A hacking team calling themselves the Fancy Bears (and which may or may not be affiliated with a similarly named APT group) has continued the tradition of leaking private documents that detail athletes’ use of potentially performance-enhancing drugs.
In this case, the group has published the records of 25 football players—including ex-Premier League players Carlos Tevez, Dirk Kuyt and Gabriel Heinze—that were awarded therapeutic use exemptions (TUEs) during the 2010 FIFA World Cup in South Africa.
Fancy Bears also said that it has proof that 160 players failed drug testing in 2015, including for cocaine and ecstasy.
To be clear—the 25 players who have been compromised have done nothing wrong. TUEs are exemptions given to athletes to use banned substances in very limited situations: The athlete has to show that he or she would suffer significant health problems without taking it; and that there is no reasonable therapeutic alternative.
As the US Anti-Doping Agency explained, “The TUE application process is thorough and designed to balance the need to provide athletes access to critical medication while protecting the rights of clean athletes to compete on a level playing field.”
Tevez and Heinze for example used betamethasone – a corticosteroid used to treat everything from joint inflammation and arthritis to athsma and Chron’s disease; while Kuyt used dexamethasone to combat tooth pain.
The leak echoes previous releases of stolen documents by the Russian APT group known as Fancy Bear (aka APT28). While it’s unclear if Fancy Bears has any relationship with the singular Fancy Bear, the strategies are similar.
In 2016 Fancy Bear released documents from the World Anti-Doping Agency (WADA), with confidential medical information for US Olympic gymnastics star Simone Biles as well as Serena Williams, among others. The docs suggest Biles has ADHD and takes medication for that, and that Williams was treated with corticosteroids for injuries.
The group—well known for APT activities around the world including the US election-season hacking last year—claimed responsibility for the hack of a WADA database. WADA at the time said the hack was likely in revenge for its decision to recommend that the International Olympics Committee ban all Russian athletes at the Rio Games.
Recorded Future’s research arm Insikt Group had the below to say on the attack:
“Previous Fancy Bear dumps were almost always retaliatory and in response to sanctions from various international sports organizations," said Recorded Future’s research arm Insikt Group, in a statement. "When the Russian athletic team was banned from participating in World Athletics Championships in London, embarrassing IAAF doping reports about major Western athletes were made public. As international pressure on Russia intensifies, with open calls to strip Russia of World Cup in 2018 and recent the FIFA investigation into suspected prohibited substance abuse of the national soccer team, today's release was almost guaranteed to surface."
While it’s safe to assume the release of this information has been done for politically motivated reasons, such data being released means they could have had access to players' medical records, added Kyle Wilhoit, senior cybersecurity threat researcher at DomainTools, via email: “It is therefore not such a gigantic leap to assume that other private information about these individuals could also be accessed, compromised, and leveraged for more financially sensitive information. Additionally, this attack could be chained with something like spear phishing attacks to further target individuals.”