Briefing for the Athletic Industry on the Fancy Bears Threat

After the Experian Hack athletes on the world stage are even more exposed.

Guest Post
By Yomphana Adams


The Fancy Bears hacks and dox releases this summer highlight the need for advanced planning briefing in the athletic industry.  The International Association of Athletics Federations (IAAF) World Championships, the Football Association and FIFA were impacted by Fancy Bear actions.  In July prior to the IAAF World Championship in London, Fancy Bears released the Athlete Biological Passport data of numerous prominent track and field stars.  The data breach released personal and medical information in addition to notes of “likely doping” or “passport suspicious” for some individuals.

Aries Merritt and Mo Farah were among the victims. While the Football Association and FIFA breach three weeks ago released details of failed drug tests and therapeutic use exemptions (TUEs) for athletes, the disclosure claimed 25 participants that were allowed to use TUEs during the 2010 World Cup.  It also indicated 150 players had failed drug tests in 2015 including four UK athletes where one tested positive for ecstasy and three tested positive for cocaine.

blue and purple image of computer screen - fancy bear abuse


The Legacy of the Fancy Bear WADA Hack

Fancy Bears has actively exposed doping in sports through hacks against the World Anti-Doping Agency (WADA) and international organizations like the IAAF and FIFA.  They identified themselves a year ago as an international hack team that stands for fair play and clean sport.  At that time they were working under of guise of #OpOlympics to “enlighten” the public on how Olympic medal are won.  However, they have also participated in hacking Georgia’s government ministries prior to Russia’s 2008 army occupation, hacking the Democratic National Committee, targeting the CIA and the White House.  Enlighting, right.

The Fancy Bear hacking collective also leveraged the NSA tool “EternalBlue” to intensify attacks on hotel networks and target French Presidential candidate Macron in April.  Fancy Bears doping exposure endeavors intensified after WADA exposed systematic doping throughout the Russian Athletics Federation (RusAF) resulting in the suspension of RusAF athletes in IAAF events and the reallocation of Olympic medals to other teams and athletes. Fancy Bears has increased their activities and they are now threatening to uncover illicit behavior in athletics ahead of the 2018 Tokyo Games.

Preparing for the World Stage

Seasoned athletes maybe prepared for the press onslaught and actions required from a cyber breach or misinformation campaign however new athletes maybe ill prepared.  In addition to the laborious physical training, athletes would benefit from geopolitical and cyber awareness training.  Even if an athlete is mindful of political statements or opinions they perform on an international stage, as such, they or their loved ones, can be targeted for social engineering campaigns.  While organizations may fall victim to breaches, general awareness of threats and best practices for safe measure is a beneficial exercise.  The SportsISAO is uniquely positioned to assist the sports industry on cyber security issues from hardening, business continuity to advising on industry standards.

Benjamin Franklin said it best, “by failing to prepare, you are preparing to fail.”


You must be logged in to post a comment Login