False Clues Make It Tough to Find WADA Hackers

Advertisement
By Associated Press | Updated: 16 September 2016 14:22 IST
False Clues Make It Tough to Find WADA Hackers

Medical data from some of the world's leading athletes has been posted to the web and the World Anti-Doping Agency says Russians are to blame. Even the hackers seem to agree, adopting the name "Fancy Bears" - a moniker long associated with the Kremlin's electronic espionage operations.

But as cybersecurity experts pore over the hackers' digital trail, they're up against a familiar problem. The evidence has been packed with possible red herrings - including registry data pointing to France, Korean characters in the hackers' code and a server based in California.

(Also see: World Anti-Doping Agency Condemns Russian Hack Attack)

"Anybody can say they are anyone and it's hard to disprove," said Jeffrey Carr, the chief executive of consulting firm Taia Global and something of a professional skeptic when it comes to claims of state-backed hacking.

Advertisement

Many others in the cybersecurity industry see the WADA hack as a straightforward act of Russian revenge, but solid evidence is hard to find.

What's known is that it was only days after scores of Russian athletes were banned from the Olympic Games that suspicious looking emails began circulating . Purporting to come from WADA itself, the booby trapped messages were aimed at harvesting passwords to a sensitive database of drug information about athletes worldwide. Among other things, the Anti-Doping Administration and Management System carries information about which top athletes use otherwise-banned substances for medical reasons - prize information for a spurned Olympic competitor seeking to embarrass its rivals.

Advertisement

On September 1 someone registered a website titled "Fancy Bears' Hack Team." A few days later, a Twitter account materialized carrying a similar name. Just after midnight Moscow time on September 13, the Fancy Bears Twitter account came alive, broadcasting the drugs being taken by gold medal-winning gymnast Simone Biles, seven-time Grand Slam champion Venus Williams and other US Olympians. It followed up Thursday with similar information about the medication used by British cyclists Bradley Wiggins and Chris Froome, among many others.

(Also see: WADA Confirms Another Hacking of Its Athletes Database)

There is no suggestion any of the athletes broke any rules, but Russians seized on the leak as evidence that US and British players were using forbidden drugs with the blessing of anti-doping officials.

Advertisement

"Hypocrisy" Russia's embassy to London tweeted in reaction to the news. Kremlin channel RT broadcast a cartoon showing a WADA official picking up a bulky American player's steroid bottle with a smile. "All good! You're cleared to compete!" he says.

Citing law enforcement sources, WADA said the attacks "are originating out of Russia." Russian officials dismissed the allegation; in an email, WADA said it wouldn't be commenting further.

With little to go on, independent investigators have still made some intriguing connections.

Virginia-based intelligence firm ThreatConnect said that whoever compromised WADA did so using websites registered through an obscure domain name company that also set up the fake sites used in a variety of other hacks blamed on the Kremlin, including the one that hit the Democratic National Committee. In a telephone interview, the company's chief intelligence officer, Rich Barger said he had been cautious at first about tying the WADA breach to Russian hackers but that "confidence is certainly growing as more and more people weigh in and lend their voice."

Even the meaning of the name "Fancy Bears" is unclear. California-based threat intelligence firm CrowdStrike has long applied that nickname to an allegedly Russian state-backed group, but the hackers' adoption isn't necessarily a brazen acknowledgement of CrowdStrike's research. It might be an attempt to hold it up to ridicule. Which interpretation the group favors hasn't been made clear. Repeated messages to email addresses associated with Fancy Bears have gone unreturned.

Fancy Bears' website doesn't necessarily provide any more insight. Some its artistry appears to have been lifted from a Russian clip art page. But tech podcaster Vince Tocce also found Korean script in the site's code - characters which vanished shortly after he made his discovery public . In a telephone interview, he said that showed how difficult it was to take anything for granted.

Some pieces of Fancy Bears' infrastructure were almost certainly structured to sow confusion.

The site, for example, appears to be hosted in California but was registered at an address in the town of Pomponne, east of Paris, under the name "Jean Guillalime."

A man residing at that address, Jean-Francois Guillaume, told The Associated Press the registry information was bogus and that he was mystified as to why the hackers had picked on him.

"I have absolutely nothing to do with this," he said, adding that he ran a consulting shop and a flower business and wasn't particularly interested in sports. "I don't know any Russians," he said.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Vivo X200 FE Global Launch Confirmed; Design Teased
  2. Oppo K13x 5G India Launch Date, Price Range and Key Features Revealed
  3. Poco F7 Launch Date, Price in India, Design and Key Features Leaked Online
  4. Switch 2 Had the Biggest-Ever Launch Week for Video Game Hardware in the US
  5. Google's Pixel 10 Series Tipped to Feature Improved Speakers
  6. Oppo Reno 14 5G Series, Watch X2 Mini, Enco Buds 3, Pad SE to Launch Globally
  7. OnePlus Nord 5 Series, OnePlus Buds 4 to Launch in India on This Date
  8. The Witcher 4 Might Not Run at 60 FPS on Xbox Series S
  9. Apple Risks Fresh EU Charge Sheet Over App Store Curbs
  10. Windows 11 Will Now Let You Change Settings With AI Agent
  1. Bitget Partners UNICEF Unit to Expand Blockchain Training Across India, Other Countries 
  2. WhatsApp Reportedly Working on Ability to Scan Documents on Android Smartphones
  3. ElevenLabs Expands Eleven V3 Text-to-Speech Model With Support for 41 New Languages
  4. Vivo T4 Lite 5G India Launch Confirmed; Battery Capacity, Price Range Teased
  5. TikTok Pushes Deeper Into AI-Generated Video Ads With New Tools
  6. Apple Risks Fresh EU Charge Sheet Over App Store Curbs
  7. The Witcher 4 Will Target 60 FPS on Consoles, but Series S Will Be 'Extremely Challenging' Says CD Projekt Red
  8. Oppo Reno 14 5G Series Global Launch Teased Alongside Watch X2 Mini, Enco Buds 3 and Pad SE
  9. Microsoft Begins Testing AI Agents in Windows 11, Brings Option to Share Recall Snapshots in Europe
  10. watchOS 26 to Bring Control Center Customisation Options with User-Defined Toggles
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.