WADA details response to Fancy Bears' hacking


WADA's ADAMS logo (Image credit: WADA)

The World Anti-Doping Agency (WADA) on Wednesday released a statement detailing the security and investigatory steps it has taken in light of the recent Fancy Bears hacking that revealed athletes' confidential medical information, including Therapeutic Use Exemptions granted to Grand Tour winners Chris Froome and Bradley Wiggins.

Revelations that the UCI granted Wiggins TUEs for asthma medication Salbutamol and for the powerful corticoid Triamcinolone Acetonide stirred controversy that continues to reverberate

In its Wednesday statement, WADA revealed that since the Fancy Bears hackers gained access to the Anti-Doping Administration and Management System [ADAMS] that was created especially for the Rio 2016 Olympic Games [Rio 2016 ADAMS Account], gaining access to TUE information for all the athletes competing at the RIO Olympics, it has deactivated all Rio 2016 ADAMS accounts; disabled the self-service 'forgot password' reset feature; increased logging capabilities related to security events; increased monitoring of logs and network activity; and deactivated dormant accounts. 

Earlier this week, WADA announced it hired Günter Younger, creator and director of the Cybercrimes division of the Bavarian Landeskriminalamt (BLKA) in Germany, as director of the agency's Intelligence and Investigations unit.

WADA also revealed that the investigation taken up by Mandiant, a security and forensic consulting firm, into the agency's online assets is 90 percent complete, and it has not found "any evidence of additional compromise to ADAMS data beyond the export of the Rio 2016 ADAMS Account data through 12 September," the day before the Fancy Bear breach was revealed.

The anti-doping agency also said it has warned athletes, other ADAMS users and administrators to "vigilantly monitor their electronic communications and remain alert for attempted phishing schemes," adding that it had been informed "that some users have received suspicious emails, purportedly from WADA’s Deputy Director General, Rob Koehler, advising them that WADA’s President wanted to speak with them regarding the cyber-attacks."

WADA made it clear that the emails were not authentic, and that "no such email was ever sent by the Deputy Director General," again pleading with ADAMS users to remain vigilant to possible scams.

Moreover, not all data Fancy Bears released accurately reflected ADAMS data, according to the WADA statement, and the agency encouraged any affected parties to contact WADA should they become aware of any inaccuracies in the data that has been released.

Summary of Fancy Bears breach

As part of Wednesday's statement, WADA revealed that third party hackers targeted a number of WADA and International Olympic Committee email accounts before and during the 2016 Games for an email "spear phishing" attack that potentially led to the compromise of certain ADAMS passwords. 

WADA's investigators believe an intruder illegally accessed the Rio 2016 ADAMS Account multiple times between August 25 and September 12 using credentials unlawfully obtained from one of these targeted users.

Beginning on September 13, Fancy Bear began releasing information about TUEs for athletes competing in the Rio Games. "The released data all corresponds to the data thefts that occurred between 25 August and 12 September as described above," according to the statement.

Thank you for reading 5 articles in the past 30 days*

Join now for unlimited access

Enjoy your first month for just £1 / $1 / €1

*Read any 5 articles for free in each 30-day period, this automatically resets

After your trial you will be billed £4.99 $7.99 €5.99 per month, cancel anytime. Or sign up for one year for just £49 $79 €59

Join now for unlimited access

Try your first month for just £1 / $1 / €1