This past Tuesday, the World Anti-Doping Agency (WADA) was breached by hackers who leaked the records of a number of American athletes. The WADA identified the hackers as the “Fancy Bears international hack team,” a group who had been determined by security firm Crowdstrike to be one of two state-sponsored Russian hacker groups involved in the Democratic National Committee leak this past June. This time, the hackers leaked the records of American athletes such as gymnast Simone Biles and tennis stars Venus and Serena Williams. The leak revealed that the WADA had approved the use of prohibited substances for certain American athletes, after it had banned Russian athletes from the Rio Olympics for similar reasons. This included, for example, the ADHD medication Biles had been prescribed since childhood. The records were published on social media, and on the website FancyBears.net.
The nature of the hack indicates a change in posture for Russian hacking operations. Instead of making the effort to remain covert, the operation opted for a public data dump and claimed responsibility directly. According to Crowdstrike, Fancy Bear has been stealthily hacking military, media, and government targets starting as long ago as the mid-2000s. This year, however, they have taken a much more brazen approach. According to Dave Aitel, a former NSA analyst and founder of the security firm Immunity, “They’ve realized being covert had no advantage…There’s no penalty for saying ‘yeah, it’s us.’”
Notably, Crowdstrike has not commented as to whether the WADA hack was definitively connected to Fancy Bear. However, if the hack was indeed Fancy Bear, this year has signaled a shift in strategy. The Fancy Bear DNC hack also signified this shift. The DNC documents were leaked by a Romanian hacker going by the name Guccifer 2.0. However, clues were left behind, possibly indicating that the hack was a purposefully thinly veiled Russian operation. A Russian VPN was used, and Russian error messages were left behind in the document’s formatting. Mr. Aitel has said the new strategy may be to use the threat of leaks against critics of the Russian government. “Now a group like WADA has to take everything they say to every person into account,” Aitel says. “They have to think, this could leak.”
With Vladimir Putin denying Russian involvement in the DNC hack, and the difficulty of tying Russian hackers directly to the Russian government, along with other diplomatic obstacles, Washington has hesitated to impose the sanctions it has considered against Russia. This inaction may result in a sense of invincibility for Russian hackers. Responding to the DNC hack, analysts at NATO’s Cooperative Cyber Defense Center of Excellence wrote in August that “A longer-term, structural response should offer a robust deterrence strategy to ensure that these kinds of influence operations through cyberspace will no longer be seen as relatively low risk operations which come with little or no repercussions.”