SECURITY fears surrounding Iran’s presence at the World Cup should be centered on the threat of cyber attacks from Russia and North Korea, a leading expert has claimed.
With the summer showpiece tournament starting on June 11, the Iranians will create history by becoming the first ever team to be at war with the hosts.
Andrew Giuliani, the head of President Donald Trump’s security task force, told The U.S Sun that part of a $625million federal grant to keep all participants and fans safe over the next week will be spent on managing the Iranian situation.
The Iran team will be based in Tijuana, Mexico, despite all three of their group matches taking place in Los Angeles and Seattle. Security levels will be ramped up to maximum.
They have been training in Turkey for the past month and were lined up to be based in Arizona, before a last-minute change.
Mexico president Claudia Sheinbaum claimed Fifa, soccer’s governing body, wanted help because the United States “doesn’t want the Iranian team staying overnight in the country.”
But Department of Justice national security attorney Michael Lebowitz has told The U.S. Sun his biggest worry is cyber warfare attacks from Russia and North Korea.
“The United States in the World Cup is the biggest sporting event in the world. Right up there with the Olympics, everything like that,” Lebowitz said.
“So there are a lot of enemies in the United States that might not have an ax to grind against Iran. But they might use that to embarrass the United States by using Iran as the cudgel.
“The threat can manifest from multiple distinct vectors simultaneously,” he added.
“Direct Iranian state cyber units, proxy networks, false flag operations from Russia or North Korea, and isolated actors all exist in the same threat environment.
“Right now, with the war in Ukraine grinding on and global diplomacy failing to yield results that Moscow favors, Russia has a distinct geopolitical motive to stick a finger in the eye of the United States.
“We are operating at an incredibly heightened state of alert due to the war with Iran, intense anti-Israel and anti-war sentiment domestically, the ongoing Russia-Ukraine conflict, and highly adversarial relationships with China.”
He added that adversaries increasingly operate in overlapping layers, making attribution more complex during global events.
“These operations are designed so that no single actor appears responsible,” he said. “That ambiguity is part of the strategy.
“Cyber remains the primary threat vector we monitor alongside drones and traditional physical security. There are a lot of ways to disrupt which don’t involve a physical attack.”
Lebowitz, a former Guantanamo Bay prosecutor, said false flag tactics have become a hallmark of modern state cyber operations.
The Iranian situation remains precarious with the conflict continuing to rage.
Visas were only finally issued for the squad on Friday, while uncertainty remains about how their fans will be treated in stadiums.
This World Cup has been designated as a high-value security event, receiving the highest federal security status — similar to a Super Bowl, but distributed across multiple cities and venues over several weeks.
Lebowitz said interagency coordination is already underway.
“This is a whole-of-government operation,” he said. “Intelligence agencies, law enforcement, and venue security teams are all integrated into a single planning structure.
“I’m pretty sure that the FBI and our law enforcement is working directly with the Mexican enforcement or the Mexican intelligence to protect them.
“Because the one thing that the United States wants to avoid is an embarrassment of the games. And that embarrassment could be obviously a physical attack, which would be a horrible thing on many levels. Embarrassment might be lower on the list, but, it’s still something that I think they think about.”
Cyber operations remain one of the primary concerns for security planners because they can create widespread disruption without physical intrusion.
“An attacker doesn’t need to touch a stadium to cause chaos,” Lebowitz said. “If you disrupt transport systems, airline scheduling, or hotel databases, you can create cascading failures across an entire host city network.”
He says even short disruptions can have outsized political and media impact during a globally televised event.
Lebowitz warned that modern cyber operations are designed to conceal their origin through VPN networks, proxy routing, and compromised infrastructure.
“Attribution is one of the hardest problems in cybersecurity,” he said. “You can make an attack appear as though it came from multiple countries at once.”
Major sporting events have repeatedly been targeted in this way.
At the 2018 Winter Olympics in PyeongChang, malware disabled Wi-Fi networks, ticketing systems and broadcast infrastructure around the opening ceremony. Investigators later concluded the attack was designed to maximize disruption while obscuring its source.
“PyeongChang was a turning point,” said one cybersecurity analyst. “It showed how disruptive a well-timed cyber operation could be during a live global broadcast.”
Security officials also reported cyber intrusion attempts during the Tokyo Olympics, targeting organizers and logistics providers. Paris 2024 saw disinformation campaigns and AI-assisted influence operations aimed at confusing audiences and amplifying false narratives.
“What we’re seeing now is convergence,” a cybersecurity researcher said. “Cyber disruption, misinformation, and psychological operations are increasingly layered together.”
According to Lebowitz, these trends explain why events like the World Cup are attractive targets.
“The World Cup is one of the most visible events on Earth,” he said. “Even a short-lived disruption becomes a global story within minutes.”
Experts claim security agencies are monitoring not only state-backed actors but also hacktivists and ideologically motivated groups.
“Cyberwarfare is highly fluid,” he said. “We have to defend against state actors, hacktivists, and politically motivated groups who all see these events as opportunities.”
Even relatively simple cyber activity, such as website defacement or denial-of-service attacks, can create disproportionate disruption when timed with global attention.
“The threshold for impact is much lower during mega-events,” Lebowitz said. “Something small can look much larger when the world is watching.”
He also noted that in modern geopolitical doctrine, cyber operations often exist in a gray zone below traditional definitions of armed conflict.
“Unless there is catastrophic physical damage, most cyber operations fall below the legal threshold of an armed attack,” he said. “That ambiguity is exploited constantly.”
Lebowitz warned that adversaries without direct involvement in the Iran conflict could still exploit the tournament for strategic messaging.
“Global events like this are symbolic battlegrounds,” he said. “They are opportunities for states to project influence without direct confrontation.”
Source : https://www.the-sun.com/news/16451200/world-cup-iran-north-korea-russia-war-cyber-attack/
