Confidential information about international athletes surfaced on the Internet Wednesday — the second such exposure this week.
Russian hackers allegedly stole the information from the World Anti-Doping Agency. It includes confidential data on medical drug exemptions given to 25 athletes from eight countries.
Information about four athletes appeared online earlier in the week.
A group of Russian hackers called “Tsar Team” (APT28), also known as “Fancy Bear,” used phishing techniques to compromise the credentials of Yuliya Stepanova, the athlete who blew the whistle on a state-sponsored doping scheme in Russia, WADA said.
The hackers used those credentials to compromise WADA’s Anti-Doping Administration and Management System.
“To those athletes that have been impacted, we regret that criminals have attempted to smear your reputations in this way; and, assure you that we are receiving intelligence and advice from the highest level law enforcement and IT security agencies that we are putting into action,” WADA Director General Olivier Niggli said.
“Given this intelligence and advice, WADA has no doubt that these ongoing attacks are being carried out in retaliation against the agency, and the global anti-doping system, because of our independent Pound and McLaren investigations that exposed state-sponsored doping in Russia,” he added.
Smoke Screen
Attacks like the one on WADA might be diversions to deflect attention from Russia’s real target: the U.S. presidential election.
“The Russian attempt to help elect Donald Trump by means of cyberattacks is such an egregious violation of the American political system that they are attempting to distract the media and public from it by making news with many other cyberattacks,” suggested Scott Borg, CEO of the U.S. Cyber Consequences Unit.
“Their thinking seems to be that if the media have enough other cyberattacks to write and talk about, they will pay less attention to the ones that have tried to swing the American election,” he told TechNewsWorld. “It’s like throwing a beehive at someone, so he doesn’t notice that a bull is about to gore him.”
Did the Russians Do It?
Security experts are divided about who carried out the attacks, however.
“It’s very difficult to accurately attribute who attackers are and where they’re coming from,” said Javvad Malik, security advocate at AlienVault.
“There’s just not enough information out there to say with hand on heart whether the Russians are behind the attacks,” he told TechNewsWorld.
There’s no evidence that the attackers were Russian, maintained Jeffrey Carr, CEO of Taia Global and author of two books on cyberwarfare and data security.
“There’s not even any evidence to say that these guys are associated with Fancy Bear at all except that they chose to use that name,” he told TechNewsWorld.
In the original HTML for Fancy Bear’s website there were Korean characters that subsequently were removed, Carr noted. [*Correction – Sept. 20, 2016]
Patriotic Hacking
The circumstantial evidence pointing to Russian involvement in the WADA breach is persuasive to others, though.
“In this particular case, I would tend to believe that a Russian group did this,” said Israel Barak, CISO of Cybereason.
“I think it was done by a group of hactivists from Russia who perceive their actions as a patriotic act,” he told TechNewsWorld.
The attack is consistent with Russian cybertactics against perceived enemies, noted Mark Graff, CEO of Tellagraff.
“The last couple of years, the Russians have been stepping up their psyops … . Their modus operandi is to cast aspersions on the integrity of institutions they’re trying to undermine,” he told TechNewsWorld.
“Given the terrible controversies over doping inside the Russian sports world and the exclusion of Russia from the Olympics in Rio because of that, it’s easy to believe that the same Russian operatives that have been used in the past to undermine democratic institutions were also given the task of trying to find some dirt by breaking into WADA,” Graff explained.
Courting Danger
Without a doubt, sentiments against Russia are building, but cooler heads are prevailing at the moment, noted Taia’s Carr.
“The current climate of Russophobia and rushing to judgment without sufficient proof is potentially very dangerous,” he said. “Fortunately, the White House and the Intelligence Community are taking their time to establish proof and using caution in making any decisions — as they should.”
Nevertheless, it may be only a matter of time before virtual events have real-world consequences.
“I don’t think we would see a trigger event until there is some kind of cyberattack that causes loss of life,” said Jeff Schilling, chief of operations at Armor.
“We have endured many cyberattacks over the last few years that have had significant business impact to U.S. based companies, and we have seen intellectual property fly out the door,” he told TechNewsWorld.
“So far, there has not been any response by the U.S.,” Schilling said, “or the U.S. response has remained deep in the shadows of our intelligence and clandestine community.”
*ECT News Network editor’s note – Sept. 20, 2016: Our original published version of this column included the statement, “There is some evidence that North Korea may have been behind the hack, Carr said.” Carr pointed to the presence of Korean characters in the HTML code but did not specify that the attackers might be North Korean.