Fancy Bear hacks World Anti-Doping Agency

Infamous APT group, Fancy Bear, has hacked into the World Anti-Doping Agency and published the medical records of top US athletes.

Fancy Bear is one of the most prolific and well-known APT groups around (Credit: Paxson Woelber via wikimedia commons)
Fancy Bear is one of the most prolific and well-known APT groups around (Credit: Paxson Woelber via wikimedia commons)

The World Anti-Doping Agency has been hacked and the medical records of top western athletes published.

Fingers have almost instantly pointed towards Russia whose taste for using cyber-tactics against ‘the west' is almost as famous as the country's relationship with athlete doping.

WADA published a memo yesterday saying it had confirmed “that a Russian cyber-espionage group operator by the name of Tsar Team (APT28), also known as Fancy Bear, illegally gained access to WADA's Anti-Doping Administration and Management System (ADAMS) database via an International Olympic Committee (IOC)-created account for the Rio 2016 Games.”

The hackers released the medical data of some of US' top athletes, showing the records of celebrated gymnast, Simone Biles and Tennis giant, Serena Williams.

The release of the records allegedly showed, Williams among several others, to have taken oxycodone and hydromorphone (opioids), prednisone, prednisolone, and methylprednisolone.

One might assume this is an attempt to show up the US as hypocrites in condemning the Russian sporting community for using contraband performance enhancing drugs.  After a WADA report showed that ‘doping' was found not only throughout Russia's roster of top athletes, but that there had been an industrial system of doping within Russia, it recommended several strict sanctions against the Russian sporting community including being denied access to Rio ‘16.

While the Kremlin has denied its involvement in the hack, a post on Fancy Bear's website didn't protest WADA's accusations: “We announce the start of #OpOlympics. We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.” The post added, “We stand for fair play and clean sport,” with an apparently straight face.

Fancy Bear has collected its share of scalps over the year, hacking into various global media organisations, multinationals and governments. It's most recent claim to fame however, is its purported role in the hack of the Democratic National Committee.

The hackers didn't feel the need to be too original. If spear-phishing works for 91 percent of attacks, it will work for them.

John Madelin, CEO at RelianceACSN told SCMagazineUK.com, “This Fancy Bear hack is a classic example of a well-executed spear-phishing campaign used to dupe users into handing over their login details. It's the latest in a long line of successful breaches carried out this year alone. But despite this, the industry refuses to recognise it is fundamentally broken. It's simple economics, it costs far less for a hacker to breach companies' walls than the worth of the data they're targeting.”

He added, “sensitive information like that held by WADA is part of the organisation's critical data, and therefore needs to be completely secure.”

While suspicions are with Putin's government, other industry leaders have blamed poor security practices. Richard Brown, director EMEA of channels and alliances at Arbor Networks told SC that, “The fact that multiple WADA databases have now been published online including login credentials of users for the Rio 2016, highlights why organisations need to invest more to proactively identify threats that are already inside their networks, identifying unusual activities and trends in traffic.”

Jason Hart, CTO of data protection at Gemalto said that this kind of breach signifies a sea change: “Regardless of your opinion on athletes and doping, the breach of the World Anti-Doping Agency's (WADA) website is clearly an example of the changing face of data breaches and the rise of identity theft. According to Gemalto's Breach Level Index, identity and personal data theft accounted for 64 percent of all data breaches in the first half of 2016. The main motivation for cyber-criminals continues to move beyond financial theft to long-term identity theft. Data breaches are now more personal, as this WADA breach demonstrates, with the universe of risk exposure for people widening.”