 |
| Simone Biles |
The World Anti-Doping Agency (Wada)
has condemned Russian hackers for leaking confidential medical files of
star US Olympic athletes.
Athletes affected include tennis players Venus and Serena Williams and teenage gymnast Simone Biles.
A group calling itself "Fancy Bears" claimed responsibility for the hack of a Wada database.
After the leak, Ms Biles said she had long been taking medicine for Attention Deficit Hyperactivity Disorder.
The hacker group had accused her of taking an "illicit psycho-stimulant", but she said she had "always followed the rules".
The
Rio Olympics quadruple gold medallist had obtained the necessary
permission to take prescription medicine on the Wada banned drugs list, USA Gymnastics said in a statement.
Wada said in a statement that the cyber attacks were an attempt to undermine the global anti-doping system.
Russian
government spokesman Dmitry Peskov said it was "out of the question"
that the Kremlin or secret services were involved in the hacking,
Russian news agencies reported.
The
hackers accessed records detailing "Therapeutic Use Exemptions" (TUEs),
which allow the use of banned substances due to athletes' verified
medical needs.
"By virtue of the TUE, Biles has not broken any
drug-testing regulations, including at the Olympic Games in Rio," USA
Gymnastics said.
Fancy Bears said TUEs amount to "licences for doping".
'Compromising trust'
Russia's
track and field team were banned from the Rio Olympics over an alleged
state-backed doping programme. All of its athletes are barred from the
ongoing Paralympics.
"Let it be known that these criminal acts are
greatly compromising the effort by the global anti-doping community to
re-establish trust in Russia," Wada director-general Olivier Niggli
said.
'An act of revenge?' - Analysis by BBC sports editor Dan Roan
This
is the latest twist in what was already the biggest doping scandal in
the history of sport, and further evidence of the bitter divisions it
has sparked.
The hack appears to be an act of revenge - retaliation for Wada's damning report into Russian state-sponsored cheating.
Although
the Russian government has denied any involvement, it has always
maintained that the country has been made a scapegoat for a much wider
problem, and this will only add fuel to that fire.
Although the
athletes concerned have broken no rules, the revelations - along with
the threat of more leaks of other competitors' medical records - will
inevitably exacerbate the controversy surrounding TUEs at a time when
sport's leaders are desperately trying to restore trust.
Many athletes will now be nervously wondering if their private medical details records are the next to be made public.
And
with the future of Wada currently in the balance, the fact its security
was so badly compromised will raise more questions over the entire
anti-doping system, especially after the account of Russian
whistleblower Yuliya Stepanova was hacked last month, leading to fears for her safety.
US Anti-Doping Agency chief Travis Tygart called the hack "cowardly and despicable".
"In
each of the situations, the athlete has done everything right in
adhering to the global rules for obtaining permission to use a needed
medication," he said.
The US Olympic Committee has had "zero adverse
findings from the Rio Olympic Games that weren't 100% within the medical
guidelines set forth by anti-doping authorities," spokesman Patrick
Sandusky said.
Earlier this month, Mr Niggli said Wada was experiencing almost daily cyber attacks originating from Russia.
Fancy
Bears, which is also known as Tsar Team (APT28), has pledged to release
confidential records from other national Olympic teams.
How Wada was hacked - Dave Lee, BBC North America technology reporter
It's an old adage in cybersecurity that the weakest point of any supposedly secure system is the people that use it.
Wada
says it believes this hack was made possible thanks to a successful
spearphishing attack. Phishing is a term given to the technique of
tricking a user into giving up crucial information - often by clicking a
link that takes them to a malicious website disguised as a familiar
one, such as the log-in page for a bank or social network.bb
Spearphishing
takes this one significant step further. While a phishing attack is
often aimed at many people in the hope some will fall for it,
spearphishing is highly targeted. Hackers perhaps identified a small
number of people, or even just one person, and wrote a phishing attack
specifically designed to trick them.
Other than pushing a message
of vigilance among staff, spearphishing is incredibly difficult to
defend against. Attackers often scour the internet, looking for added
information on the target that might make an email more believable.
Sometimes even knowing a person's favourite football team is enough to
tip the balance in making a spearphishing email seem genuine.
No comments:
Post a Comment
PLEASE BE POLITE