World Cup Security Overlord Accidentally Reveals Internal Wi-Fi Password in Epic Fail

Security for the World Cup has been going quite well, with no big incidents reported so far – if you don't count the head of Brazil's federal police posing in a photo showing the World Cup security centre's internal Wi-Fi password.

Brazilian newspaper Correio Braziliense interviewed police chief Luiz Cravo Dorea, who then allowed the paper to photograph him standing right in the middle of the World Cup's main command and control security centre in the Arena de Sao Paulo.

Clearly visible in the picture are a bank of computer monitors showing the security centre's Wi-Fi SSID and password, as well as a secret internal email address used to communicate with a Brazilian government agency.

The newspaper published the photo on their website (now taken down) and Twitter user @apbarros pointed it out and caused a Twitter storm among football fans, geeks and security experts alike:

To top it all off, many Twitter users have pointed out that the security credentials used for the internal Wi-Fi network are terrible as well.

The SSID is WORLDCUP and the password is "b5a2112014", which translates to "brazil2014" in Leetspeak, an alternative way of typing in English popularised by hackers, that replaces letters with numerals.

Security experts are of course chiming in to remind people to stop taking computer and internet security so lightly, but it is truly astonishing that Brazil's World Cup could score such a security own goal.

"Don't write down passwords in public places (or take nudie pics with your cell phone). No sticky notes, white boards, smoke signals, billboards, televisions or even cave walls," advises security vendor Sophos in a blog post.

"Oh, and while you are at it, choose a better password than the name of the event you are protecting. I suppose that does render the photo less damaging, but that isn't the smartest strategy."