• United States



Russian hackers accused of leaking U.S. Olympic athletes’ medical files

Sep 14, 20163 mins
Data and Information SecuritySecurity

Russians blamed for hacking WADA, dumping private medical files and accusing U.S. Olympic team of doping

The World Anti-Doping Agency (WADA) was hacked and confidential medical files of U.S. Olympic athletes Simone Biles, Serena and Venus Williams, and Elena Delle Donne were leaked online. The hackers said the dump is “just the tip of the iceberg.”

A group claiming to be the Fancy Bears’ Hack Team took credit for the attack and accused American Olympic athletes of doping, of using “dirty methods to win.” Furthermore, the hackers claimed that although the U.S. Olympic team “played well but not fair,” it had “disgraced its name by tainted victories.”

The hackers leaked Therapeutic Use Exemptions, or TUEs, which allow athletes to take banned substances on list of prohibited drugs so long as it is for verified medical conditions. The hackers claimed American Olympic athletes “just got their licenses for doping.”

If anything, it seems like the leak proves American Olympic medalists are following the rules, being tested and submitting the proper paperwork for medical conditions that require the use of such drugs. At least that is how this American perceives it.

Teenage Olympic medal gymnast Simone Biles took to Twitter to say:

USA Gymnastics also released a statement on the WADA hack.

Basketball star Elena Delle Donne thanked the hackers via Twitter.

WADA blamed hack on Russians

WADA blamed the hack on a Russian cyber espionage group, claiming law enforcement said the attacks came out of Russia, but it is unclear if law enforcement actually pinned the blame on APT 28. While it is true that a group going by Fancy Bears’ Hack Team took credit for the hack, the group also claims to be flying under the banner of Anonymous.

In a released statement, WADA confirmed “that a Russian cyber espionage group operator by the name of Tsar Team (APT 28), also known as Fancy Bear, illegally gained access to WADA’s Anti-Doping Administration and Management System (ADAMS) database via an International Olympic Committee (IOC)-created account for the Rio 2016 Games.”

WADA thinks the ADAMS password was obtained via a spearphishing attack and that attackers only stole data related to the RIO 2016 Games.

Olivier Niggli, Director General of WADA, added, “WADA has been informed by law enforcement authorities that these attacks are originating out of Russia. Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report.”

The report claimed Russian secret service helped swap Russian athletes’ positive doping samples for clean samples during the Sochi Olympics. As you may recall, some Russians athletes were banned from competing in Rio after those accusations of government-sponsored doping; others who competed were loudly booed.

This attack follows the one WADA revealed last month; someone illegally accessed the ADAMS account of Russian whistleblower Yuliya Stepanova, who helped expose the “widespread doping in Russian athletics.” She is hiding in North America with her husband after fleeing Russia out of fear for her life. When WADA did announce the illegal activity on Stepanova’s account, the agency said it was aware of an “alleged hack of its website and to phishing scams.”

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.