A couple of weeks after they were caught spoofing domains of WADA, USADA and OCASIA to target visitors, prominent hacker group Fancy Bears stole sensitive documents from the International Luge Federation (ILF) just weeks ahead of the Winter Olympics.
According to several researchers, Fancy Bears started targeting WADA and other organisations associated with the Olympics after a large number of Russian athletes were banned for doping offences.
Unlike many hacker groups that do their best to stay hidden from security researchers and law enforcement agencies, Fancy Bears have made it a point to announce every successful hacking operation they conduct. The group’s latest victim is the International Luge Federation (ILF) which will have a major role to play in the upcoming Winter Olympics.
Fancy Bears has released several sensitive documents which, it says, have been obtained from the International Luge Federation (ILF) and which, it alleges, exposes ‘violations of the principles of fair play’, including widespread TUE approvals, missed anti-doping tests and the double standards approach towards guilty athletes.
In a statement it published on its website, the group made several other allegations like athletes being informed in advance about impending drug tests, athletes consuming certain drugs in large quantities, and the poor quality of bottles being used to conduct doping tests on athletes.
The new leak is quite similar to a massive data leak from WADA’s database in 2016 following WADA’s decision to ban Russian athletes from the Rio Olympics due to a large-scale state-backed doping programme. Fancy Bears ended up releasing documents that contained details of hundreds of athletes who failed dope tests in 2015 and 2016.
‘Much like Fancy Bears’ hack of the World Anti-Doping Agency’s (WADA) website last year, these documents need to be taken with a pinch of salt, as the hacking group has a history of changing the data they steal to suit their own purposes,’ said Jason Hart, CTO of Data Protection at Gemalto.
‘This data manipulation poses an arguably greater threat to organizations than simple data theft, as it can allow hackers to alter anything from stock or sales numbers and in this case, potentially the reputations of innocent athletes,’ he adds.
According to Gemalto, ‘organizations need to conduct a data risk assessment to identify their key data by department and division and determine the risks of what would happen if someone compromised or altered that information’. The firm adds that organisations must implement a two-pronged approach, including the application of security controls such as encryption, key management and two-factor authentication, as well as training of their workforce to protect the integrity of their data.