Medical data from some of the world’s leading athletes have been posted to the Web and the World Anti-Doping Agency (WADA) says that Russians are to blame.
Even the hackers seem to agree, adopting the name “Fancy Bears” — a moniker long associated with the Kremlin’s electronic espionage operations.
As cybersecurity experts pore over the hackers’ digital trail, they are up against a familiar problem. The evidence has been packed with possible red herrings — including registry data pointing to France, Korean-language characters in the hackers’ code and a server based in California.
Photo: AP
“Anybody can say they are anyone and it’s hard to disprove,” said Jeffrey Carr, chief executive officer of consulting firm Taia Global and something of a professional skeptic when it comes to claims of state-backed hacking.
Many others in the cybersecurity industry see the WADA hack as a straightforward act of Russian revenge, but solid evidence is hard to find.
International Olympic Committee (IOC) president Thomas Bach on Friday said that he will ask Russian authorities for help to stop the hackers.
Bach said the IOC would help WADA, “including communicating with the Russian authorities, to underline the seriousness of the issue and request all possible assistance to stop the hackers.”
“This is an unacceptable and outrageous breach of medical confidentiality that attempts to smear innocent athletes who have not committed any doping offense,” Bach said.
Later on Friday WADA announced that Fancy Bears had posted another selection of hacked data to the Web. This time, they targeted 11 athletes — three from Australia, one from Denmark, two from Germany, one from Spain and four from the UK — from the sports of boxing, cycling, rowing, shooting, swimming and tennis.
E-MAIL SCHEME
What is known is that it was only days after scores of Russian athletes were banned from the Olympic Games that suspicious looking e-mails began circulating. Purporting to come from WADA itself, the booby-trapped messages were aimed at harvesting passwords to a sensitive database of drug information about athletes worldwide. Among other things, the Anti-Doping Administration and Management System carries information about which top athletes use otherwise-banned substances for medical reasons — prize information for a spurned Olympic competitor seeking to embarrass their rivals.
On Sept. 1 someone registered a Web site titled “Fancy Bears’ Hack Team.” A few days later, a Twitter account materialized carrying a similar name. Just after midnight Moscow time on Tuesday, the Fancy Bears Twitter account came alive, broadcasting the drugs being taken by gold medal-winning gymnast Simone Biles, seven-time Grand Slam champion Venus Williams and other US Olympians.
It followed up on Thursday with similar information about the medication used by British cyclists Bradley Wiggins and Chris Froome, among many others.
There is no suggestion any of the athletes broke any rules, but Russians seized on the leak as evidence that US and British players were using forbidden drugs with the blessing of anti-doping officials.
“Hypocrisy” Russia’s embassy to London tweeted in reaction to the news.
Kremlin channel RT broadcast a cartoon showing a WADA official picking up a bulky US player’s steroid bottle with a smile.
“All good! You’re cleared to compete!” he says.
Citing law enforcement sources, WADA said the attacks “are originating out of Russia.”
Russian officials dismissed the allegation.
In an e-mail, WADA said it would not be commenting further.
With little to go on, independent investigators have still made some intriguing connections.
Virginia-based intelligence firm ThreatConnect said that whoever compromised WADA did so using Web sites registered through an obscure domain name company that also set up the fake sites used in a variety of other hacks blamed on the Kremlin, including the one that hit the Democratic National Committee of the US political party.
EARLY CAUTION
In a telephone interview, ThreatConnect chief intelligence officer Rich Barger said he had been cautious at first about tying the WADA breach to Russian hackers, but that “confidence is certainly growing as more and more people weigh in and lend their voice.”
Even the meaning of the name “Fancy Bears” is unclear. California-based threat intelligence firm CrowdStrike has long applied that nickname to an allegedly Russian state-backed group, but the hackers’ adoption is not necessarily a brazen acknowledgement of CrowdStrike’s research. It might be an attempt to hold it up to ridicule. Which interpretation the group favors has not been made clear. Repeated messages to e-mail addresses associated with Fancy Bears have gone unreturned.
Fancy Bears’ Web site does not necessarily provide any more insight. Some of its artistry appears to have been lifted from a Russian clip art page. Tech podcaster Vince Tocce also found Korean script in the site’s code — characters which vanished shortly after he made his discovery public.
SOWING CONFUSION
In a telephone interview, he said that showed how difficult it was to take anything for granted.
Some pieces of Fancy Bears’ infrastructure were almost certainly structured to sow confusion.
The site, for example, appears to be hosted in California, but was registered at an address in the town of Pomponne, east of Paris, under the name “Jean Guillalime.”
A man residing at that address, Jean-Francois Guillaume, told reporters that the registry information was bogus and that he was mystified as to why the hackers had picked on him.
“I have absolutely nothing to do with this,” he said, adding that he ran a consulting shop and a flower business and was not particularly interested in sports.
“I don’t know any Russians,” he said.
A sumo star was born in Japan on Sunday when 24-year-old Takerufuji became the first wrestler in 110 years to win a top-division tournament on his debut, triumphing at the 15-day Spring Grand Sumo Tournament in Osaka despite injuring his ankle on the penultimate day. Takerufuji, whose injury had left him in a wheelchair outside the ring, shoved out the higher-ranked Gonoyama at the Edion Arena Osaka to the delight of the crowd, giving him an unassailable record of 13 wins and two losses to claim the Emperor’s Cup. “I did it just through willpower. I didn’t really know what was going
The US’ Ilia Malinin on Saturday produced six scintillating quadruple jumps, including a quadruple Axel, in the men’s free skate to capture his first figure skating world title. The 19-year-old nicknamed the “Quad god,” who is the only skater to land a quadruple Axel in competition, dazzled with an array of breathtakingly executed jumps starting with his quad Axel and including a quadruple Lutz in combination with a triple flip and a quadruple toe loop in combination with a triple toe. He added an unexpected triple-triple combination at the end to earn a world-record 227.79 in the free program for a championship
Shohei Ohtani’s interpreter is being criminally investigated by the IRS, and the attorney for his alleged bookmaker said Thursday that the ex-Los Angeles Dodgers employee placed bets on international soccer — but not baseball. The IRS confirmed Thursday that interpreter Ippei Mizuhara and Mathew Bowyer, the alleged illegal bookmaker, are under criminal investigation through the agency’s Los Angeles Field Office. IRS Criminal Investigation spokesperson Scott Villiard said he could not provide additional details. Mizuhara, 39, was fired by the Dodgers on Wednesday following reports from the Los Angeles Times and ESPN about his alleged ties to an illegal bookmaker and debts well
MLB on Friday announced a formal investigation into the scandal swirling around Shohei Ohtani and his former interpreter amid charges that the Los Angeles Dodgers superstar was the victim of “massive theft.” The Dodgers on Wednesday fired Ippei Mizuhara, Ohtani’s long-time interpreter and close friend, after Ohtani’s representatives alleged that the Japanese two-way star had been the victim of theft, which was reported to involve millions of dollars and link Mizuhara to a suspected illegal bookmaker in California. “Major League Baseball has been gathering information since we learned about the allegations involving Shohei Ohtani and Ippei Mizuhara from the news media,” MLB