29 October 2019

Russian hackers again targeting anti-doping organisations

Russian hackers targeted ‘at least’ 16 anti-doping organisations (ADOs) from 16 September, the day before the World Anti-Doping Agency (WADA) opened a formal non-compliance procedure against the Russian Anti-Doping Agency (RUSADA), reports Microsoft’s Threat Intelligence Center. ‘Some of these attacks were successful, but the majority were not’, writes Tom Burt, the company’s Vice President, Customer Security & Trust in a blog. ‘Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems’.

Details of the GRU agents indicted by the DoJ for their involvement in ‘Fancy Bears’…

Microsoft said that the attacks originated ‘from a group we call Strontium, also known as Fancy Bear/APT28’. In October last year, the US Department of Justice (DoJ) indicted seven officers of Russia’s Main Intelligence Directorate of the General Staff (GRU) for being behind similar attacks on sporting organisations between 2016 and 2018, using the ‘Fancy Bears’ monicker. For a detailed run through of the DoJ’s findings, click here. That illegal activity affected 250 athletes from 30 countries.

‘The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world’, writes Burt. ‘Strontium’s methods include spear-phishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware’.

Hackers compromised the Court of Arbitration for Sport…

Last night, WADA confirmed it had received ‘further responses’ from Russian authorities to the 31 questions and ‘follow up questions’ relating to inconsistencies discovered in July between the data WADA retrieved from the Moscow Laboratory in January, and the Laboratory Information Management System (LIMS) provided to it by whistleblowers in November 2017. ‘It is anticipated that the CRC will be in a position to consider WADA I&I’s [Intelligence and Investigations] report before the end of November’, read a statement.

Yuriy Ganus, DG of RUSADA, denies that it is involved…

A ‘formal compliance procedure’ was opened against RUSADA on 17 September. Annex B, Article B.3.1 of WADA’s International Standard for Code Compliance by Signatories (ISCCS) sets out that sanctions could include suspension (of RUSADA); removal of event hosting rights; and suspension from the Olympics. Yuriy Ganus, Director General of RUSADA, has strenuously denied that RUSADA was involved in manipulation of the data retrieved by WADA. 

The Investigative Committee of the Russian Federation (SKR) had sole access to the data and samples stored at the Moscow Laboratory for over three years. Ganus told The Sports Integrity Initiative out that any manipulation of the data by the SKR would undermine its evidential base for its criminal cases against Dr. Grigory Rodchenkov, former Director of the Laboratory, and his assistant, Tim Sobolevsky.

WADA has yet to respond to Microsoft’s news, which suggests that the Russian State is still involved with manipulating the doping control process in Russia. If that is the case, WADA is likely to face renewed questions over its controversial decision to reinstate RUSADA, despite Russian authorities not acknowledging the role of the Russian State in manipulating the doping control process in Russia, as WADA required. 

You may also like...

Pin It on Pinterest

Share This