The Broader Implications of Russians Hacking the Medical Files of Olympic Athletes' Simone Biles, Serena Williams et al

The point of the hack and subsequent release was an attempt to claim that American athletes were as guilty as the entire Russian sports federation of cheating by using banned substances. In neither the Biles or Williams cases does that appear to be true. Biles is diagnosed as ADHD and takes medication for it. Williams has suffered various injuries as she has aged and received permission to take prescription pharmaceuticals to address her ailments.

The larger issue is that with the hack of the Democratic Party and Clinton Campaign files, the provision  to Wikileaks of purloined information, as well as reported attempts to hack electronic voting systems in several US states, the Russians have become much more aggressive about hacking private US files. The question is whether this tactic has - or will - redound to the Russians' strategic benefit or whether it taints the impact of the releases - and provides western authorities with crucial information about Russian methods which can be used against them for more important purposes in the future. JL

Sheera Frankel reports in BuzzFeed:

The cybersecurity firm ThreatConnect was cited in a previous report that found that the same group of Russian hackers had gained access to the WADA database and gotten into the account of Russian whistleblower, Yuliya Stepanova, an 800-meter runner whose revelations of widespread doping in Russian track and field led to that team being banned from competing in Rio.
The hacked medical files of Olympic athletes Simone Biles, Elena Delle Donne, Serena Williams, and Venus Williams were made public Tuesday by a Russian group that cybersecurity experts say was previously responsible for breaches into the Democratic National Committee and White House.
The World Anti-Doping Agency (WADA) confirmed in a statement posted on Tuesday that its database, which included medical files of athletes competing in the Olympics, was hacked by the Russian group that cybersecurity companies have named “Fancy Bear.”
“WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act,” Olivier Niggli, WADA’s executive director, said in the statement. “WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system.”
Niggli added that law enforcement had determined that the “attacks are originating out of Russia,” without clarifying which agency the body had worked with.
“Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report,” Niggli said.
The WADA statement did not mention which cybersecurity company had discovered the breach in their system that accessed the files of the US athletes. WADA did not respond to a BuzzFeed News request for clarification.
The cybersecurity firm ThreatConnect was cited in a previous report that found that the same group of Russian hackers had gained access to the WADA database and gotten into the account of Russian whistleblower, Yuliya Stepanova, an 800-meter runner whose revelations of widespread doping in Russian track and field led to that team being banned from competing in Rio.

View this image ›

Clive Brunskill / Getty Images

ID: 9610259

ThreatConnect had found that the group — which they call Fancy Bear, but which is also known as Tsar Team and APT 28 by other cybersecurity firms — had hacked into WADA through spear phishing emails. Those emails, which often appear to come from trusted sources and have legitimate information, contain malicious malware which, once opened, gives the attackers access to the system. Cybersecurity experts say that spear phishing is the simplest, most surefire method for hackers to access a computer system.
In a post on the group from August, ThreatConnect said Fancy Bear had called itself Anonymous Poland (@anpoland) when it leaked data stolen from WADA servers on Stepanova. The hackers used the name Anonymous Poland much in the same way that they used the name “Guccifer 2.0” when leaking information during the DNC hack, in both cases blaming known hackers to try and deflect attention from themselves.
“We assess that the phishing and Stepanova’s compromise most likely are part of targeted activity by Russian actors in response to the whistleblower and the WADA’s recommendation to ban all Russian athletes from the Olympic and Paralympic games in [Brazil],” ThreatConnect said. “Successful operations against these individuals and organizations could facilitate Russian efforts to privately or publicly intimidate them or other whistleblowers.”
ThreatConnect did not respond to a request for comment Tuesday or answer questions on how far the breach of the WADA servers went.
Biles, who won four gold medals at the Olympic Games in Rio de Janeiro responded to the medical files release in a statement on her Twitter account.

ID: 9610958

As part of the released records Tuesday, the hacking group said it plans to release more medical files of US athletes. The group wrote that following their review of the medical files, they had found evidence of US athlete doping: “This is other evidence that WADA and IOC’s Medical and Scientific Department are corrupt and deceitful.”
U.S. Anti-Doping Agency CEO Travis Tygart has already responded in a statement, saying, “It’s unthinkable that in the Olympic movement, hackers would illegally obtain confidential medical information in an attempt to smear athletes to make it look as if they have done something wrong. The athletes haven’t. In fact, in each of the situations, the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication. The respective International Federations, through the proper process, granted the permission and it was recognized by the IOC and USADA. The cyber-bullying of innocent athletes being engaged in by these hackers is cowardly and despicable.”