Hacked documents recently stolen from a World Anti-Doping Agency (WADA) database may have been manipulated before being leaked online, the organization said Wednesday.
The confidential medical records of Olympic athletes from around the globe have wound up online in recent weeks after hackers gained access to WADA’s Administration and Management System (ADAMS) by phishing database credentials from one of its legitimate users. WADA said law enforcement blames the breach on a Russian espionage group that security researchers call “Fancy Bear,” and several batches of stolen documents have been released under that name since Sept. 12 – the last day hackers had access to the database, according to the anti-doping agency.
An investigation into the intrusion is almost complete, but has raised questions already about the leaked documents’ integrity, WADA indicated in an update Wednesday.
“WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data,” it said in a statement.
The agency said it’s examining the extent of the potential data manipulation as a priority, and is encouraging athletes to come forward if their information appears online and they “become aware of any inaccuracies in the data that has been released.”
Testifying before Congress last year, Director of National Intelligence James Clapper said he fears cyber-capable adversaries will soon launch successful campaigns that “change or manipulate electronic information in order to compromise its integrity…instead of deleting it or disrupting access to it.”
“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Mr. Clapper told a House panel.
Investigators believe the WADA hackers used a tactic known as spear-phishing to send emails to several authorized ADAMS users in an effort to trick them into coughing up credentials. They accomplished their goal against at least one of the targets, then used that information to access the database multiple times between Aug. 25 and Sept. 12, WADA said this week.
Prior to the intrusion being detected, WADA Director General Olivier Niggli said the agency was being targeted by Russian hackers on a daily basis.
Fancy Bear has since released documents on a half-dozen occasions containing information about various athletes’ Therapeutic Use Exemptions (TUE), a process Olympic competitors must undergo in order to be authorized to use prescription drugs that would otherwise be prohibited. All the TUE records leaked so far correspond with files stolen during the 2.5 weeks the hackers accessed the database, but don’t necessarily reflect the actual data, according to the statement.
“The criminal activity undertaken by the cyber espionage group, which seeks to undermine the TUE program and the work of WADA and its partners in the protection of clean sport, is a cheap shot at innocent athletes whose personal data has been exposed,” WADA said.
The release of medical documents that aim to implicate athletes in unsanctioned drug use occurred after an investigation commissioned by WADA accused Russia of operating a state-sponsored doping scandal. The International Olympic Committee subsequently banned more than 100 Russian athletes from competing in this year’s summer games in Rio de Janeiro.
When the first WADA files were leaked less than a month after closing ceremonies, hackers said the documents exposed American hypocrisy.
“After detailed studying of the hacked WADA databases we figured out that dozens of American athletes had tested positive. The Rio Olympic medalists regularly used illicit strong drugs justified by certificates of approval for therapeutic use. In other words they just got their licenses for doping,” reads a Sept. 12 post on the Fancy Bears website.
After U.S. medal winners Simone Biles, Serena Williams and Venus Williams were implicated in the first Fancy Bears leak last month, U.S. Anti-Doping Agency CEO Travis Tygart said the documents didn’t reveal any wrongdoing on the part of the athletes, but rather the Americans had done “everything right in adhering to the global rules for obtaining permission to use a needed medication.”
That initial leak showed Ms. Biles, a 19-year-old gymnast, tested positive for methylphenidate, commonly known as Ritalin. She explained afterwards that she takes the widely prescribed drug to treat ADHD, and was cleared of any wrongdoing by the anti-doping agency.
The former head of the Russian National Anti-Doping Agency, meanwhile, called Ritalin akin to “morphine and heroin.”
“Oxycodone, hydromorphone, Ritalin — these are psychotropic drugs, painkillers, that are usually prescribed in dire circumstances, in a moments of life or death,” Nikolai Durmanov told state-controlled media last month. “They are kin to morphine and heroin. They are forbidden in [Russia], and one can get thrown in jail for some 14 years for possessing them illegally in Europe.”
Russian President Vladimir Putin has said he doesn’t approve of the WADA hackers, but “what they’ve done is definitely of interest to the international community, especially the sports community.”
Hackers were attempting once again to compromise WADA as recently as last week, the agency said in Wednesday’s update, this time capitalizing on the last security breach to wage yet another spear-phishing attack. Database users said they “received suspicious emails, purportedly from WADA’s Deputy Director General, Rob Koehler, advising them that WADA’s President wanted to speak with them regarding the cyber-attacks,” according to Wednesday’s statement.
“To be clear, no such email was ever sent by the Deputy Director General. Please remain vigilant to such scams,” WADA said.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.