WADA Hack: Is Russia Behind the Fancy Bears Hackers Group?

Sep 25, 2016 — 15:24
— Update: Sep. 26 2016 — 06:38
Sep 25, 2016 — 15:24
— Update: Sep. 26 2016 — 06:38
A screenshot of the Fancy Bears website fancybear.net seen on a computes screen in Moscow, Russia. Alexander Zemlianichenko / AP

The Fancy Bears have struck again. This time, the reputedly Russian group of hackers released confidential medical information on star swimmer Cate Campbell and 40 other athletes. Earlier leaks involved tennis players Rafael Nadal, Serena and Venus Williams and gymnast Simone Biles.

The most recent leaks mostly concern Therapeutic Use Exemptions (TUEs), recorded by the World Anti-Doping Agency (WADA), which allow athletes to take certain substances that are otherwise banned. Though they have targeted athletes from various countries, including a Russian boxer, the hackers seem to have a particular axe to grind against Americans. “We’d like to tell you about the U.S. Olympic team and their dirty methods to win,” the group says on its website.

The hack follows a year in which Russia has been at the center of the biggest doping scandal in recent history, after WADA found evidence of widespread state-sponsored doping.

Russia paid a high price for the affair: Its track-and-field team and multiple other athletes were barred from the Rio Games, and its Paralympic team faced a collective ban. The sanctions are still in place and are unlikely to be lifted any time soon. Is the Fancy Bears’ hack of WADA payback by Russia? The group certainly professes vengeance. “We do not forgive. We do not forget,” it says.

For WADA, the evidence points to Moscow. “Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia,” it said in a statement earlier this month.

As in the doping scandal, many reports allege the involvement of Russian security services. The attacks have been traced back to the same group that hacked into the U.S. Democratic National Convention earlier this year. In both cases, the Kremlin has denied any state involvement, accusing the West of paranoia.

“How can you prove that the hackers are Russian? You blame Russia for everything, it’s very fashionable now,” said Sports Minister Vitaly Mutko.

Some Russian cyber security experts have also warned the narrative might be too obvious to be true. Russian cyber criminals are typically interested in low-profile hacks that can be monetized — hacking national banks, for example — and do everything to wipe out their traces, including remaining anonymous at all cost, says Ilya Sachkov, head of the IB-Group computer forensics company.

The Fancy Bears’ hack team has left behind (too) many clues linking it to previous high-profile hacks. And why would it give itself a name and a logo that are so obviously Russian?

“There’s a lot that doesn’t stack up in this story,” says Sachkov, who has investigated Russian cyber crime for years.

According to Sachkov, the speed with which fingers were pointed at Russia— it took one day — is also suspicious. Most complex crimes take months to resolve. “If you add up all of these doubts, you get such an unusual story, that it’s theoretically possible but only if this concerns a group of idiots,” he says.

Whether or not the hackers are Russian citizens, the leaks certainly play into the country's own narrative: Sure, Russia has a doping problem, but it is not alone. “The hacks have neutralized the West’s accusations against Russia,” says Dmitry Trenin of the Carnegie Center think tank. “The narrative is: ‘You showed us our flaws, and we’ve uncovered your flaws. No one’s better than anyone else. We’re all roughly the same.’”

Whether or not the Fancy Bears are state-sponsored, Russia is enjoying the moment. The satirical Pilorama program on Russia’s rabidly pro-Kremlin NTV channel has launched a petition to award the Fancy Bears with the Heidi Krieger Medal, an annual award for contributions to anti-doping efforts.

“Because of Fancy Bears, the world is now aware of the ruthless treatment of American athletes who, not entirely accidentally, happen to belong to dark-skinned U.S. minority groups,” the petition, signed by almost 5,000 people, reads. “As we understand from alarming news reports, these groups are in a lamentable position, oppressed by U.S. law enforcement.”

The information war, it appears, is only just beginning.