Press releases 7th November 2016

CCES Responding to Cyber Attack

If you’ve tried in recent days to send email to someone at the Canadian Centre for Ethics in Sport, you’ll know that our email system is down, along with our Internet access. We shut these systems down after the Canadian Cyber Incident Response Centre detected a cyber attack. The experts tell us that this is likely part of a broader campaign against the global anti-doping movement. There have been similar attacks recently against the World Anti-Doping Agency (WADA) and the U.S. Anti-Doping Agency (USADA).

Obviously, we’re concerned about this security breach. While we know our system was improperly accessed, at this point the experts can’t confirm that any confidential data was stolen from our system. We’ve engaged the expert services of a leading security firm to conduct a complete forensic analysis and to determine the extent of the breach.

We know this has been a source of frustration and inconvenience for many of the athletes who are part of the Canadian Anti-Doping Program, for national and multi-sport organizations, our business partners and our staff. We appreciate your patience and hope to have the situation rectified shortly. Interim measures are in place to maintain our core services.

As Canada’s national anti-doping agency, one of our most important responsibilities is the collection and protection of private information from high performance athletes across dozens of different sports. For the vast majority of these athletes, the personal information we have on file is limited to names, addresses and telephone numbers.

For some, CCES also maintains information about athlete whereabouts. And for a small minority of athletes, medical information is collected as part of an application for a Therapeutic Use Exemption (TUE), where treatment of an athlete’s condition or illness requires medication that is included on WADA’s Prohibited List.

In the case of the cyber attacks against WADA and USADA, the hackers released TUE information about some athletes. Both organizations have vigorously defended those athletes, and that is exactly what the CCES would do under the same circumstances. The global anti-doping movement will not be dissuaded from its efforts to create a level playing field for clean athletes around the world.

We are keeping a very close eye on this situation and working closely with cyber security experts and law enforcement officials. We’ll be back up and running as soon as it is safe and secure to do so. Rest assured, we won’t take that step until we’ve taken whatever corrective measures may be necessary. Should you have questions or concerns about this situation, please contact CCES by calling (613) 521-3340 or 1 800-672-7775.

Questions & Answers

When did you first learn of the cyber attack?

We first became aware in mid-October when the Canadian Cyber Incident Response Centre detected a cyber attack. We immediately engaged the services of a leading forensic consulting firm to determine the extent of the breach and how best to resolve it. The experts tell us that this is likely part of a broader campaign against the global anti-doping movement. There have been similar attacks recently against the World Anti-Doping Agency (WADA) and the U.S. Anti-Doping Agency (USADA).

How did you learn of the problem?

There has been a lot of international interest in recent weeks about a security breach at the World Anti-Doping Agency (WADA) by a group known as “Fancy Bears.” As a result, we became more vigilant about wanting to ensure the safety of our own data. When a breach was confirmed by the Canadian Cyber Incident Response Centre, we immediately cut off access to the Internet and shut down our email system.

When will the problem be fixed?

With the help of cyber security experts, we’re working as quickly as we can to determine the extent of the breach and to figure out how best to protect our systems from another attack. As we’re learning through this experience, these are very complicated investigations, so it’s difficult to pinpoint exactly when we’ll be back up and running. We do know that we won’t take that step until it’s safe and secure to do so.

What kind of data was stolen?

Obviously, we’re concerned about this security breach. While we know our system was improperly accessed, at this point the experts can’t confirm that any confidential data was stolen from our system. We’ve engaged the services of a leading security firm to conduct a complete forensic analysis and to determine the extent of the breach. As Canada’s national anti-doping agency, one of our most important responsibilities is the collection and protection of private information from high performance athletes across dozens of different sports. For the vast majority of these athletes, the personal information we have on file is limited to names, addresses and telephone numbers. For some, CCES also maintains information about athlete whereabouts. And for small minority of athletes, medical information is collected as part of an application for a Therapeutic Use Exemption (TUE), where treatment of an athlete’s illness or condition requires medication that is included on the WADA’s Prohibited List In the case of the cyber attacks against WADA and USADA, the hackers released TUE information about some athletes. Both organizations have vigorously defended those athletes, and that is exactly what the CCES would do under the same circumstances.

How can you be sure that athlete whereabouts information isn’t being stolen by this hacker group?

Athlete whereabouts information is stored in WADA’s Anti-Doping Administration and Management System (ADAMS). Access to that system was disabled for a short period of time after WADA learned about a phishing email campaign targeting high performance athletes who are subject to the World Anti-Doping Code. ADAMS is back up and running and athletes can be reassured that their whereabouts information is secure. In the meantime, WADA is reminding all ADAMS users to never click on links in suspicious-looking emails.

Should Canadian athletes stop providing information to CCES?

No, definitely not. For those athletes who have any questions or concerns, please contact CCES directly: (613) 521-3340 or (toll-free) 1 800-672-7775.

Who is the hacker group?

There is evidence to suggest it’s the same group that recently targeted WADA and the U.S. Anti-Doping Agency (USADA) as part of a broader campaign. But let’s be clear that the global anti-doping movement will not be dissuaded from its efforts to create a level playing field for clean athletes around the world.

• This media release was originally published on the Canadian Centre for Ethics in Sport’s (CCES) internet site. To access the original, please click here

Follow this story

Read other articles from this story stream...

News 14th September 2016 - 7 days ago

Athletes defend reputations following ADAMS data breach

Athletes have been forced to defend their reputation, after a Russian hacking group illegally published their personal information, claimed that it constituted evidence of doping. As reported by The Sports Integrity Initiative yesterday, the data published comprised adverse analytical findings (AAF) and Therapeutic Use Exemptions (TUE) relating to US athletes, which does not constitute evidence …
Features 15th September 2016 - 6 days ago

Analysis: Further ADAMS leaks targets 25 athletes in 8 countries

The Fancy Bears internet site has exposed adverse analytical findings (AAFs) and Therapeutic Use Exemptions (TUEs) relating to 25 athletes from eight countries, after confidential information from the Anti-Doping Administration and Management System (ADAMS) was published this morning. While the World Anti-Doping Agency (WADA) condemned the leaks as a ‘criminal attack’ that ‘recklessly exposed personal …
News 17th September 2016 - 4 days ago

Additional data leak via Russian cyber hacker Fancy Bear

The World Anti-Doping Agency (WADA) confirms that, once again today, the cyber hacker Group 'Fancy Bear' released a batch of confidential athlete data on their website, which they illegally obtained from a Rio 2016 Olympic Games account of WADA’s Anti-Doping Administration and Management System (ADAMS). This time, they targeted eleven athletes that include three from Australia, one from …
News 19th September 2016 - 2 days ago

Data leak concerning 26 athletes from 10 countries and 12 sports

The World Anti-Doping Agency (WADA) confirms that, again today, the cyber hacker Group 'Fancy Bear' released a batch of confidential athlete data on their website, which they illegally obtained from a Rio 2016 Olympic Games account of WADA’s Anti-Doping Administration and Management System (ADAMS). This time, the group released data concerning 26 athletes from 10 countries, including: …
Features 19th September 2016 - 2 days ago

Fancy Bears hack now involves 66 athletes from 16 countries

A fourth release of confidential athlete data from the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) involves 26 athletes from ten countries and 12 sports. The new release is different from earlier releases in that it doesn’t contain any adverse analytical findings (AAFs), just therapeutic use exemptions (TUEs), which are intended to …
Features 17th September 2016 - 4 days ago

Fancy Bears hack now involves 40 athletes from 10 countries

A new leak of confidential medical data taken from the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) has exposed Therapeutic Use Exemptions (TUEs) and Adverse Analytical Findings (AAFs) relating to 11 athletes from five countries. The data leaked by the Fancy Bears internet site now encompasses the round total of 40 athletes …
Press releases 23rd September 2016 - 29 days ago

Data leak concerning 41 athletes from 13 countries and 17 sports

The World Anti-Doping Agency (WADA) confirms that, again today, the cyber hacker Group “Fancy Bear” released a batch of confidential athlete data on their website, which they illegally obtained from a Rio 2016 Olympic Games account of WADA’s Anti-Doping Administration and Management System (ADAMS). This time, the group released data concerning 41 athletes from 13 countries, including: 4 …
Features 23rd September 2016 - 29 days ago

Fancy Bears hack: 107 athletes; 23 countries; 25 sports

A further publication of data illegally obtained from the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) has taken the total number of athletes affected to 107 from 23 countries, competing in 25 sports. The latest publication on the Fancy Bears internet site involves Therapeutic Use Exemptions (TUEs) relating to 41 athletes from …
News 7th November 2016 - 14 days ago

Fancy Bears targeting NADOs

The cyber criminals known as Fancy Bears, who hacked into the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) to expose athletes’ private data such as their use of therapeutic use exemptions (TUEs), are now targeting national anti-doping organisations (NADOS). The Canadian Centre for Ethics in Sport (CCES) confirmed that it was forced …
Features 8th December 2016 - 13 days ago

Fancy Bears email hack: USADA did follow up concerns

On Friday 25 November, The Sports Integrity Initiative received an email from Fancy Bears Hack Team claiming to ‘contain examples of sending WADA tests results to unauthorised persons, instability of ADAMS and subjective-based WADA decisions’, as well as evidence of Ultimate Fighting Championship (UFC) competitors taking prohibited substances. The 189 emails came in three archived …
SII Focus 6th July 2017 - 15 days ago

Athletics stars tagged as ‘likely doping’ in IAAF hack

International Association of Athletics Federations (IAAF) emails illegally accessed by Fancy Bears have indicated that some of track & field’s biggest stars were flagged as ‘likely doping’ under the Athlete Biological Passport (ABP) programme. The cache of documentation also includes details of anti-doping cases and criminal proceedings against other athletes; complaints regarding the anti-doping process …
Press releases 7th November 2016 - 14 days ago

CCES Responding to Cyber Attack

If you’ve tried in recent days to send email to someone at the Canadian Centre for Ethics in Sport, you’ll know that our email system is down, along with our Internet access. We shut these systems down after the Canadian Cyber Incident Response Centre detected a cyber attack. The experts tell us that this is likely …
News 6th July 2017 - 15 days ago

IAAF statement - release of information following cyber attack

The IAAF offers its sincerest apologies to the athletes who believed their personal and medical information was secure with us. We will continue to work with cyber incident response (CIR) firm Context Information Security, who identified the Fancy Bear cyber-attack which we announced in April to create a safe environment. Context believes that the information published yesterday …

You may also like...

Pin It on Pinterest

Share This