News 7th November 2016

Fancy Bears targeting NADOs

The cyber criminals known as Fancy Bears, who hacked into the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) to expose athletes’ private data such as their use of therapeutic use exemptions (TUEs), are now targeting national anti-doping organisations (NADOS). The Canadian Centre for Ethics in Sport (CCES) confirmed that it was forced to shut down its email systems and internet access after the Canadian Cyber Incident Response Centre detected a cyber attack on its systems.

The CCES said that it first became aware of the attack in mid-October. ‘When a breach was confirmed by the Canadian Cyber Incident Response Centre, we immediately cut off access to the Internet and shut down our email system’, read a CCES statement. ‘While we know our system was improperly accessed, at this point the experts can’t confirm that any confidential data was stolen from our system. We’ve engaged the services of a leading security firm to conduct a complete forensic analysis and to determine the extent of the breach.’

CCES emphasised that for the ‘vast majority’ of athletes, the data it holds comprises names and addresses. However, for some, it holds whereabouts information and medical information relating to TUEs. CCES urged athletes to continue providing information to it, and also emphasised that ADAMS is now secure.

The attack on the CCES followed the publication of confidential US Anti-Doping Agency (USADA) emails related to TUEs by Fancy Bears on 7 October. “This is just another desperate attempt to distract from the real issue of state sponsored doping”, USADA CEO Travis Tygart told the BBC.

On 5 October, WADA confirmed that a Rio 2016 ADAMS account created to hold information related to the Rio 2016 Olympic Games was accessed through ‘spear fishing’, a process whereby a user is tricked into divulging their password through a fake email. The intruder accessed the Rio 2016 ADAMS account ‘multiple times between August 2016 and 12 September 2016’. Forensic consulting firm FireEye has yet to find any evidence of additional compromise of ADAMS beyond access to the Rio 2016 ADAMS account.

Interestingly, WADA also claimed that not all of the data released by Fancy Bears is accurate. ‘In the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data’, read its 5 October statement. ‘However, we are continuing to examine the extent of this as a priority and we would encourage any affected parties to contact WADA should they become aware of any inaccuracies in the data that has been released’.

If the data has been manipulated, this could provide evidence that the attacks are a politically motivated response to Russia’s exclusion from the Rio 2016 Olympics, as early WADA releases in response to Fancy Bears attacks appeared to suggest. The only potential link between the group and Russia is Fancy Bears’ Twitter name, @FancyBearsHT. HT relates to the full name of the group, which is Fancy Bears Hack Team, however it could be an acronym for ‘Hat Tip’ – in other words a nod to a Russian hacking group Fancy Bear, which has been targeting organisations since 2008.

None of this, in itself, provides conclusive proof that the Russian state is behind the attacks. To name the hacking group after an existing group that has been shown to be Russian would be a clumsy move by Russia, unless it represents an elaborate double bluff.

As previously reported by The Sports Integrity Initiative, the ADAMS system is due to be replaced at the end of this year. For WADA, the danger is that athletes lose trust in the ADAMS system and stop providing information, compromising the whole anti-doping system. On a local scale, the attacks could result in athletes losing faith in the ability of their NADO to effectively safeguard their data, especially that which relates to TUEs. It could be that this is what Fancy Bears are aiming for.

Follow this story

Read other articles from this story stream...

News 14th September 2016 - 7 days ago

Athletes defend reputations following ADAMS data breach

Athletes have been forced to defend their reputation, after a Russian hacking group illegally published their personal information, claimed that it constituted evidence of doping. As reported by The Sports Integrity Initiative yesterday, the data published comprised adverse analytical findings (AAF) and Therapeutic Use Exemptions (TUE) relating to US athletes, which does not constitute evidence …
Features 15th September 2016 - 6 days ago

Analysis: Further ADAMS leaks targets 25 athletes in 8 countries

The Fancy Bears internet site has exposed adverse analytical findings (AAFs) and Therapeutic Use Exemptions (TUEs) relating to 25 athletes from eight countries, after confidential information from the Anti-Doping Administration and Management System (ADAMS) was published this morning. While the World Anti-Doping Agency (WADA) condemned the leaks as a ‘criminal attack’ that ‘recklessly exposed personal …
News 17th September 2016 - 4 days ago

Additional data leak via Russian cyber hacker Fancy Bear

The World Anti-Doping Agency (WADA) confirms that, once again today, the cyber hacker Group 'Fancy Bear' released a batch of confidential athlete data on their website, which they illegally obtained from a Rio 2016 Olympic Games account of WADA’s Anti-Doping Administration and Management System (ADAMS). This time, they targeted eleven athletes that include three from Australia, one from …
News 19th September 2016 - 2 days ago

Data leak concerning 26 athletes from 10 countries and 12 sports

The World Anti-Doping Agency (WADA) confirms that, again today, the cyber hacker Group 'Fancy Bear' released a batch of confidential athlete data on their website, which they illegally obtained from a Rio 2016 Olympic Games account of WADA’s Anti-Doping Administration and Management System (ADAMS). This time, the group released data concerning 26 athletes from 10 countries, including: …
Features 19th September 2016 - 2 days ago

Fancy Bears hack now involves 66 athletes from 16 countries

A fourth release of confidential athlete data from the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) involves 26 athletes from ten countries and 12 sports. The new release is different from earlier releases in that it doesn’t contain any adverse analytical findings (AAFs), just therapeutic use exemptions (TUEs), which are intended to …
Features 17th September 2016 - 4 days ago

Fancy Bears hack now involves 40 athletes from 10 countries

A new leak of confidential medical data taken from the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) has exposed Therapeutic Use Exemptions (TUEs) and Adverse Analytical Findings (AAFs) relating to 11 athletes from five countries. The data leaked by the Fancy Bears internet site now encompasses the round total of 40 athletes …
Press releases 23rd September 2016 - 28 days ago

Data leak concerning 41 athletes from 13 countries and 17 sports

The World Anti-Doping Agency (WADA) confirms that, again today, the cyber hacker Group “Fancy Bear” released a batch of confidential athlete data on their website, which they illegally obtained from a Rio 2016 Olympic Games account of WADA’s Anti-Doping Administration and Management System (ADAMS). This time, the group released data concerning 41 athletes from 13 countries, including: 4 …
Features 23rd September 2016 - 28 days ago

Fancy Bears hack: 107 athletes; 23 countries; 25 sports

A further publication of data illegally obtained from the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) has taken the total number of athletes affected to 107 from 23 countries, competing in 25 sports. The latest publication on the Fancy Bears internet site involves Therapeutic Use Exemptions (TUEs) relating to 41 athletes from …
News 7th November 2016 - 14 days ago

Fancy Bears targeting NADOs

The cyber criminals known as Fancy Bears, who hacked into the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) to expose athletes’ private data such as their use of therapeutic use exemptions (TUEs), are now targeting national anti-doping organisations (NADOS). The Canadian Centre for Ethics in Sport (CCES) confirmed that it was forced …
Features 8th December 2016 - 13 days ago

Fancy Bears email hack: USADA did follow up concerns

On Friday 25 November, The Sports Integrity Initiative received an email from Fancy Bears Hack Team claiming to ‘contain examples of sending WADA tests results to unauthorised persons, instability of ADAMS and subjective-based WADA decisions’, as well as evidence of Ultimate Fighting Championship (UFC) competitors taking prohibited substances. The 189 emails came in three archived …
SII Focus 6th July 2017 - 15 days ago

Athletics stars tagged as ‘likely doping’ in IAAF hack

International Association of Athletics Federations (IAAF) emails illegally accessed by Fancy Bears have indicated that some of track & field’s biggest stars were flagged as ‘likely doping’ under the Athlete Biological Passport (ABP) programme. The cache of documentation also includes details of anti-doping cases and criminal proceedings against other athletes; complaints regarding the anti-doping process …
Press releases 7th November 2016 - 14 days ago

CCES Responding to Cyber Attack

If you’ve tried in recent days to send email to someone at the Canadian Centre for Ethics in Sport, you’ll know that our email system is down, along with our Internet access. We shut these systems down after the Canadian Cyber Incident Response Centre detected a cyber attack. The experts tell us that this is likely …
News 6th July 2017 - 15 days ago

IAAF statement - release of information following cyber attack

The IAAF offers its sincerest apologies to the athletes who believed their personal and medical information was secure with us. We will continue to work with cyber incident response (CIR) firm Context Information Security, who identified the Fancy Bear cyber-attack which we announced in April to create a safe environment. Context believes that the information published yesterday …

You may also like...

Pin It on Pinterest

Share This