Doubt remains over Rangers’ 2011/12 UEFA
13th November 2016
On Friday 25 November, The Sports Integrity Initiative received an email from Fancy Bears Hack Team claiming to ‘contain examples of sending WADA tests results to unauthorised persons, instability of ADAMS and subjective-based WADA decisions’, as well as evidence of Ultimate Fighting Championship (UFC) competitors taking prohibited substances. The 189 emails came in three archived files, the first of which contained communications between the US Anti-Doping Agency (USADA) and the World Anti-Doping Agency (WADA).
The majority of the emails within the first archived file appear to concern normal communication between USADA, WADA and other anti-doping agencies. They do reveal alarm amongst USADA staff at the number of therapeutic use exemptions (TUEs) that USADA was having to process before the Rio 2016 Olympics.
‘I’m getting ADHD/Prednisone TUEs for athletes that are currently at the trials for T&F and Swimming – I’m assuming I still process these even though they are already in the start of the trials?’, reads one email. ‘Does anyone know what education these athletes received specifically for the trials and why they are so last minute? This actually seems a lot worse than the 2012 games!’
An athlete survey on TUEs that USADA compiled suggests that the agency may have had concerns about US sports pressuring athletes into using prohibited substances and TUEs. From the 101 emails in Archive 1, The Sports Integrity Initiative identified three issues that required further explanation.
In a 14 July 2016 email involving UKAD, USADA and WADA, concerns that nine elite athletes had not been adequately tested in the run-up to the Rio 2016 Olympics are mentioned. The nine athletes were part of 490 athletes who had been identified as being in the US prior to the Rio 2016 Olympics. A request for USADA to carry out testing on them was sent by UK Anti-Doping (UKAD), which was the Secretariat of the International Olympic Committee (IOC)/WADA Pre-Games Taskforce. The mission of this Taskforce was to ‘identify potential testing gaps around the globe across all Olympic sports’.
USADA confirmed that eight of the nine athletes were tested by USADA prior to Rio 2016. This means that there was one elite athlete who was not tested prior to the Games. It is important to point out that the lack of pre-Games testing does not mean that this athlete – or those required to test him – have done anything wrong.
In an August 2 email, sent shortly before the Rio 2016 Olympics began on 5 August, USADA said it had received an anonymous tip-off regarding cocaine use by Rio-bound US wrestlers at the Olympic Training Camp (OTC) for weight loss purposes. The allegation made is that 24 wrestlers were using cocaine with the knowledge of an assistant coach.
Cocaine is prohibited in-competition under WADA’s Prohibited List, so would not necessarily result in an anti-doping rule violation (ADRV). However if the allegations were proven to be correct, the assistant coach concerned could be in violation of the US Olympic Committee’s (USOC) Safe Sport Code of Conduct, which prevents ‘wilfully tolerating misconduct’. USADA confirmed that the wrestlers concerned were followed up with targeted tests, and an investigation is continuing into the assistant coach.
A 3 May email from a doctor admits giving an elite athlete an injection of Depo-Medrol 80 mg and Toradol for pain relief. The doctor concerned said that they were not aware that corticosteroids were on WADA’s Prohibited List.
USADA said that the doctor’s information was followed up with a test, however Toradol is a non-steroidal anti-inflammatory drug that doesn’t feature on the Prohibited List. Depro-Medrol is a glucocorticoid and is only prohibited in competition. USADA said that there was no evidence of the substance in the athlete’s sample, so it was not considered an ADRV.
At its Foundation Board meeting last month, WADA admitted that it had spent US$200,000 on attempting to protect its systems from cyber attack, following the Fancy Bears attacks on its Anti-Doping Administration and Management System (ADAMS). The organisation has also attacked the Canadian Centre for Ethics in Sport (CCES), as well as USADA and UKAD.
At the Foundation Board meeting, WADA claimed that a total of 228 TUEs from 127 athletes were accessed by Fancy Bears. However, most of them had expired and 18 had been “fabricated”, so only 32 were valid during the Rio 2016 Olympic Games. It also admitted that the group was still attempting to access its systems.
WADA has engaged FireEye, which it describes as ‘a premier security and forensic consulting firm’ to determine the scope of the intrusion. As of 5 October, the analysis was 90% complete and had ‘not found any evidence of additional compromise to ADAMS data beyond the export of the Rio 2016 account data through 12 September’. USADA is also working with a cyber security company, as well as the Federal Bureau of Investigation’s (FBI) cyber-security taskforce to help increase security.
Given the focus of the attacks on ‘western’ national anti-doping agencies (NADOs), it is easy to assume that they originate from Russia. WADA initially described the attacks as emanating from Russia, however later dropped this assertion. USADA has no such qualms.
“I think most people who have followed this situation realise that the overarching intent of these cyber-crimes is to distract from the realities of Russia’s state-supported doping system”, said USADA spokesperson Ryan Madden. “But what’s interesting is that all they’ve really accomplished – at least here domestically – is to shine a light on the high standards to which athletes in the United States are held. At the end of the day, these attacks need to stop. And we hope that the international community will come together, support any affected athletes and do whatever it takes to put an end to this criminal behaviour.”
Cyber attacks on athlete information are becoming more common. During last year’s Tour de France, Chris Froome’s team claimed his files had been stolen by hackers intent on exposing him – wrongly, they counter – as a drug cheat. “Ethically and morally, if you are going to accuse someone of doping then don’t cheat [steal],” said Froome’s coach, Sir Dave Brailsford, after the hack was discovered.
Froome was forced to take extraordinary measures in order to defend himself against the allegations. Froome has also been targeted by Fancy Bears. “As my friends in the military tell me, the only way to keep data safe online is not to put it there at all,” said one data expert who works on the Tour de France.
There are thousands of attempts to unlawfully access teams’ data made each Tour, he claims. While defences against such attacks are robust and resilient, all it takes is one breach to cause trouble. And not all hackers are as public about their successes as Froome’s aggressors – because in the majority of cases, it is rival teams doing the hacking.
However, such attacks are not always so sophisticated. Earlier this year, a scouting director from baseball’s St Louis Cardinals was jailed for 46 months for hacking into a database run by his old team, the Houston Astros, where he viewed confidential reports, evaluations and discussions.
There was nothing tricky in what he did. He simply knew a password of a former workmate, and from there, was able to worm his way into the network. WADA has confirmed that this is likely to be how Fancy Bears accessed its ADAMS database.
Given the limited budget that sport is able to allocate to IT, some experts in cybersecurity believe cracking into team databases may be a cakewalk for those with even basic hacking skills. And with sport becoming increasingly invasive with their collection of athletes’ personal details, that could end in further major embarrassments.
Others in the field say the best way to get secrets out of a player is the ‘blonde avatar’ trick. You simply set up a fake social media account using an image of an attractive young woman, befriend some players, build up their trust and then draw team secrets out of them. One young Australian footballer fell victim to such a scam this year, although in this case, he sent something even more revealing: nude photos of himself.
It may only be a matter of time before betting syndicates get involved in such chicanery too. One such group was recently accused of bugging the All-Blacks hotel room, in the hope of getting inside information. Drones also offer further potential for this sort of activity.
How long will it be before such a syndicate takes a leaf out of Andrés Sepúlveda’s book? The South American political hacker has bombarded social media with fake accounts spreading fake sentiment about one politician or another in order to swing election results. The same could easily be (and may already have been) achieved on the betting market, shifting sentiment on a predicted sporting result in order to move the odds in one’s favour. Or to attempt to expose an anti-doping system as biased and failing.
Read other articles from this story stream...
The Court of Arbitration for Sport (CAS) has issued its decision in the arbitration procedure...