Cyber Threats are now front and center to the largest events in the world

Set The Stage• 9 Days• Ranked at #1 Technically advanced in N.

America• 75,000 fans into 1 stadium + operations,

vendors and media• 1 Million + new Visitors into San Fran• 100+ Million watching • 150+ countries• 70 cameras filming • 360 instant freeze and Replay cameras • 36 Red Zone Cameras with 360 degree

visibility and virtual playback• Superimposed yard lines• Apps offering fans an interactive experience• 400 miles of data cable/fiber• 12,000 network interfaces• Distributed antenna system (DAS) to boost

the cellular signals

Mobile enabled

• 1,300 Wi-Fi Access Points• 1,200 Bluetooth Beacons• 40 Gb/s of available bandwidth• 10 Terabyte of Data• 1 AP for 100 Seats

• Cellular Enhanced

Now Social Media

• Brand engagements• 50% of the ads had a special hashtag

• Enhanced User Experience Apps• For directions• To order Food• NFL emoji keyboard• Fantasy Football• Interactive games that let fans catch virtual passes

Various Agencies involved

Preparation

• Understand the Network Topology

• Set layered Inspection and what sensors

• Understand role and

placement of sensors

• Base Line Traffic

• Understand chain of command

Monitor Other UsesOf the Stadium

• Local Events• WrestleMania• Concerts• Foster Farms College

Bowl

Concerns

Before game day

• 14 Fiber Cuts through 2015

• New traffic showing up• Outbound Traffic to Ireland and other countries

Concerns

• Horizontal Movement between Servers

• JumboTron• IP Harvesting • POS • Fake Tickets• Fake Emails and part of

campaigns to confirm orders

• APT’s• Electric Power going dark

• Network Redundant Systems in place

• and checked

What were the Fans Doing?

• 19.8% Video• 19.6% Web-browsing• 17.6% Social Media sharing• 15.9% Cloud• 2.3% Music• 1.4% Messaging• 1.4 % Email• 1% Navigation• 21% other• Ie Twitter feeds on Cell Carriers

Met Life SB 48• 1.1 TB of Wi-Fi Data

Univ of Phoenix SB 49• 6.2 TB of Wi-Fi Data• 25,936 unique Wi-Fi Users• 17,322 Peak Concurrent

users• 7 TB approx. data via

wireless carrier

Levi Stadium SF 50• 10.1 TB of Wi-Fi Data +63%• 1st to transfer 10 TB of Data over

Wi-Fi• Sunday 6 am to 11 pm fans use

9.3TB and the media used 453 GB• 27,315 Unique Wi-Fi users • 20,300 Peak Concurrent users3.0

Gbps Continuous Wi-Fi bandwidth for 4+ hrs. on Sunday

• 15.9 TB of data via wireless carrier• 15.1 – 23Mbps download

throughout the game (3 x SB 49)• Live Streaming consumed 315

Million Total min. @ 1.4 M users

Comparison

• Aver 49s Game generates 2.0 TB • Wrestle Mania last March 4.5 TB

• 76,976 Fans• 4.5 TB• Peak 14,800 Concurrent Fans• 1.61 Gbps Continuous data• 2.474 Gbps

• Taylor Swift 7.1 TB ( with ½ of the stadium closed off)

What did we Learn?

Game Stats

• 24 Million Cyber Events• 19.6 Million events from Wired Network• 3.8 Million from Wireless Wi-Fi Network• Barrier1 AARE Engine 568,502 or 2.3% Cyber never before seen in the world. No Signatures. Definitions or Knowledge• Game Day 6 am – 11Pm

• fans used 9.3 TB• Media used 453 Gb

Severity of the Cyber Events • 1 336,035 1.4%• 2 801,122 3.3%• 3 23,364,179 95.4%

What did we uncovered

Cnc P2P BitorrentTOR Vuze BtWeb ClientEDonkey Edonkey emuleGnutella Kaza ThunderNetworkRAT Client Heartbleed C2

Viruses

• User Agents• Window Executable in Text file• Anubis PushDo• Netwire DNS Poison• Trojan DNS• Overtoobar.net backdoor

Most Bizarre

• Clear Text Password• Inappropriate Websites• Sexting

What Did we Learn

• Speeds will be faster

• Greater Emphasis on Fan Experience

• More Apps

• Cyber Attacks will be more complex

• There will be more attack surfaces

• More Automation

Thank You

Thank You

Worries• Phishing Attacks• Ransomware• Soft Targets – before and during the game• Web Site compromise• IP Harvesting• Fake Tickets• Fake Emails and part of campaigns to confirm orders

What were they doing?• 19.8% Video• 19.62% Web Browsing• 15.9 % Cloud• 2.29% Music• 1.44% Messaging• 1.3% email• .97% Navigation• 20.8% the rest• Planned for 2/Gbps

• Ordered Food• Watched Replays• Communicating with their friends

that were not at the game• Fantasy Football• Stadium Apps that show direction

and locations of vendors & services• Selfies• 6,000 hrs. of HD Video

What Got Through• Network Capture• Wired 19,609,972 (normal business, Web, Mail, printing)• Wireless 3,719,231• AARE Engine 56,442

• Types of traffic

Continued• Main Viruses

• User-Agent• Flow Point 220• Window Executable in Test File• Anubis• PushDo• Netwire RD• Overtoolbar.net backdoor• DNS Poison• Trojan DNS

Continued What were they doing?• Live Streams consumed 315 Million total minutes of Game • Average audience was 1.4 million

• Event driven traffic

• Distributed antenna system (DAS) to boost the cellular signals

• Thousands of monitors in every section of the stadium, so no one will miss a beat

• One large master control room to power those monitors with game action, graphics and replays

• Interactive games that let fans catch virtual passes

• 20,000 square feet of solar panels and a LEED Gold Certification for its environmental friendliness

• An app designed specifically to enhance the in-game experience