Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

3 biggest Super Bowl XLVIII security gaffes

markpainter ‎02-03-2014 10:46 AM - edited ‎07-07-2015 09:26 AM

High profile events such as the Super Bowl require intense levels of security (including a throng of plainclothes agents and F-16s, among other things). However, for what should have been the most secure sporting event in history, there were some astounding security lapses.  Here, then, are the top 3 security gaffes from Super Bowl XLVIII.


 1) Super Bowl Security Command Center Wi-Fi password broadcast on national TV


It being the Super Bowl, everything is publicized, including details regarding the security of the event. It makes for good ratings, and if nothing  else the publicity serves as both a reminder that security will be tight and as a potential deterrent to all but the most foolhardy. However, in showing off the impressive new capabilities of the first of its kind Super Bowl Security Command Center, CBS This Morning inadvertently broadcast the SBSCC's Wi-Fi password and SSID on national television. I think the chaos that ensued in notifying the appropriate personnel of the swiftly changed new credentials could kindly be described as a 'mad rush' (Michael Strahan notwithstanding). The irony of the situation is of course not lost when the Security Command Center lets publicity trump its own security.  But there could have been serious repercussions to this disclosure. It's only a matter of luck and timing that there weren't.



2) Late for work 


It is simply amazing how far social engineering can take you, especially considering a New York city super Bowl should be the most secure single sporting event in history. With just a badge from a different event and a story of running late for work, a 'truther' was able to make it all the way to the media tent and then espouse his 'views' on live ESPN.  Granted, it was obvious after he opened his mouth that he had an agenda that didn't quite jibe with the program. But he wound up surprising even himself by how far he got.  And there's the rub. All the technology in the world means nothing when the human element fails.  Even trained security professionals tend to get bored after a long day (perhaps they watched the second half) and let their guard down. But to get all the way to the media tent and through multiple layers of security on little more than hubris is astounding, and makes one wonder  how secure these events really are. Thankfully, this guy was only interested in sharing his viewpoint.  Considering the stated intentions of harm already hurled towards the Sochi 2014 Winter Olympics, let's hope their security works better than that.


3) Misconfiguration and information leakage - the story of Denver's offense


I'm going to admit it. As a graduate of the University of Tennessee, this one hurts. Denver's offense was completely overmatched, and it made for a less than stellar game. So what happened? For one thing, the offensive line that had protected Peyton Manning all season long - to the tune of a record fifth Most Valuable Player award and the single season records for both touchdowns and yardage passing - broke down. Peyton was harried all night long. The security lesson, of course, is that what once served as effective protection might not always. Whether protecting a network or a quarterback, it takes constant reevaluation and updated configurations to counter new threats. And Seattle posed an attack that Denver was simply not ready for.


As well, Seattle figured out that Peyton Manning had a 'tell'. Peyton's eyes were leaking information (not tears, though. C'mon. This is Peyton Manning) and inadvertently revealing by their direction which receiver was to be his primary target. That let Seattle call the right coverage. In other words, Seattle basically saved  a zero-day attack to leverage at the highest point of  vulnerability. It's not that different than the attackers who waited until Black Friday to launch attacks against large retail chains. Timing is everything, whether in the passing game or knowing when to take advantage of the most opportune moment to attack.


Update:  So there's more to the story of how the Seattle defense 'hacked' Denver during the game . Apparently it wasn't Peyton's eyes so much as his hand signals that Seattle deciphered. But again, as in security, sometimes it's not easy to determine exactly where you are vulnerable, especially during the attack itself. Whether protecting your quarterback or your network, having a plan of prevention simply isn’t enough. It also takes reaction to changing circumstances.


0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all