You are using an outdated browser. Please upgrade your browser to improve your experience
This assessment was issued to clients of Dragonfly’s Security Intelligence & Analysis Service (SIAS) on 4 May 2023.
Clients have asked us about the security situation around the Eurovision Song Contest in Liverpool from 9-13 May. The city’s police have not advised of any specific threats to the contest. But planned security measures, along with the large number of visitors, will probably lead to travel disruption in the city centre. Limited protests surrounding the event are also likely. And alongside probable online scams and phishing campaigns related to the event, pro-Russia hacktivists are very likely to target the spectacle, commercial British entities and potentially sponsors with DDoS attacks.
We anticipate travel disruption in Liverpool city centre and by Liverpool Arena on the waterfront next week. This is particularly due to road closures. The local authorities have advised that at least 100,000 people will visit the city and that roads and public transport will be ‘busier than usual’. They have said that a part of Mount Pleasant Street is currently closed until 15 May, and that bus route 699, in particular, will be impacted by diversions from 9-13 May. They have also advised that rail strikes from 12-13 May ‘may affect’ travellers, especially at Liverpool Lime Street train station.
Liverpool’s local police appear well prepared to secure the event. The authorities have not advised of any specific threat intelligence regarding any dangers or threats to the contest, such as terrorism. And we have not seen any threats or calls for violence against the event on the extremist channels we monitor. But the police are still very likely to implement extensive security measures. They have stated that their provisions will be ‘the largest protective security operation that Merseyside Police has mounted’, and that the operation will include firearms officers, dogs, mounted police and CCTV operators.
In the absence of extremist threats against the contest, our terrorism threat level for Liverpool remains high. Domestic, lone far-right and jihadist extremists probably have some intent to target the Eurovision event, given the inclusion of pro-LGBTQ+ themes in the competition and several LGBTQ+ performers contesting this year. But in our assessment, both are unlikely to be capable of high-casualty attacks, especially given a high-security presence in the city during the event. And we assess that the risk of any terrorist attack is low.
Some limited protests surrounding the event are probable. The police have not advised of specific protest plans, but they recently said that ‘eco-protesters’ may try to target it. Groups like Just Stop Oil have recently targeted popular (and televised) events to increase their exposure and publicity. Based on precedent, their actions would most likely include slow-walking or paint-throwing near the event or powder-throwing and heckling inside the venue. But the police appear well prepared to limit disruption. Other small, mostly peaceful gatherings, such as in support for Ukraine, are also likely near the event.
Opportunistic cyber actors are probably intent on targeting businesses, attendees and fans with phishing content related to Eurovision. The local authorities have advised that the many new clients and suppliers will make it hard for firms to spot ‘fraudsters’; cyber actors will probably exploit this. Phishing campaigns will most likely include malware-embedded emails with luring subject lines, or offers related to accommodation or tickets. It is plausible, if not probable, that threat actors will pose as sponsors. According to local media, several individuals with bookings in the city have already been targeted by phishing.
DDoS attacks on Eurovision websites, public and commercial entities in the UK, and potentially sponsors, are likely around the competition. During the event in Italy last year, pro-Russia hacktivist groups targeted the Eurovision website, as well as Italian government and corporate websites, with DDoS attacks. And they are probably highly motivated to do so again, given Russia’s exclusion from the contest. We have not seen calls for such attacks. But based on their past targeting, websites of British private entities in the banking and finance sectors, as well as UK airports, are probable targets.
Image: King Charles III and Queen Camilla react after switching on stage lighting during a visit to M&S Bank Arena, the host venue of this year’s Eurovision Song Contest, in Liverpool on 26 April 2023. Photo by Phil Noble/Pool/AFP via Getty Images.