The document discusses the technical infrastructure and cybersecurity measures in place for hosting large sporting events like the Super Bowl. It notes the large amounts of data (over 10 terabytes) transmitted over WiFi networks by tens of thousands of fans, and the complex monitoring required to detect cyber threats across hundreds of network interfaces and devices. While most traffic was normal, sophisticated attacks were still detected by dedicated security systems, highlighting the ongoing risks at mass gatherings and the importance of multilayered protection strategies.

1. Cyber Threats are now front and center
to the largest events in the world

2. Set The Stage
• 9 Days
• Ranked at #1 Technically advanced in N.
America
• 75,000 fans into 1 stadium + operations,
vendors and media
• 1 Million + new Visitors into San Fran
• 100+ Million watching
• 150+ countries
• 70 cameras filming
• 360 instant freeze and Replay cameras
• 36 Red Zone Cameras with 360 degree
visibility and virtual playback
• Superimposed yard lines
• Apps offering fans an interactive experience
• 400 miles of data cable/fiber
• 12,000 network interfaces
• Distributed antenna system (DAS) to boost
the cellular signals

3. Mobile enabled
• 1,300 Wi-Fi Access Points
• 1,200 Bluetooth Beacons
• 40 Gb/s of available bandwidth
• 10 Terabyte of Data
• 1 AP for 100 Seats
• Cellular Enhanced

4. Now Social Media
• Brand engagements
• 50% of the ads had a special
hashtag
• Enhanced User Experience Apps
• For directions
• To order Food
• NFL emoji keyboard
• Fantasy Football
• Interactive games that let fans
catch virtual passes

5. Various Agencies involved

6. Preparation
• Understand the Network
Topology
• Set layered Inspection
and what sensors
• Understand role and
placement of sensors
• Base Line Traffic
• Understand chain of
command

7. Monitor Other Uses
Of the Stadium
• Local Events
• WrestleMania
• Concerts
• Foster Farms College
Bowl

8. Concerns
Before game day
• 14 Fiber Cuts through 2015
• New traffic showing up
• Outbound Traffic to
Ireland and other
countries

10. Concerns
• Horizontal Movement
between Servers
• JumboTron
• IP Harvesting
• POS
• Fake Tickets
• Fake Emails and part of
campaigns to confirm
orders
• APT’s
• Electric Power going dark

11. • Network Redundant
Systems in place
• and checked

14. What were the Fans Doing?
• 19.8% Video
• 19.6% Web-browsing
• 17.6% Social Media sharing
• 15.9% Cloud
• 2.3% Music
• 1.4% Messaging
• 1.4 % Email
• 1% Navigation
• 21% other
• Ie Twitter feeds on Cell Carriers

15. Met Life SB 48
• 1.1 TB of Wi-Fi Data
Univ of Phoenix SB 49
• 6.2 TB of Wi-Fi Data
• 25,936 unique Wi-Fi Users
• 17,322 Peak Concurrent
users
• 7 TB approx. data via
wireless carrier
Levi Stadium SF 50
• 10.1 TB of Wi-Fi Data +63%
• 1st to transfer 10 TB of Data over
Wi-Fi
• Sunday 6 am to 11 pm fans use
9.3TB and the media used 453 GB
• 27,315 Unique Wi-Fi users
• 20,300 Peak Concurrent users3.0
Gbps Continuous Wi-Fi bandwidth
for 4+ hrs. on Sunday
• 15.9 TB of data via wireless carrier
• 15.1 – 23Mbps download
throughout the game (3 x SB 49)
• Live Streaming consumed 315
Million Total min. @ 1.4 M users

16. Comparison
• Aver 49s Game generates 2.0 TB
• Wrestle Mania last March 4.5 TB
• 76,976 Fans
• 4.5 TB
• Peak 14,800 Concurrent Fans
• 1.61 Gbps Continuous data
• 2.474 Gbps
• Taylor Swift 7.1 TB ( with ½ of the
stadium closed off)

17. What did we Learn?
Game Stats
• 24 Million Cyber Events
• 19.6 Million events from Wired Network
• 3.8 Million from Wireless Wi-Fi Network
• Barrier1 AARE Engine 568,502 or 2.3%
Cyber never before seen in the world.
No Signatures. Definitions or Knowledge
• Game Day 6 am – 11Pm
• fans used 9.3 TB
• Media used 453 Gb
Severity of the Cyber Events
• 1 336,035 1.4%
• 2 801,122 3.3%
• 3 23,364,179 95.4%

18. What did we uncovered
Cnc P2P Bitorrent
TOR Vuze BtWeb Client
EDonkey Edonkey emule
Gnutella Kaza ThunderNetwork
RAT Client Heartbleed C2
Viruses
• User Agents
• Window Executable in Text file
• Anubis PushDo
• Netwire DNS Poison
• Trojan DNS
• Overtoobar.net backdoor
Most Bizarre
• Clear Text Password
• Inappropriate Websites
• Sexting

21. What Did we Learn
• Speeds will be faster
• Greater Emphasis on
Fan Experience
• More Apps
• Cyber Attacks will be
more complex
• There will be more
attack surfaces
• More Automation

22. Thank You
Thank You

23. Worries
• Phishing Attacks
• Ransomware
• Soft Targets – before and during the game
• Web Site compromise
• IP Harvesting
• Fake Tickets
• Fake Emails and part of campaigns to confirm orders

24. What were they doing?
• 19.8% Video
• 19.62% Web Browsing
• 15.9 % Cloud
• 2.29% Music
• 1.44% Messaging
• 1.3% email
• .97% Navigation
• 20.8% the rest
• Planned for 2/Gbps
• Ordered Food
• Watched Replays
• Communicating with their friends
that were not at the game
• Fantasy Football
• Stadium Apps that show direction
and locations of vendors & services
• Selfies
• 6,000 hrs. of HD Video

25. What Got Through
• Network Capture
• Wired 19,609,972 (normal business, Web, Mail, printing)
• Wireless 3,719,231
• AARE Engine 56,442
• Types of traffic

26. Continued
• Main Viruses
• User-Agent
• Flow Point 220
• Window Executable in Test File
• Anubis
• PushDo
• Netwire RD
• Overtoolbar.net backdoor
• DNS Poison
• Trojan DNS

27. Continued What were they doing?
• Live Streams consumed 315 Million total minutes of Game
• Average audience was 1.4 million
• Event driven traffic

28. • Distributed antenna system (DAS) to boost the cellular signals
• Thousands of monitors in every section of the stadium, so no one will miss a beat
• One large master control room to power those monitors with game action, graphics and replays
• Interactive games that let fans catch virtual passes
• 20,000 square feet of solar panels and a LEED Gold Certification for its environmental friendliness
• An app designed specifically to enhance the in-game experience