Southampton Football Club has been booted out of the Championship playoffs after damning evidence forced them into admitting spying on their semi-final league opponents, Middlesbrough, in a drama dubbed “Spygate” by the British press.

While security experts have dismissed the espionage tactics involved as “amateurish,” they add that it serves as a reminder that high-performing sports clubs need to guard their valuable strategies and tactics.

Big tech firms have been known to resort to desperate measures when the stakes are high – so it stands to reason that other sectors, including football, are no exception. One ethical hacker who spoke with Cybernews off-the-record confirmed that this type of espionage is "so widespread across sports."

England’s Championship playoff final is often called “the richest game in football" because promotion to the Premier League – even for a single season – is worth an estimated £200million in terms of broadcast revenue, sponsorship, and other payment deals.

For Southampton, the pressure was arguably greater because the team had already been relegated from the Premier League recently and another season in the Championship would potentially risk wage pressure and player sales.

Pine tree snoop linked to Southampton FC

This pressure may have led to Southampton’s ill-fated decision to send one of its performance analyst interns to Middlesbrough to film their rival team’s players in training, less than 72 hours before a scheduled match between the two sides. This practice within this timeframe is against the rules in English football.

Last Wednesday, photos of Will Salt were published in multiple press outlets, showing the intern half-hidden behind a pine tree, holding a mobile phone and wearing wireless headphones, as he appeared to be live-streaming a training session.

Middlesbrough staff are said to have approached Salt shortly afterwards and what played out next sounds more like a spy spoof than high-stakes espionage.

According to reports, Salt quickly deleted content from his phone before running off to a nearby golf club to change out of his "disguise" in the toilets.

The Southampton snoop was also captured by Middlesbrough’s photographer – who matched Salt to a profile on Southampton’s website.

Other factors that blew Salt’s cover wide open included CCTV footage and company credit card transactions that placed the Southampton staffer firmly at the Middlesbrough-owned golf club.

Surveillance experts dismiss clumsy approach

Rob Shapland, a physical hacker at Cyonic who regularly performs covert surveillance on locations as part of his job, argued that the approach was weak because the spy was visible.

“Filming openly with a phone attracts attention, and he could easily be identified and tracked back to the club.

“By far the best method is to look as natural as possible so that you blend in and act in a way that is normal for where you are,” he says.

“Hiding behind a tree and being furtive immediately marks you as someone that is up to no good, he would've been much better simply sitting down and pretending he was on a video call or scrolling on his phone while recording, or walking past while filming with a body-worn camera.”

Rob Shapland, physical pentester, Cyonic.

“Given the consequences, it's amazing it was done in such an amateurish and obvious way,” Shapland added.

Dray Agha, a senior manager of security operations at cybersecurity firm Huntress, added that the decision to send a staff member to physically spy on a training session was “a risky, amateur move.“

He added: “Real surveillance professionals wouldn't go anywhere near the pitch; they operate completely remotely.

“A pro would use quiet, hard-to-spot drones, listen in on unsecured training ground Wi-Fi, or simply piece together clues from the social media posts of players, staff, and local fans to figure out a team's game plan without ever being seen.”

Dray Agha, senior manager of security operations, Huntress.

Former police detective Calum Baird, a digital forensics and cybercrime specialist, agrees that Open Source Intelligence (OSINT) searches for publicly available info online may be more beneficial to spies than physically prowling around training grounds.

“The challenge of posting to public online forums is that there is no expectation of privacy, and so it opens clubs and players up to OSINT searches,” he adds.

Southampton: punishment “harsh”

Following this spying evidence, Middlesbrough lodged a complaint with the EFL and Southampton were charged, with the case referred to an Independent Disciplinary Commission.

On Tuesday, the commission found the club guilty of multiple breaches relating to spying on opposition training sessions.

Reports say the club admitted to unauthorized observation involving Middlesbrough as well as other clubs including Oxford United and Ipswich Town.

Defending the club's spying activity, Southampton manager Tonda Eckert – who has spent most of his coaching career in Germany – claimed that he was not aware that such behavior was against the rules in England, as it was widespread in European football.

Given the not-so-subtle methods employed by Southampton's self-styled spy, this may be considered a plausible defense.

The punishment meted out by the Commission has been deemed “harsh” in football circles.

Southampton were expelled from the high-stakes play-off final, set to take place this Saturday against Hull City. They have been replaced by Middlesbrough, a club they had previously beaten. On Wednesday the team lost an appeal against this decision.

Shapland says its tough for clubs to defend against professional reconnaissance, “other than setting up the training ground in such a way that is not observable from outside, by using walls or having a security perimeter.”

However, he adds that the sanctions against Southampton may provide enough of a deterrent for clubs to not engage in this type of activity.

Agha, meanwhile, adds that multimillion-pound football clubs – even those not quite in the Premier League – need to realize their tactics are just as valuable as a tech company's secret blueprints.

“Defending against modern spying means securing the digital borders, not just the physical gates. This involves regularly scanning the area for drones, making sure coaches only use secure messaging apps, and locking down the training ground's internet."

Dray Agha, senior manager of security operations, Huntress.

“You can build massive fences around a pitch, but if your digital security is weak, the opposition is already inside," he added.

---

Unlock more exclusive Cybernews content on YouTube.