Anti-doping officials confirm hackers accessed sensitive medical records related to Rio 2016
The World Anti-Doping Agency (WADA) has confirmed that its systems were accessed by a hacking group thought to be linked to Russian security forces after data on top US athletes was released online.
The group known as Fancy Bear, previously held to be responsible for hacking the US’ Democratic National Committee (DNC), released data stolen from WADA’s servers that indicated use of prohibited substances by tennis stars Serena and Venus Williams and gymnast Simone Biles, all of whom competed in the recent Rio 2016 Olympic Games.
The documents indicated that Serena Williams had taken prednisone, prednisolone, methylprednisone, hydromorphone and oxycodone between 2010 and 2015 while Venus had taken prednisone, prednisolone, triamcinolone and formoterol and Biles was given methylphenidate for attention-deficit disorder.
The hackers said they were “shocked” by the information and promised to release “sensational proof” of doping by athletes from other national teams.
WADA confirmed, however, that in all cases the US athletes had therapeutic use exemptions (TUEs) for the substances involved and therefore had done nothing wrong.
The organisation said the hack appeared to be in retaliation for WADA’s Independent Pound Commission, which exposed widespread doping in Russian athletics and resulted in a number of Russian athletes being banned from competing in Rio 2016 this summer.
“WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act,” said WADA director general Olivier Niggli in a statement.
‘Cowardly and despicable’
Travis Tygaart, head of the United States Anti-Doping Agency (USADA), called the incident a “cowardly and despicable” act of “cyber-bullying”.
He said it reflected Russian government efforts to show Russians that covert doping was also carried out in other countries.
WADA said the hackers appeared to have accessed its Anti-Doping Administration and Management System (ADAMS) database via an International Olympic Committee (IOC) account created for the Rio 2016 Games, and only appear to have accessed data related to the Rio event.
The hackers may have obtained login credentials through targeted attacks on IOC members’ email accounts, WADA said.
“At present, we have no reason to believe that other ADAMS data has been compromised,” the organisation said. .
In August Fancy Bear hacked into the WADA medical account of Yuliya Stepanova, the key whistleblower for the Pound Commission, and earlier in the summer released embarrassing DNC emails in what was called an effort to disrupt November’s US elections.
Russian president Vladimir Putin has said there was no government knowledge or link to the DNC hack, but said the release of the emails was for the public good since it exposed corruption within the Democratic Party.
Are you a security pro? Try our quiz!