WADA hackers Fancy Bears indicted in U.S.

A group of seven Russians have been indicted by a federal grand jury in Pennsylvania, the U.S. Department of Justice has announced, for a series of crimes including hacking into the Montreal-based World Anti Doping Agency (WADA) and the Canadian Centre for Ethics in Sport (CCES).

Director General Mark Flynn of the Royal Canadian Mounted Police was in attendance at the press conference as U.S. Assistant Attorney General for National Security John C. Demers, announced the charges in Pennsylvania.

According to the DOJ’s statement, the seven officers charged are part of Russia’s foreign military intelligence agency, GRU. The accused are said to be responsible for the publication of private or medical information of approximately 250 athletes from almost 30 countries. The information was released under the fabricated name Fancy Bears’ Hack Team.

As Fancy Bears’, the officers released TUE’s, medical information and e-mail’s stolen from WADA officials and other anti-doping and national sport organizations. In some cases, the information was altered before release. Among the cyclists affected by the releases were British riders Bradley Wiggins and Chris Froome. The two Tour de France winners faced months of controversy and public scrutiny as a result of the information released.

Responses from the Canadian Center for Ethics in Sport and USADA

In a statement released by the CCES following the DOJ announcement stated “We commend the groundbreaking work of investigators on both sides of the border whose technical and legal expertise has led to an indictment of seven individuals directly linked to the illegal cyber activity.”

CCES’ statement warned of the ongoing threat that organized, state-sponsored espionage poses to relatively small sport organizations. “What happened to the CCES, the World Anti-Doping Agency (WADA) and the US Anti-Doping Agency (USADA) is a sobering reminder of our sector’s vulnerability to targeted cyberattacks,” CCES’ statement read. “As organizations entrusted with athletes’ private information, we must make cyber security a priority, and continually improve in our efforts to prevent and detect intrusions.”

For those with questions about what information was compromised during the 2016 hack, the CCES linked to its statement following the incident. That CCES FAQ sheet is available here.

The USADA, also targeted by the seven Russian officers charged, released at statement from USADA CEO Travis T. Tygart. It called the Fancy Bears hacks  “a desperate attempt to divert attention away from Russia’s state-sponsored doping program.” Tygart added they “were part of a broader scheme of corrupt and unethical behaviour by the Russian government to manipulate international Olympic sport”

Applauding the indictment, Tygert concluded, “Those who attempt to violate the rights of clean athletes and corrupt the integrity of sport will be held accountable for their actions.”

The accused and their activities against WADA and the CCES

The seven defendants have been identified as Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.

WADA and the CCES were compromised in September 2016 at an anti-doping conference hosted by WADA in Lausanne, Switzerland. The charges allege defendants Morenets and Serebriakov accessed the Wi-Fi network of a hotel hosting the conference. They were then able to compromise the laptops of senior CCESS officials staying at the hotel.

WADA was also the target of earlier an earlier operation during the Olympics and Paralympic games in Rio de Janeiro, Brazil in 2016. The DOJ alleges that Russian officers traveled to Rio in order to steal and use the credentials of International Olympic Committee (IOC) officials. These credentials were then used to compromise WADA’s ADAMS database.

Hacking a response to the First McLaren Report

The DOJ suspects the GRU’s activities were a response to the WADA’s Independent Person Report, known as the McLaren Report, released in July 2016. The report described Russia’s systematic state-sponsored doping, and subversion of drug testing protocols leading up to, during and after the 2014 Winter Olympics held in Sochi, Russia.

Richard McLaren, an attorney and a professor at University of Western Ontario, was commissioned to prepare the report by WADA. As part of the fallout from the report, 111 Russian athletes were excluded from the 2016 Olympic Games in Rio. The International Paralympic Committee (IPC) imposed a complete ban on Russian athletes from competing at the same Paralympic Games.

According to the DOJ press release, “Days after the release of the First McLaren Report and the International Olympic Committee’s and IPC’s subsequent decisions regarding the exclusion of Russian athletes, the conspirators prepared to hack into the networks of WADA, the United States Anti-Doping Agency (USADA), and International Court of Arbitration for Sport (TAS/CAS). “

The charges allege that the results of these activities were released under the name of the Fancy Bears’ Hack Team, created to release the stolen information. “The Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign. The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message.”

Full details on the indictment, and the accused’s extensive alleged activities outside the world of cycling can be found in the US Department of Justice statement here.

Reuters reports that three of the seven officers indicted Thursday were previously charged in a separate case. Special Counsel Robert Mueller’s office brought forward the earlier charges against the three for their role in hacking activities intended to shift the 2016 presidential election.”

All seven accused are believed to be in Russia at this time.