Virtual draft makes NFL teams possible targets for hackers

A hacker could provide entertainment value by disrupting the TV broadcast of the virtual NFL draft that begins Thursday night.

Such an infiltration would embarrass the NFL but wouldn’t compromise the integrity of the draft. There are other potential hacks outside the broadcast that wouldn’t be so harmless for the league.

What if teams, or third parties working for them, remotely hack into the videoconference platforms used by rival teams or even the computers of their personnel? Team officials aren’t allowed to congregate in one room, like usual, so they are scattered about and communicating virtually.

A team that digitally eavesdrops on what’s being said in the virtual draft rooms of other teams would gain an illicit advantage. Gaining access to the computers of rival teams would be an edge that keeps paying off. The history of espionage in sports shows that teams are willing to cheat if they think they can get away with it.

The virtual nature of the draft provides hackers an opportunity to cheat without detection. And the popular Zoom videoconference platform that’s used by NFL teams and other businesses has been a target of such attacks.

The website Vice recently reported that brokers are offering for sale “exploits” that take advantage of vulnerabilities in the Zoom platform. The attack allows hackers to leverage what’s known as “Zoombombing” to infiltrate meetings and possibly access the target’s entire computer system. The exploit requires the hacker to be on a call with the victim, the report says.

Quentin Rhoads, director of professional services for the cybersecurity firm CRITICALSTART, says that there’s no proof that the Zoom exploit exists.

“But in security, we are going on the perspective that it might be real, so we have to take it seriously,” Rhoads said. “If somebody were to (use the exploit), they could potentially gain access to all these Zoom meetings without being invited if the meeting I.D. were leaked and Zoom security best practices weren’t being followed. If victims are running Windows, (hackers) could gain local access to machines without the victim knowing it.”

Vice said the asking price for the Zoom window application exploit is $500,000.

The NFL isn’t offering specifics about what security measures it will use for the virtual draft. However, the league said the Microsoft Teams platform, not Zoom, will be used for its communication with teams and vice versa. CRITICALSTART said there have been fewer issues with Teams but it’s still possible to hack the platform.

Rhoads’ firm posted tips for NFL teams to safeguard their communication and information. One of them is requiring strong passwords and multifactor authentication to gain access to meeting platforms. An example of the latter is the platform sending users a text message with a code that’s required to gain entry.

“If an attacker decides they want to gain access to your password, they need to kidnap you or find your phone or steal it,” Rhoads quipped.