Hiding Secrets in Plain Sight

[past➔Future] t he FIFA World Cup and NFL Super Bowl were two of the highest-profile sporting events of 2014, each drawing hundreds of millions of viewers from around the world. Such large audiences create tempting targets for all manner of ne' er-do-well, and event organizers went to great lengths to secure their games. Brazil was reported to have deployed more than 150,000 police and military officers across the World Cup's 12 sites1. The NFL, working with the state and federal government, used a swarm of helicopters to patrol the stadium airspace, and kept a team of F16 aircraft poised nearby, ready to jump into action if the no-fly zone surrounding the stadium was breached2. Likely as a deterrent, and to assuage potentially skittish attendees, FIFA and the NFL were eager to publicize how extensive their security efforts were. However, in doing so, both organizations committed identical facepalm-inducing security mistakes. The first breach occurred during a pre-game telecast for the Super Bowl, during which CBS News highlighted the video-surveillance system NFL security was using to monitor activity in and around the stadi-um3. CBS broadcast pictures of security officers carefully watching video feeds from the stadium playing field, parking lot and spectator seats on wall of screens. Unfortunately, the NFL failed to notice a screen on the wall clearly containing a username (" marko ") and password (" w3lc0m3!HERE ") for the league's Wi-Fi network. FIFA demonstrated that it had not learned from the NFL's mistake when it invited the Brazilian newspaper Correio Braziliense into its security command center several months later. Just like the NFL, FIFA failed to notice that the lower right-hand corner of its wall of surveillance videos contained the password for its Wi-Fi network (" b5a2112014 ")4. Although it is unclear whether either leak caused any damage, both sets of credentials were widely disseminated on social media. Lest one conclude that only highly trained professionals in charge of multi-million dollar security apparatuses are prone to accidentally disclosing sensitive data in the presence of cameras, consider two other recent leaks. In the spring of 2015 the French television station TV5Monde accidentally broadcast the login details for its Twitter, Instagram, and YouTube accounts when a reporter forgot that the credentials were printed on a sheet of paper on his cubicle5 – the station's YouTube password was " lemotdepassedeyoutube " , " youtubepassword " in French. And passwords are not the …