of the swiftly changed new credentials could kindly be described as a 'mad rush' (Michael Strahan notwithstanding). The irony of the situation is of course not lost when the Security Command Center lets publicity trump its own security.  But there could have been serious repercussions to this disclosure. It's only a matter of luck and timing that there weren't.

  

 

2) Late for work 

 

It is simply amazing how far social engineering can take you, especially considering a New York city super Bowl should be the most secure single sporting event in history. With just a badge from a different event and a story of running late for work, a 'truther' was able to make it all the way to the media tent and then espouse his 'views' on live ESPN.  Granted, it was obvious after he opened his mouth that he had an agenda that didn't quite jibe with the program. But he wound up surprising even himself by how far he got.  And there's the rub. All the technology in the world means nothing when the human element fails.  Even trained security professionals tend to get bored after a long day (perhaps they watched the second half) and let their guard down. But to get all the way to the media tent and through multiple layers of security on little more than hubris is astounding, and makes one wonder  how secure these events really are. Thankfully, this guy was only interested in sharing his viewpoint.  Considering the stated intentions of harm already hurled towards the Sochi 2014 Winter Olympics, let's hope their security works better than that.

 

3) Misconfiguration and information leakage - the story of Denver's offense

 

I'm going to admit it. As a graduate of the University of Tennessee, this one hurts. Denver's offense was completely overmatched, and it made for a less than stellar game. So what happened? For one thing, the offensive line that had protected Peyton Manning all season long - to the tune of a record fifth Most Valuable Player award and the single season records for both touchdowns and yardage passing - broke down. Peyton was harried all night long. The security lesson, of course, is that what once served as effective protection might not always. Whether protecting a network or a quarterback, it takes constant reevaluation and updated configurations to counter new threats. And Seattle posed an attack that Denver was simply not ready for.

 

As well, Seattle figured out that Peyton Manning had a 'tell'. Peyton's eyes were leaking information (not tears, though. C'mon. This is Peyton Manning) and inadvertently revealing by their direction which receiver was to be his primary target. That let Seattle call the right coverage. In other words, Seattle basically saved  a zero-day attack to leverage at the highest point of  vulnerability. It's not that different than the attackers who waited until Black Friday to launch attacks against large retail chains. Timing is everything, whether in the passing game or knowing when to take advantage of the most opportune moment to attack.

 

Update:  So there's more to the story of how the Seattle defense 'hacked' Denver during the game . Apparently it wasn't Peyton's eyes so much as his hand signals that Seattle deciphered. But again, as in security, sometimes it's not easy to determine exactly where you are vulnerable, especially during the attack itself. Whether protecting your quarterback or your network, having a plan of prevention simply isn’t enough. It also takes reaction to changing circumstances.

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation