Photos of semi-naked female soccer fans were used by hackers to target FIFA officials

Hackers sent photos of scantily-clad female soccer fans to FIFA officials as bait in a bid to infect their computers with spyware, leaked documents have revealed.

Organisers of the 2022 Qatar World Cup were also targeted in the operation run by the United Arab Emirates security services, according to the bombshell papers. 

Emails with the raunchy snaps were sent to at least a dozen officials inviting them to visit a website called “worldcupgirls” in 2014 – four years after Qatar won their bid to host the tournament.

Clicking on the link would deploy almost undetectable spyware into the target’s computer, but it is not known if any of them fell for the ruse.   

Among the targets were Jack Warner, the former FIFA vice president now banned for life from football for fraud, former FIFA executive committee member Mohamed Bin Hammam, also banned for corruption, and Sheikh Mohammed bin Khalifa Al Thani, brother of the Emir of Qatar.

The documents reveal the hackers were part of a multi-million surveillance operation called DREAD, short for Development Research Exploitation and Analysis Department, set up by the United Arab Emirates, Qatar’s rivals.

Hackers sent raunchy photos to football officials in a bid to access confidential files. Former FIFA vice president Jack Warner (pictured) was among those targeted by the UAE operation

A group of former National Security Agency operatives and at least five former White House staff members helped to set up the secret unit, according to the new documents.

The operation was planned by an ex-NSA analyst called Chris Smith, a report based on the leaked internal memos claims.

The hackers were part of a multi-million surveillance operation called DREAD. Former FIFA executive committee member Mohammed bin Hammam (pictured) was also said to have been sent the raunchy photos

The hackers were part of a multi-million surveillance operation called DREAD. Former FIFA executive committee member Mohammed bin Hammam (pictured) was also said to have been sent the raunchy photos 

The plot, codenamed Brutal Challenge, was designed to infect the computers of key FIFA and Qatari officials with spyware that would allow the UAE hackers free access to their files and steal damaging information about Qatar’s World Cup bid.

Other hacking targets of the UAE operation included former FIFA president Issa Hayatou, former executive committee member Jacques Anouma and Nicolas Leoz, former president of the South American Football Confederation, who died in August.

In a statement, a spokesperson said FIFA was “not aware” of any hacking incidents relating to the World Cup. 

Qatar’s Supreme Committee for Delivery and Legacy, which is in charge of organising the 2022 tournament, has not commented.

The new details are contained in a bundle of more than 10,000 DREAD programme documents uncovered by investigative reporters at Reuters news agency. 

They chart the rise of the UAE’s cyber surveillance agency which senior White House and US defence executives, including Richard Clarke, a former US counter-terrorism czar, helped the country to build in the wake of 9/11.

The report claims that after the 2011 Arab Spring, the UAE started targeting people it was convinced were their political enemies, and others that were critical of the monarchy. 

Employees of a US company called CyberPoint, working with the UAE spy operation, assisted in the hacking of hundreds of Google, Yahoo, Hotmail and Facebook accounts, sharing details with senior Emirati intelligence officers. 

After stealing targets’ internet browser history, the group would highlight their porn preference in reports to managers.

In 2015, the UAE hired the controversial cyber security firm Dark Matter, which assisted DREAD to target the United Nations’ offices in New York in a bid to compromise the email accounts of foreign diplomats, the memos show.

Among the targets of the operation under DarkMatter was Saudi women’s rights activist Loujain al-Hathloul, who was tortured and imprisoned. Her emails were hacked in 2017 in an operation codenamed Purple Sword after she tried to defy a ban against women driving in Saudi Arabia, an ally of the UAE, according to a former DREAD operative.

After her emails were hacked, UAE security forces arrested al-Hathloul, who once appeared in a Vanity Fair photo shoot with the Duchess of Sussex, in Abu Dhabi and forced her back to her home country, where she was tortured at a secret facility. 

She remains in a prison near Riyadh, despite a royal decree in 2018 allowing Saudi women to drive legally for the first time.

In 2017, the UAE spy unit also developed elite hacking tools that could remotely break into iPhones of media figures and rival foreign leaders in 2017.

In a statement, DarkMatter told Reuters it was unaware of any improper actions by the company. 

Last month, the founder of DarkMatter Faisal Al Bannai was appointed by the UAE to lead its national defence group, called Edge, which, with nearly 12,000 staff, aims to boost the UAE military capabilities. 

The new defence giant is developing bombs, drone and ‘critical technologies’ to ensure the UAE’s ‘sovereign capability’ on defence.