Wednesday, 5 July 2017

Countdown Of Our 100 Favourite Matchfixing Events Of Last Decade

Our first book will be published soon.

Register by clicking on the book link below or enter your email on the form at the top right corner of the Football is Fixed blog homepage. book cover


Countdown Of Our 100 Favourite Matchfixing Events From The Last Decade

100. West Brom 5 Man United 5 (May 19th 2013) - Premier League
99. England 2 Spain 2 (Nov 11th 2016) - International Friendly
98. Bayern Munich 2 Man City 3 (Dec 10th 2013) Champions League
97. Portsmouth 0 Fulham 1 (May 11th 2008) Premier League
96. West Ham 2 Chelsea 1 (Oct 24th 2015) Premier League
95. Tottenham 2 Birmingham 1 (May 11th 2011) Premier League
94. Man Utd 1 Real Madrid 2 (Mar 5th 2013) Champions League
93. South Africa 0 Uruguay 3 (Jun 10th 2010) World Cup Finals
92. Newcastle 6 Norwich 2 (Oct 18th 2015) Premier League
91. Parma 0 Chievo 1 (Feb 11th 2015) Serie A
90. West Brom 4 Burnley 0 (Nov 21st 2016) Premier League
89. Monaco 2 Tottenham 1 (Nov 23rd 2016) Champions League
88. Leicester 5 Man United 3 (Sep 21st 2015) Premier League
87. Fulham 2 Wigan 0 (Oct 29th 2008) Premier League
86. Dynamo Kiev 6 Besiktas 0 (Dec 6th 2016) Champions League
85. Wigan 1 Tottenham 0 (Jan 11th 2009) Premier League
84. France 3 Honduras 0 (Jun 15th 2014) World Cup Finals
83. Nottingham Forest 5 West Ham 0 (Jan 5th 2014) FA Cup
82. Zenit St Petersburg 4 Bayern Munich 0 (May 1st 2008) UEFA Cup Semi Final
81. Rhyl 5 Port Talbot Town 0 (Apr 9th 2016) Welsh Premier League
80. Portsmouth 0 Fulham 1 (May 11th 2008) Premier League
79. Man City 4 Tottenham 1 (Oct 18th 2014) Premier League
78. Inverness Caledonian Thistle 3 Celtic 2 (Apr 19th 2015) Scottish Cup Semi Final
77. Celtic 0 Juventus 3 (Feb 12th 2013) Champions League
76. Man United 5 Midtjylland 1 (Feb 25th 2016) Europa League
75. Stoke 2 Tottenham 1 (Oct 19th 2008) Premier League
74. Portsmouth 1 Cardiff City 0 (May 17th 2008) FA Cup Final
73. Finland U21 1 England U21 1 (Sep 9th 2013) UEFA U21 Championship
72. Tottenham 4 Man City 1 (Sep 26th 2015) Premier League
71. Real Madrid 0 Barcelona 4 (Nov 21st 2015) Primera Liga
70. Southampton 4 Arsenal 0 (Dec 26th 2015) Premier League
69. Blackburn 1 Derby 0 (Feb 28th 2017) Championship
68. Legia Warszawa 4 Celtic 1 (Jul 30th 2014) Champions League Qualifiers
67. England 1 Iceland 2 (Jun 28th 2016) Euro 2016 Finals
66. West Ham 3 Bournemouth 4 (Aug 22nd 2015) Premier League
65. Barnet 2 Macclesfield 1 (Nov 25th 2011) League Two
64. Gibraltar 0 Liechtenstein 0 (Mar 23rd 2016) Friendly International
63. Willem II 0 Utrecht 3 (Mar 20th 2010) Dutch Eredivisie
62. Lithuania 2 Malta 0 (Oct 11th 2016) World Cup Qualifiers
61. Chelsea 2 Man City 1 (Oct 27th 2013) Premier League
60. Middlesboro 0 Leicester City 0 (Jan 2nd 2017) Premier League
59. Man Utd 2 Crystal Palace 0 (Sep 14th 2013) Premier League
58. Everton 2 Leicester 3 (Dec 19th 2015) Premier League
57. Everton 3 Chelsea 6 (Oct 30th 2014) Premier League
56. Juventus 3 Napoli 1 (Feb 28th 2017) Coppa Italia
55. Barcelona 7 Celtic 0 (Sep 13th 2016) Champions League
54. Man City 1 Tottenham 2 (Feb 14th 2016) Premier League
53. West Ham 2 Blackpool 1 (May 19th 2012) Championship Play-Off Final
52. Brighton 3 Derby 0 (Mar 10th 2017) Championship
51. Liverpool 1 Bournemouth 0 (Aug 17th 2015) Premier League
50. Zenit St Petersburg 2 Rangers 0 (May 14th 2008) UEFA Cup Final
49. Man City 6 Portsmouth 0 (Sep 21st 2008) Premier League
48. Bournemouth 3 West Ham 2 (Mar 11th 2017) Premier League
47. Liverpool 8 Besiktas 0 (Nov 6th 2007) Champions League
46. Liverpool 2 Ludogorets 1 (Sep 16th 2014) Champions League
45. Bayer Leverkusen 1 FC Koln 2 (Nov 7th 2015) Bundesliga
44. Brighton 2 Leeds Utd 0 (Dec 10th 2016) Championship
43. Brighton 3 QPR 0 (Dec 27th 2016) Championship
42. Sunderland 1 Liverpool 3 (Sep 29th 2013) Premier League
41. Schalke 2 Eintracht Frankfurt 0 (Apr 11th 2014) Bundesliga
40. Aston Villa 1 Tottenham 2 (Nov 2nd 2014) Premier League
39. Liverpool 0 West Brom 2 (Feb 11th 2013) Premier League
38. Blackpool 1 West Brom 3 (Apr 8th 2008) Championship
37. Veria 4 Kerkyra 0 (Mar 18th 2017) Greek Super League
36. Levante 1 Real Zaragoza 2 (May 22nd 2011) Primera Liga
35. Real Betis 0 Sporting Gijon 3 (Jun 11th 2015) Segunda Liga
34. Sporting Gijon 2 Villarreal 0 (May 15th 2016) Primera Liga
33. FC Slutsk 2 Shakter Soligorsk 1 (Feb 3rd 2014) Belarussian Premier League
32. SC Freamunde 1 Ponferradina 2 (Aug 4th 2014) Friendly Match
31. AlbinoLeffe 2 Siena 1 (Jan 9th 2011) Serie B
30. Everton 2 Arsenal 1 (Dec 16th 2016) Premier League
29. Leicester City 4 Man City 2 (Dec 10th 2016) Premier League
28. Celtic 1 Rangers 3 (Oct 24th 2010) Scottish Premier League
27. Chelsea 1 Man Utd 0 (Mar 13th 2017) FA Cup Quarter Final
26. Arsenal 4 Aston Villa 0 (May 30th 2015) FA Cup Final
25. Torino 2 Inter Milan 2 (Mar 18th 2017) Serie A
24. Newcastle 0 Tottenham 2 and Man Utd 4 West Ham 0 (Aug 13th 2017) Premier League
23. Stoke 1 Arsenal 0 (Aug 19th 2017) Premier League
22. West Brom 1 Stoke 1 (Aug 27th 2017) Premier League
21. Real Madrid 2 Valencia 2 (Aug 27th 2017) La Liga
20. Bournemouth 2 Brighton 1 (Sep 15th 2017) Premier League

We Give You Our First Post From 2006
Our First Podcast From 2017
And Our First Book Promotion From 2017

Chapter One And Chapter Three From Our Book
Plus A Few Other Tidbits

Safely Secured Away, In Multiple Locations And In An Array Of Formats, Are 1400 Archived Posts
Exactly 1400

On occasion an ephemeral flashback quantums in and out of 'existence'

Reach us via Contact Form at Match Fixing Analytics
Cannot promise replies.
And follow us, if it becomes you, @FootballIsFixed on Twitter

© Football is Fixed 2006-2017

Tuesday, 13 June 2017

The Revolution Sashays Up The Mall - Laugh In The Face Of Power



Promotional Preface

“Everything seeks its own death including power”- Jean Baudrillard

Death is liberation.

The Infamous Wu Shu Hackers are a global cellular network established in 1995 to save football from the mafia.

This is a crime novel, a hybrid of fact and coded fiction based on fact. Global Mafiosi have stolen the game and murdered the sport. But the crime is not perfect, traces remain to be discovered and hacked and shared.
Global football ‘elites’ act as an oligarchical cartel to solicit proprietary gains alongside the rape of the game. Football is prostituted under the supervision of the governmental, institutional, bookmaking, media and regulatory captures that dominate the systemic structure of the corruption.
It is the End of Play, a Timeline of Decay.

Football has become iconoclastic. Modern iconoclasm no longer consists in destroying images but in manufacturing a profusion of images where there is nothing to see – the use of instant replays to rewrite the history of unfortunate occurrences!

It is the End of Play.
Football is Fixed.
Football is Fucked.
Football is Dead.

Whereas MOBgate, the collusion between football agent and professional gambler, John Colquhoun, and referee Jonathan Moss which resulted in a set of insider trading events that would occur by chance once every 93 billion years (our universe is 13.8 billion years old) was a private affair, the corruption behind Leicester City winning the Premier League in 2015/16 was systemic and involved institutions, government, referees, mainstream media, doping regimes, matchfixing and illicit club ownership.

In this book we disclose other corruptions too, both systemic and particular. The takeover of the England team by a cartel of football agents, the collusion between Rangers and the Scottish FA and the equivalent accommodations between Celtic, Sevco, Ladbrokes and those behind the systemic corruption in English football, the systemic manipulations and physical theft of documents by 'Football Leaks' - a front for a cartel of football agents - to undermine Jose Mourinho and all matters Gestifute, the rigging of promotion and relegation issues in the Championship (particularly to the benefit of Brighton and Hove Albion). On a particular level, we reveal the extent that referees, players and club officials work with bookmakers and other market professionals to fix top flight football matches in the major European leagues as well as numerous other boiler room scams where small groups come together to rig the global markets for proprietary gain.

Football died with its biggest fairy tale – the rise of Leicester City to being Premier League champions - the remarkable story of sovereign wealth fund-backed billionaires backing local lads, bribing referees, doping local lads, buying superstars, doping superstars, buying off opponents, doping the markets, massively successful on the pitch and in the markets via institutional control and corruption. As we show in the book, the goodwill lost out of the Leicester City Affair is colossal – you can fool some of the fans some of the time, you can fool all of the fans some of the time, but you cannot fool all of the fans all of the time. It was a poor strategy allowing criminals to own the Foxes. But at least now we know that with doping, referee control and state mafia/sovereign wealth fund backing, anybody can win the Premier League.

There are parallels to the decline of that other great sport, cricket. Most international matches, all matches on the Indian sub-continent, most T20 games and the County Championship in England are entirely corrupted by the mafia that is the Dawood Company. Originally based in Mumbai they were held responsible for the 1993 bombings and relocated to Dubai and then Pakistan where, alongside cricket, they engage in murder, smuggling, drug trafficking, extortion, racketeering, gunrunning, terrorism, money laundering, counterfeiting and betting. With an inner core of between five and ten thousand members plus a penumbra of operatives, this is evidently not cricket. Tis little wonder the cricket grounds of the world have tumble-grasses of desolate narratives blowing through the empty stands.

We have seen evidence that this South Asian mafia group is funding ISIS in Pakistan on a protection level. The full impacts of matchfixing are far greater than mere sporting integrity.

From autarky to autarchy.
[Fragmented] cartels, monopolies, duopolies, opaque layered mature markets, gamed regulation or self-regulation or no regulation, dark pool poker tables of corruption, sinister darknet operations, Deep States bifurcating between the kleptocratic and the plutocratic, disaster capitalism templates helicoptered in to scenes of desperation, state and self-imposed mainstream media censorship, corporate lobbyists controlling the democratic process and filtering knowledge via their abuse of press output, the imprisoning of whistleblowers, the omnipresence of shadow banking and dark money matrices, certain investment houses operating as states within states directly influencing world governance via a confiscation of power, global warming our way to a new planetary equilibrium state with irreversible feedback loops, akin to the early phases in the development of the acidic atmosphere of Venus, all of this blended together with the hard right politics of divide and rule and class war.
That’s late capitalism!

Illegitimate claims of capitalism producing growth when, as Piketty intimated, the only growth is due to an expansion in the global populace – late capitalism is the conclusion of a Ponzi scheme orchestrated in the late Middle Ages but doomed to a disastrous death from day one, as with all pyramid schemes. “Growth is not democracy. Profusion is a function of discrimination”.

Late capitalism yields a plethora of Ponzi bubbles - these are not Kondratieff waves but rather expressions of robust Malthusian ecological limits blended with the conclusion of this viral pyramid scheme. 
It is the worst of times, it is the worst of times, it is the age of foolishness.
Capitalism, despite the support of Deep States, is a Ponzi scheme collapsing under the weight of its own absurdity.
But All-Under-Heaven suggests that the situation should be observed a level deeper…
… the level of the mafia state.
A fragmentally cartelised web of geographically scattered mafia states orchestrate the systemic corruption and matchfixing that has destroyed global football. It is suitably ironic in a postmodern way that a game that is played on turf should have become a mafia battle over turf.

It is the skewed incentives of diabolical wealth accumulation together with short-termist inversion capitalist structures with the supportive networks of tax havens and regulatory capture that have allowed the deconstruction of football as a sport over the last quarter century.
As soon as there is an imbalance in favour of market depth over sporting kudos, corruption is a given.

A death spiral.
A system of cascading death spirals.

Hayek was bad enough but free markets have been replaced by bureaucratic state monopoly control – markets are a terror of value without equivalence.
Take the efficiency of markets (financial or football) which allegedly underpins neoliberal ideology - there is no efficiency in corrupt markets, the prices may be manipulated to private hidden agendas and all of the information is most definitely not in the price. Corrupted markets may be made into anything.

Financial markets are also inefficient via their refusal to accept the cost of negative externalities in the price of an asset. How on earth can a price be efficient in the holistic sense if externalities are not included in the equation? The timing of the eagerly anticipated systemic implosion is an unknowable variable. It is an unknown known. Temporally.
Disaster myopia in a disaster capitalism complex!

Through the provision of a psychopathic regulation-lite template where individuals are rewarded for antisocial public displays of their disorders, elevating themselves up the power hierarchy, it is hardly surprising that the system itself has become psychopathic. Short-termism engenders systemic risk. Refusing to recognise externalities produces super-systemic risk.

The Wu Shu Hackers, infamous before we started - legendary Chinese monkeys whose aim is to defeat the greedy warlords and give football back to the people.

There is a battle for truth with fake mainstream news obfuscating corruption while what Slavoj Zizek calls “a carnivalesque popular parade, a mocking spectacle” sashays down the Mall.

We offer dietrologia for our times, the end times, and we exhibit incredulity towards any meta-narrative. Information now resides in the individual, not the state. An economy based on information cannot be capitalist despite the best efforts of governments, monopolies and banks to maintain control over power and information - the hive mind network trumps hierarchy. Always.

Always futurescanning.

We open markets.

Football has found a new equilibrium state as an augmented reality where manipulators create an illusion to create an event. Each paradigm develops its own Gestalt but any whole is temporary as, in effect, there is no paradigm, only corruption versus critical consciousness. There are no permanent facts, only interpretations. There are no absolutes. There is no solid ground.
Enter the hacker, the whistleblower, the spectator of the spectacle.

We are not in the arena of rogue individuals and solo bad apples here, we are dealing with a systemic and global stealing of the people’s game. The Deep State plus an ever-expanding circle of non-governmental advisers from banking, industry, commerce and sport who were cleared for highly classified information denied to large swathes of the real state have resolved to monetise the game to derivative levels of opacity.

More money, more greed, more envy - psychopathy of the individual and of the system. It is the systemic nature of the market-led corruption that underpins both neo-liberalism and football. The fight to save football, although futile, has been a tragedy of intrigue, mystery and corruption but also of freedom, a passion for justice and struggle against impossible odds.

Nino di Matteo: “We live in a mafia state – a state that, in order to preserve the status quo, has to remove whistleblowers who want justice. We want to know the reason for the silence of mainstream media – why are they frightened to the degree they become accomplices in (and beneficiaries of) the corruption. We must rebel against this system and this mafia method.
“… Since receiving death threats, I have felt fear. My freedom is restricted. It is unlikely I will ever live a normal life again.”
There is nowhere for whistleblowers to turn. We live underground and invisibly most of our lives, security is second nature, automatic – number plate-face, the discarding of burners, the abuse of pagers, programming to intercept drones, different routes-different times, establishing secret office spaces, creating networks of proprietary VPNs, the daily changing of codes utilising proprietary random number generators, linked in a cellular manner to colleagues who one can rarely meet while at all times of crisis having to act solo in strategy and reactive in defence when communication routes are necessarily convoluted.
And, in the holistic, constructing doubled and trebled games of strategy to enmesh the enemy in our cosmic web of sousveillance.

Whistleblowing is a risk business. The targeting of other people’s inappropriate powers engenders psychopathic response. There is no support matrix for whistleblowers, the law has to be broken.

The Infamous Wu Shu Hackers are a dynamic, moving target. We are opaque and elastic and geographically spread. The nodes are secure. We have moved the agenda along ahead of the curve for nearly a quarter of a century. The mainstream media doesn’t function. We by-pass this media to become the media. We are anarchists. We have spent our adult lives demolishing capitalism and the liberal state via direct action, sousveillance and hacking, whistleblowing, spying on the spies, setting hoax traps, constantly reconfiguring our security and our advantages. We are latter day Edelweiss Pirates. We give you our art and our graffiti. We offer you dietrologia – the science of what is behind something and we give you ‘pataphysics – the science of that which is superinduced upon metaphysics, examining the laws governing exceptions and universes parallel to this one. The science of imaginary solutions.

We reveal much in the book but some content is redacted and many individuals are coded. Names, characters, businesses, states, places, events and incidents are either the product of a diseased imagination or used in a fictitious manner only linked to the truth via multiversal wormholes. Any resemblance to actual persons, living or dead or anywhere in between, or actual events is purely coincidental, a fluke, a freak entanglement.

The Infamous Wu Shu Hackers have the biggest sports story of all time. Read on.

W.B. Yeats: "All changed, changed utterly. A terrible beauty is born".


Reach us via Contact Form at Match Fixing Analytics
Cannot promise replies.

Register free for further information about our forthcoming book at

The book will be available in August 2017.

And follow us, if it becomes you, @FootballIsFixed on Twitter

© Football is Fixed 2006-2017

Chapter 3 - Quantum Murmurations

Chapter 3


"... the actual instantiation of neoliberal free trade requires active state intervention, regulation and monopolies. And the global regulation of intellectual property law is perhaps one of the clearest instances of the contradictory underpinnings of neoliberal practice - a monopoly mandated by trade associations as a global precondition for so-called free trade" - Gabriella Coleman

“My government used DDoS attack against servers I own, and then convicted me of conducting DDoS attacks. Seriously, what the fucking fuck” – Chris Weatherhead/Nerdo reportedly instrumental in bringing down PayPal for 10 days in Operation Avenge Assange

I-Security Document: 20 Years of the Infamous Wu Shu Hackers – Threat Actor Research

The Infamous Wu Shu Hackers (IWSH) are an active cyber espionage cellular network that has been very aggressive and successful in recent years. The network’s activities demonstrate that global espionage relating to football is the group’s primary motive, and not financial gain. Its main targets are bookmakers, football agents, matchfixing consortia, football clubs, politicians and news media.

We are able to trace IWSH actions as far back as 2010 but there are substantial evidences that the network was established in the mid-1990’s. We have shared several detailed analyses of IWSH in recent years and this new paper attempts to dissect the network’s attacks and methodologies to help governments and the relevant business sectors perceive a more comprehensive up-to-date view of IWSH’s processes and tactics.

Under normal circumstances, we would share (on a consultative level) defence strategies against IWSH but, in our view, there are none. These are not normal circumstances.

The IWSH are becoming increasingly relevant particularly as they have begun to undertake more than simple football espionage activities. In 2016, the IWSH hacked into several senior figures in the Conservative government (leading to the withdrawal from politics of one individual) and one individual in the House of Lords, and sought to utilise the information so gained to force through the establishment of a government-based entity to address corruption in British football. Moreover, IWSH claim to have evidence that there exists a mafia state orchestrating corruption and matchfixing on behalf of a global array of governments, institutions, businesses, football clubs and private individuals. The impact of these malicious activities are now being felt by various governments, enterprises and businesses globally. Even citizens of different countries might be affected as the IWSH tries to manipulate people’s opinions about corruption in football. The attacks by the IWSH might even serve as an example for other entities, who might copy tactics and repurpose them for their proprietary aims.

As we have attempted to monitor IWSH’s operations since 2010, we can perceive how the network has evolved into a 5th Estate media organisation, manipulating events and public opinion via the collection and dissemination of information gained by hacking. Some events e.g. the MOBgate and Leicester City Affairs and ‘Football Leaks’ (the former suggestive of systemic matchfixing in the Premier League and the latter allegedly proving that the exposures of a media group were based on mafia turf wars) have been covered extensively. The network’s cyber propaganda methods – using electronic means to change public opinion – create issues on an array of levels. The eruption of fake news in 2017 may in part be attributed to repetitive information leaks and manipulations by malicious actors. Mainstream media sources in Britain have confirmed that the IWSH offered exclusive snippets of high-impact hacks, presumably to alter public perceptions of British football.

In this document, we seek an overview of the IWSH and explore the variety of attacks being propagated (although it is critical to add that the cellular nature of this network makes a complete analysis impossible). The IWSH are known for sophisticated phishing activities, zero days, false flag operations and for trespassing on prohibited ground and leaving without any trace – they seek information not power nor financial gain.

Centrally, the IWSH – also known as Football is Fixed, La Brigade de la Surete and Synonymous – remain a driven cyber espionage network. Hackers co-ordinate multiple attacks with various methods from secured nodes on the same target to achieve their aims. Whereas most hacking entities phish for financial gain, the IWSH would seem to have no interest in monetising their activities – their initial slogan from 1995 describes the purpose as “to save football from the mafia”.

The IWSH leak sections of their stolen information online but, perhaps surprisingly, would appear to withhold some key breaches. We assume that this is a defensive tactic against any future legal actions that might be brought against the network. We do not know for certain how much knowledge resides in this network. In this manner (and in this manner only), IWSH are similar to the Fancy Bears Hacking Team who revealed doping by US and UK athletes in the Brazil Olympics and co-ordinated systemic doping by the Team Sky Cycling body. The IWSH is not, in our opinion, linked to any one government.

The IWSH have released documents relating to the ‘Charlotte Fakes’ Twitter account detailing collusion between the Scottish FA and Glasgow Rangers, alleged ‘mafia state’ activities producing matchfixing in the Premier League, the alleged control of the England and Scotland national teams by a cartel of football agents as well as other disclosures outlined elsewhere in this document. The IWSH claim to stand for “anti-corruption, fair play and clean sport”, however, in reality, they released private information that was, in effect, stolen. These activities markedly weaken the institutions governing football and are having considerable impacts on betting turnover, television subscriptions and attendances at matches.

In 2016, ‘Football Leaks’ information was released on the ‘Synonymous’ blog (now largely archived aside from a cryptic message on the homepage). We were able to intercept documents Synonymous released to servers in Greece, Romania and Moldova which revealed that ‘Football Leaks’ had physically stolen documents from football clubs in Spain, Portugal, France and the Netherlands and that the campaign against manipulations and Third Party Player Ownership (TPO) linked to the Gestifute agency was orchestrated by a group of British football agents who also utilise TPO and who were commercially at war with Gestifute. The IWSH could have given this information to the Portuguese police but, for reasons that remain unclear, chose not to do so.

Two national newspapers shared with us evidence that clearly link the IWSH to Synonymous.

Between 2009 and 2017, one particular firm of football agents ###### (who wish to remain anonymous) were repeatedly hacked by the IWSH. Stolen information was published by ‘Football is Fixed’ and ‘Synonymous’ websites. No individual ever claims responsibility nor the fame that is usually attached to such activities. The IWSH were able to access password-protected parts of the ###### site via credential phishing campaigns. The IWSH attack both free and corporate webmails, they have gained access to private betting accounts of individuals they claim are involved in insider trading on football matches that have been allegedly fixed – they claim to “open markets” in the same manner that Wikileaks “opens governments”.

There have been numerous occasions where the IWSH use media to publicise their attacks in order to influence public opinion. Influential British newspaper ############### confirmed that they were offered exclusive access to alleged corruptions over player selection for the England national team and considerable evidence about the fixing of a Premier League match between Fulham and Wigan Athletic in October 2009. This ‘evidence’ included phone hacking.

In our view, we suspect that the successful hacks undertaken by the IWSH of which we are aware are but a mere fraction of the full extent of the network’s activities. Even when we are able to detect intrusions, they have frequently been active for considerable periods prior to detection and often have been terminated as a source of further information by the network. Of particular concern is the hacking of private market activities. One of our clients has been made aware that the IWSH have full details of every bet that has been placed since February 2009 – the IWSH claim that this proves matchfixing but the group’s activities are criminal in that they invade the privacy of this client.

In the Spring of 2016, the IWSH launched phishing warfare against certain senior members of the British government in coincidence with a parallel phishing campaign against two European free webmail providers. It is not known whether IWSH were successful or not but knowledge shared with a doubled operator by the group suggests that some vital information was gathered and the network publicly proclaimed that “systemic corruptions orchestrated by the Deep State (sic) in relation to the Premier League triumph of Leicester City has yielded between £6 billion and £24 billion profit for a global consortium in one season”. No further evidences have been released yet but, in some instances, the IWSH will wait a decade or more to release information to the media (as shown by the group’s recent releases relating to ‘Gekko’ from 1995).

The IWSH never doctor the information that they publicise and we are not able to find any evidence that the group benefits in the betting markets from insider trading information that they steal. The authenticity of all leaked data is robustly verified. By publishing carefully selected undoctored information, threat actors are more effective in influencing public opinion in a manner that aligns with their mission statement.

Phishing is a valuable weapon in espionage campaigns. Professional hackers create ingenious social engineering tactics and avoid spam filters and any security installed on the target systems. Huge amounts of valuable data can be stolen via phishing and such campaigns frequently provide a foundation for future warfare. The IWSH has utilised phishing to silently gather data over long time windows and to use such penetration to delve further into the network of the victim organisation e.g. by sending emails from stolen identities.

It is very likely that, throughout his tenure as England manager, the email accounts of ########### were compromised and that other actors were compromised by association.

The IWSH has co-ordinated several long running campaigns against particular high profile entities via the hacking of free international webmail providers, minor webmail bodies in fringe territories and proprietary internal systems – we know of no other methods that might have revealed to the network the scores of aliases used by one particular football agent. IWSH have a full house. We have attempted to detect patterns in the activities of IWSH particularly with regard to the timing of attacks but the network would appear to be generating attacks using random number generators buried deep in their highly developed global network. At other times, IWSH will always react to particular news events in football claiming to offset the ‘fake’ mainstream media news with ‘reality’ claiming that all mainstream output is ‘hyperreal’.

Most bodies allow members and employees to read emails away from the office, enhancing business efficiency but introducing significant risks. Such webmail may be hacked in numerous manners. The IWSH use phishing lures that are indistinguishable from the websites being mimicked. The IWSH have also been known to target tabnabbing prompts to re-enter personal passwords, the abuse of Open Authentication standards, two-factor authentication via secondary phishing, VPN hacking and, in our estimation, only hidden security keys and biometric data offset this mode of attack. Unfortunately, phishing is but one tool in the IWSH armoury.

Another method that we know the IWSH utilise is the compromising of mail servers to direct to a server in another territory (in the case of IWSH, Tiraspol in Transnistria). These hacks are very obvious and quickly corrected but serve to demonstrate the mockery that seems to underpin all hacking groups. While this type of attack is simple in nature, the outcomes can be devastating as Clifford Stoll showed in his book “The Cuckoo’s Egg”. Further complications are added with this type of attack as phone hacking is often perpetrated in parallel.

The IWSH appear to curtail their activities around the movable date of Chinese New Year. We can only surmise that either the IWSH are linked to South East Asian entities or that the market structures relating to matchfixing change in this window. Of course, it might also be the case that the network simply alters strategy at these periods. We cannot know with any certainty. The group are also significantly less active in the football close season but, again, it may be that IWSH shift their focus to the summer leagues of Scandinavia and, most likely, Ireland.

Recently, we have found some evidence that the IWSH have turned to spear-phishing campaigns against lower level figures in target organisations. Emails are received about key news or current events directly associated with the business of the organisation directly mimicking headlines from BBC, The Guardian, Der Spiegel and many others. While it is easy to block such attacks against high profile individuals, weaknesses lower down the hierarchy are exploited by IWSH. One of the British government targets was however spear-phished after being caught off guard.

The IWSH is extremely careful with how they infect their targets. Initially, the exploit URLs are specific to each victim, each with ‘code’ that is unique to that target. Invasive JavaScript code then uploads information to the exploit server. Depending on the target, the exploit server will return an old exploit, a zero day or a social engineering temptation. The key input here for IWSH is the maintenance of the zero day and the avoidance of detection. Even after detection, waves of malicious activity might result from just-patched Flash zero day and open Windows privilege escalation vulnerability. The IWSH frequently infect with a lower grade of malware to determine whether the target is worthy of further investigation prior to hitting valuable targets with X-Tunnel or X-Agent or proprietary IWSH constructs beyond the limits of our current detection. The war strategy is to control as many of the nodes of the target network as possible.

So-called watering hole attacks are also a part of the IWSH armoury. Sites are compromised that IWSH suspect will be visited by their target (particularly betting companies). In one case, IWSH injected a Browser Exploitation Framework exploit onto ###### and this attack proved to be highly successful – there was a whole toolkit of exploits unleashed. There are parallels here with IWSH tabnabbing behaviours.

Perhaps surprisingly, the IWSH have only rarely used zero days. We do not know why.

Like all hacking groups, the IWSH exhibits preferences for certain webhosting providers and this has allowed us to spot some attacks swiftly but the network always appear one step ahead with an exponentially increasing network of IP addresses being used, many activated remotely via impenetrable nodes.

Although IWSH uses the infrastructure of well-developed territories e.g. Britain, Romania and Australia, the intelligence services are known to have struggled to break random number generated encryption and transport layer security. Some success was achieved in December 2016 via the hacking of several phones used by the network but each device became a discarded burner within days. But the IWSH evidently does not care that intelligence services might be exposed via the identities of targeted individuals.

At this point we need to address the unknown unknowns. We have only managed to infiltrate one member of the IWSH, Ojo del Toro. This actor is aware of our interest and this makes it difficult to determine how much of the output that is disclosed to us is real and how much is internal IWSH strategy. We have not been able to find any of the ‘offices’ that the network utilise in Britain, Greece, Romania, Australia or Transnistria. We achieved a certain amount of success via weaknesses in the Bucharest node but we cannot be sure that what we have gained is exactly what the IWSH wished for us to gain. We know that del Toro has existed in cellular networks throughout his adult life (he is 58 years old) and we are also aware from open communications between del Toro and one of his legal representatives that saving football from the mafia is not the primary strategy of the network. We are in the territory of doubled and trebled games here and we suggest that state actors explore these areas. We repeatedly find ourselves unable to confirm the exact infection chains with IWSH and we frequently feel that we are being led by the nose up cul-de-sacs where del Toro wishes us to be.

Whereas some hacker groups demand publicity of the individuals involved, the IWSH regards itself as a security network – we can only hazard a guess at the total number of operatives in the network, for example. For most cyber networks at least some nicknames are determined from hacking sites and conferences, but not so with the IWSH. The identities of the individual IWSH actors are extremely well protected. There may indeed be some breaches that are linked to IWSH but are never so attributed – football espionage is a growth sector due to the sheer volume of the betting markets on major games. We suspect that IWSH uses Bitcoin and other cryptocurrencies to further layer disguises on their operation as well as seeking out webhosting providers that allow heightened levels of privacy for clients. We suspect that IWSH pay a premium for such anonymity. But, beyond this, just a couple of proxy nodes markedly increase security for hacking groups and the IWSH is probably using many more than two nodes.

In the period since 2010, certain intelligence services have taken a keen interest in the IWSH. Issues relating to espionage must be addressed at higher political levels than the police. Actors like IWSH benefit from the lack of co-operation between different security and enforcement agencies and time delays so created are exploited by nimble operators like IWSH. Normal cybercriminals avoid publicity and suspend operations if detected whereas IWSH don’t even break stride – it is almost as if they gain energy from being detected. Some have even projected that such detections are part of the deeper IWSH strategy.

Protecting yourself against an aggressive attacker like IWSH is a major challenge. They are able to run campaigns over decades and the lack of focus on making any profit from their activities shields them from prying eyes. Furthermore, del Toro is a market analyst and exports market trading tactics to IWSH strategy – so just as historical information is only of value fractally in assessing a current and/or future market price, historical attack strategies are rarely repeated as the IWSH develop unique strategies for each and every new campaign, sometimes even delaying such campaigns until a robust strategy has been energised. Security is evidently more critical thinking than critical timing.

The majority of the campaigns undertaken by the IWSH would be of interest to intelligence services globally. Investigations by police lead nowhere as espionage can only be addressed at state level as communications between different law enforcement bodies are rarely optimal. And the IWSH repeatedly push hard against the surfaces and boundaries that the state has attempted to set.

Where the IWSH differ from many hacking entities is in their utilisation of WiFi Penetration Tools (PTs). Although some of these packages are top down and malicious to ensnare gullible hackers, IWSH appear to be able to counterfeit the code and re-energise as a proprietary tool. The key aspect of PTs is that  by hacking WiFi connections with AirSnort, Aircrack, Kismet, Cain and Abel, CommView and WireShark, the IWSH are able to crack keys and decrypt, undertake network detection (including hidden networks), password and packet sniffing. In particular, Cain and Abel allows IWSH to recover passwords by sniffing the network, cracking encryption passwords using brute-force, cryptoanalysis attacks, dictionary and other more obtuse (and unknown) tactics. Cain and Abel might also recover wireless network keys by analysing routing protocols.

Although outside the remit of this report, we should also bring your attention to a structural weakness exploited repeatedly by IWSH. Most of their targets are geographically on the move throughout their lives and the architectural weaknesses in infrastructure within certain territories allow hackers to enter domains more easily. Everybody needs to address this issue, which we will cover in a future consultancy.

And do not even consider that the maintenance of a network air gap will keep you safe.

Another tactic that has revealed much to IWSH is the employment of shotgun microphones at live sporting events. We have seen evidences that IWSH have recorded communications between referees and their junior officials and, more pertinently, with the Premier League Match Centre (which is not even supposed to exist). More alarmingly, these microphones have been aimed at Directors’ Boxes and VIP enclosures with outcomes that can only be guessed at.

In conclusion, the IWSH claim to utilise Divine Skein in their attacks – these attacks are coordinated from multiple loci and successful defence must be absolute as these hackers only need one attack to succeed to achieve full intrusion. Even when protected by minimising attack surfaces, creating corporate VPN, limiting number of domain names, two-step registration, careful vetting of outsourced services and educating people in security at all levels in the hierarchy, any failure, weakness, loophole will be exploited ruthlessly.

Reach us via Contact Form at Match Fixing Analytics
Cannot promise replies.

Register free for further information about our forthcoming book at

The book will be available in August 2017.

And follow us, if it becomes you, @FootballIsFixed on Twitter

© Football is Fixed 2006-2017