Demonising Justin Gatlin
13th September 2015
The cyber criminals known as Fancy Bears, who hacked into the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS) to expose athletes’ private data such as their use of therapeutic use exemptions (TUEs), are now targeting national anti-doping organisations (NADOS). The Canadian Centre for Ethics in Sport (CCES) confirmed that it was forced to shut down its email systems and internet access after the Canadian Cyber Incident Response Centre detected a cyber attack on its systems.
The CCES said that it first became aware of the attack in mid-October. ‘When a breach was confirmed by the Canadian Cyber Incident Response Centre, we immediately cut off access to the Internet and shut down our email system’, read a CCES statement. ‘While we know our system was improperly accessed, at this point the experts can’t confirm that any confidential data was stolen from our system. We’ve engaged the services of a leading security firm to conduct a complete forensic analysis and to determine the extent of the breach.’
CCES emphasised that for the ‘vast majority’ of athletes, the data it holds comprises names and addresses. However, for some, it holds whereabouts information and medical information relating to TUEs. CCES urged athletes to continue providing information to it, and also emphasised that ADAMS is now secure.
The attack on the CCES followed the publication of confidential US Anti-Doping Agency (USADA) emails related to TUEs by Fancy Bears on 7 October. “This is just another desperate attempt to distract from the real issue of state sponsored doping”, USADA CEO Travis Tygart told the BBC.
On 5 October, WADA confirmed that a Rio 2016 ADAMS account created to hold information related to the Rio 2016 Olympic Games was accessed through ‘spear fishing’, a process whereby a user is tricked into divulging their password through a fake email. The intruder accessed the Rio 2016 ADAMS account ‘multiple times between August 2016 and 12 September 2016’. Forensic consulting firm FireEye has yet to find any evidence of additional compromise of ADAMS beyond access to the Rio 2016 ADAMS account.
Interestingly, WADA also claimed that not all of the data released by Fancy Bears is accurate. ‘In the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data’, read its 5 October statement. ‘However, we are continuing to examine the extent of this as a priority and we would encourage any affected parties to contact WADA should they become aware of any inaccuracies in the data that has been released’.
If the data has been manipulated, this could provide evidence that the attacks are a politically motivated response to Russia’s exclusion from the Rio 2016 Olympics, as early WADA releases in response to Fancy Bears attacks appeared to suggest. The only potential link between the group and Russia is Fancy Bears’ Twitter name, @FancyBearsHT. HT relates to the full name of the group, which is Fancy Bears Hack Team, however it could be an acronym for ‘Hat Tip’ – in other words a nod to a Russian hacking group Fancy Bear, which has been targeting organisations since 2008.
None of this, in itself, provides conclusive proof that the Russian state is behind the attacks. To name the hacking group after an existing group that has been shown to be Russian would be a clumsy move by Russia, unless it represents an elaborate double bluff.
As previously reported by The Sports Integrity Initiative, the ADAMS system is due to be replaced at the end of this year. For WADA, the danger is that athletes lose trust in the ADAMS system and stop providing information, compromising the whole anti-doping system. On a local scale, the attacks could result in athletes losing faith in the ability of their NADO to effectively safeguard their data, especially that which relates to TUEs. It could be that this is what Fancy Bears are aiming for.
Read other articles from this story stream...
• The decisions focused on enhanced Code compliance monitoring and increased budget; and also, on...
The Foundation Board of the World Anti-Doping Agency (WADA) has decided that the Russian Anti-Doping...