[BreachExchange] Russian hackers steal medical data of Rio athletes

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 13 19:19:31 EDT 2016 

http://money.cnn.com/2016/09/13/news/wada-hacked-russian-spies/index.html

Russian hackers broke into the World Anti-Doping Agency database, stealing
medical data of athletes competing at the Rio Olympics, the agency said
Tuesday.

The cyber criminal group, known as "Tsar Team" and "Fancy Bear," publicly
released some of the stolen data and threatened to leak more in the future.
The same group is thought to have been behind the Democratic National
Committee hack in June.

The database of the World Anti-Doping Agency was accessed through an
account created by the International Olympic Committee for the Rio games,
WADA said.

The agency said it believed the access was obtained through "spear
phishing" of email accounts. Spear phishing is an email that appears to be
from an address known to the recipient, asking for sensitive information.

This is not the first time the agency was targeted. The doping agency
database account of whistleblower Yuliya Stepanova was hacked in August.
The runner helped expose the scale of Russian doping problem last year.

"WADA condemns these ongoing cyber-attacks that are being carried out in an
attempt to undermine WADA and the global anti-doping system," said Olivier
Niggli, the agency's director general.

He added that the hack is "greatly compromising the effort by the global
anti-doping community to re-establish trust in Russia."

WADA is not popular in Russia. It had recommended banning all Russian
athletes from the Rio 2016 games, after an independent report said the
country operated a state-sponsored doping program during the 2014 Sochi
Winter Games. Russian officials and athletes likened the move to Cold War
era conflicts.

The International Olympic Committee didn't issue a blanket ban on Russian
athletes in Rio, leaving the decision on competitors' eligibility up to
their respective sporting federations.

Russian track and field athletes and were banned completely from competing.
Other Russian athletes were considered on case by case basis and some were
allowed to participate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160913/94aefdba/attachment.html>

More information about the BreachExchange mailing list