Hackers breached the World Anti-Doping Agency (WADA) and have stolen Olympic athletes’ medical records, the hack was confirmed by the agency. According to the WADA, the hackers accessed the Anti-Doping Administration and Management System (ADAMS) database, security experts speculate the involvement of the “Russian cyber espionage group operator by the name of Tsar Team (APT28), also known as Fancy Bear.”
The hackers obtained access to the system by stealing credentials through a spear-phishing attack against an “International Olympic Committee (IOC)-created account for the Rio 2016 Games.”
Hackers exploited the attention on the Olympic Games in order to trick the victims with a classic social engineering attack.
“The World Anti-Doping Agency (WADA) confirms that a Russian cyber espionage group operator by the name of Tsar Team (APT28), also known as Fancy Bear, illegally gained access to WADA’s Anti-Doping Administration and Management System (ADAMS) database via an International Olympic Committee (IOC)-created account for the Rio 2016 Games. The group accessed athlete data, including confidential medical data — such as Therapeutic Use Exemptions delivered by International Sports Federations (IFs) and National Anti-Doping Organizations (NADOs) — related to the Rio Games; and, subsequently released some of the data in the public domain, accompanied by the threat that they will release more.” reads the statement issued by the WADA that regrets the cyber attack.
WADA Confirms Attack by Russian Cyber Espionage Group: https://t.co/PTBIxeOM9w
— WADA (@wada_ama) 13 settembre 2016
The hackers have released files claiming that top US athletes were authorized by the WADA to take performance-enhancing substances, the WADA agency, the athletes and the federations have denied the circumstance.
Fancy Bear published the announcement of the data breach and the related file on a website using their name. (Be careful before visiting the site, Fancy Bear is one of the most dangerous APT that in several attacks leveraged on zero-day exploits). Below the message published by the group on the site that also included the medical records of the athlete.
“Greetings citizens of the world. Allow us to introduce ourselves… We are Fancy Bears’ international hack team. We stand for fair play and clean sport.
We announce the start of #OpOlympics. We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.”
“We will start with the U.S. team which has disgraced its name by tainted victories. We will also disclose exclusive information about other national Olympic teams later. Wait for sensational proof of famous athletes taking doping substances any time soon.”
Serena Williams, for example, was allowed to take oxycodone, hydromorphone, prednisone, and methylprednisolone in 2010, 2014 and 2015, despite the substances are banned by the WADA.
According to RT.com, Williams was allowed also to take some of the other drugs by Dr. Stuart Miller from the International Tennis Federation (ITF).
The WADA director general Olivier Niggli confirmed the involvement of Russian hackers in the statement issued by the agency.
“WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system,” said Niggli. “WADA has been informed by law enforcement authorities that these attacks are originating out of Russia,” he continued. “Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report,” Niggli continued.
According to the experts, the hackers hit the WADA agency in response to accusations of government-sponsored doping for Russian athletics, some of them were even banned from the Olympic Games this summer.
Stay Tuned …
(Security Affairs – WADA, Fancy Bear)