Categories
NBC Los Angeles

Could The 2020 NFL Draft Be Hacked? Security Issues Face the League’s First Virtual Draft

Picture this for a second:

Roger Goodell, the Commissioner of the National Football
League steps down into his basement, stands behind the podium, and says:

“With the first pick in the two-thousand and twenty NFL
Draft, the Cincinnati Ben…

Picture this for a second:

Roger Goodell, the Commissioner of the National Football League steps down into his basement, stands behind the podium, and says:

“With the first pick in the two-thousand and twenty NFL Draft, the Cincinnati Bengals select…Joe Exotic from the Tiger King.”

Outrageous as that might sound, it’s not entirely out of the realm of possibility, especially if hackers have their way during Thursday’s first ever virtual NFL Draft.

Now we’re not saying that the only Tiger related mascot in the NFL is going to select the self proclaimed “Tiger King” over LSU quarterback Joe Burrow, but we are saying that the league has plenty of cybersecurity concerns when it comes to the potential for hacking an entirely online-based draft.

The annual NFL draft has taken place since 1936. The inaugural Draft took place inside a meeting room at the Ritz Carlton Hotel in Philadelphia, and consisted of players names written on a blackboard for teams to chose from. The board has changed over time, but for the most part the format has remained the same.

For the first thirty years, the league travelled to various NFL cities and relied on newspapers and conversations with coaches. In the 1940s, full-time scouts were introduced and the scrutiny of players began.

In 1965, the NFL Draft moved to New York City and remained there for 50 years until the league went back to the original concept of hosting it in a new location every year. In 1980, ESPN broadcast the NFL Draft live on television for the first time in its history.

The 2020 NFL Draft was originally scheduled to take place over the water within the Bellagio fountains in Las Vegas. The event would coincide with the city’s first NFL franchise as the Raiders will begin their tenure in the city this fall. On March 16, due to concerns with the COVID-19 pandemic, the league cancelled the event in Las Vegas and announced the draft would be conducted virtually instead.

As details came flooding in, so did the concerns with cybersecurity when it comes to such a high-profile event. It’s one thing to secure the network of the Commissioner, who the league announced will be announcing the picks on Thursday from the basement of his home in suburban New York, but what about the 32 NFL teams with general managers, head coaches, assistant coaches, and scouts? What about the 58 prospects across the country that have been invited to participate in the draft virtually? How can the NFL protect all these networks from hackers?

At first, many assumed the league could use a video-conferencing platform to virtually host the 2020 NFL Draft. Most people are certainly aware of Zoom, one of the leading companies in video communication, and a mainstay for many during the stay-at-home orders implemented during the coronavirus pandemic.

However, in early April, Zoom’s security woes went viral. The word “Zoombombing” began trending on social media, as hackers infiltrated zoom meetings by hijacking organizers computers and posting disturbing materials. A recent Forbes article states that over 530,000 Zoom accounts have already been hacked with peoples’ personal information now available for purchase on the dark web.

Instead of Zoom, or Skype, the league opted to partner with sponsors Microsoft and Verizon for their own internal setup. The league will be relying heavily on Microsoft Teams to keep their own servers and cameras safe, but said that each of the 32 NFL teams are responsible for their own communications setups.

The possibility of the NFL or one of its 32 teams being hacked on Draft Day is something that many people involved in the league are concerned about, including Baltimore Ravens head coach John Harbaugh.

“[Ravens IT staffers] assure me that we are doing everything humanly possible [for hacking not to happen],” Harbaugh told reporters in a Zoom call earlier this month. “And I remind them that that’s what Wells Fargo and all those other places said about their private information.”

Around the league, NFL teams are relying heavily on their in-house IT teams, and will most likely be using a combination of virtual private networks known as VPN, in addition to other security protocols to help reduce the risk of any cybersecurity attacks. Despite all of these measures, nothing is foolproof or 100 percent secure.

“I’m not to worried about that [hacking],” said Los Angeles Rams’ head coach Sean McVay on a Zoom video conference call with reporters on Tuesday. “If they’re worried about hacking us, these things never go exactly according to plan, which is why the planning and contingency planning is vital.”

Rams’ general manager Les Snead showed he possessed a thin red composition notebook with all his notes and information in the event anything happened and the team had to rely on good old-fashioned pen and paper to conduct their draft. Snead added that technical difficulties and communication issues are inevitable, but the league had a plan in place in the event something occurred.

“I think the experts we have helping us or assisting us get through this on our IT team, our video team, I give that group all the credit,” said Snead. “I have relied on some smart people and have not had a glitch at all. I do know this, if the screens go out, you always have a phone.”

Part of the concerns among NFL executives, general managers, and coaches, is privacy. Many are afraid that draft communications could be tapped or overheard, communications intercepted, computers hacked, and scouting reports stolen. The leaking of information or prospects accounts getting hacked on Draft Day is nothing new, but when the entirety of the draft is online any sort of attack could be catastrophic.

Dave Levin, faculty member at the Maryland University Cybersecurity center recently told USA Today that he believes hackers would target three areas of the NFL Draft: confidentiality, authenticity, and availability.

For example, a hacker could try and gain access to team communications like e-mails and chats, or impersonate a team employee in order to gain access to sensitive information and leak it publicly before the picks are selected.

“You put yourself in the shoes of the attacker, and try to think, ‘What would I try to do?’ Levin told USA Today. “The single greatest disturbance I think you could have would be to make it so that they couldn’t make their pick, to cut off their availability…or maybe they just try to disrupt things, either for personal gain, just for the fun of it, or maybe for profit.”

In 2011, the Baltimore Ravens thought they had a trade lined up with the Chicago Bears for the 26th overall pick in the NFL Draft. However, miscommunication resulted in the trade never going through and time expired. Based on NFL Draft rules, the next team on the clock could make their selection until the Ravens finally got their pick in. Under these circumstances, it’s easy to see how much of an appealing target that could be for a diehard fan to try and hack their team’s rival in order for them to miss out on a pick.

“I think there’s enough time in between picks,” said McVay when asked about this very scenario playing out during the three-day NFL Draft event. “The NFL has done a great job communicating and understanding and some flexibility if some of those things do arise. If you were telling me we’re operating on a real play clock, like 40 seconds or 25 in a really game, I’d say maybe I’d feel a little bit differently, but we have a little bit more time in between those selections and I think the NFL has done a nice job of kind of getting ahead of some of those things that could come up.”

Indeed they have. On a conference call last week, the NFL announced that they have the power to pause the draft—similar to an online fantasy football draft—if any cybersecurity or technical issues arise.

Most people expect that technical issues will occur during the three-day NFL Draft at some point. On Monday, the league conducted a mock draft as a precursor to the real thing. Right out of the gate, the Cincinnati Bengals had technical difficulties while trying to conduct the first pick of the mock draft.

Hopefully by Thursday, all the bugs and kinks are resolved, and the first ever virtual NFL Draft will go on like a dream, but if previous history is any indicator, expect multiple difficulties during the three-day event.

The 2020 NFL Draft will begin with Round 1 on Thursday, April 23 at 5:00PM PT. Rounds 2-3 will occur on Friday, April 24 at 4:00PM PT, and Rounds 4-7 on Saturday, April 25 at 9:00AM PT. The Draft can be watched or streamed live on any device on NFL Network, ABC, ESPN, and ESPN Deportes.