tashka2000 - Fotolia

Russian hackers expose allegedly doping footballers

Russian hacking group Fancy Bear has exposed 150 footballers worldwide for allegedly taking banned substances, underlining the importance of protecting personal data

Nine British footballers are among those Russian hackers claim failed drug tests in 2015 according to emails between international football governing body Fifa and doping officials.

The hacking group Fancy Bear – also known as APT28, Pawn Storm, Sofacy Group, Sednit and Strontium – has been linked to Russian military intelligence agency GRU and several prominent cyber attacks.

These include cyber attacks on the German parliament, French television station TV5Monde, the White House, Nato, the US Democratic National Committee, and the election campaign of French presidential candidate Emmanuel Macron.

More recently, Fancy Bear was among the chief suspects for the brute force attacks on the email systems at Westminster and Holyrood.

Leaked files appear to show that four of the failed drug tests from 2015 were registered by UK Anti-Doping (UKAD). The leaked documents also appear to show that three of the players tested positive for cocaine and one for ecstasy.

Fancy Bear has also made public 25 names of 2010 World Cup players who were allegedly given therapeutic exemptions (TUEs) to use banned substances during the tournament in South Africa, including ex-Premier League players Carlos Tevez, Dirk Kuyt and Gabriel Heinze.

Former Manchester United and Argentina midfielder Juan Sebastian Veron, Diego Milito, and Walter Samuel were also among those named by Fancy Bear for allegedly using banned drugs during the 2010 World Cup. Four German football players, including Mario Gomez, were also named in the document.

Hack made in retaliation

The hacking group said the leaked material is from “various sources” and challenges claims by players and officials that football is free of doping.

Security commentatots say previous Fancy Bear data leaks have typically been retaliatory in nature and the latest leak conforms to this pattern.

With open calls to strip Russia of the World Cup in 2018 and the recent Fifa investigation into suspected prohibited substance abuse of the national soccer team, security firm Recorded Future said leaks of this nature by Fancy Bear were almost guaranteed to surface in retaliation and as a warning.

The leaked files also contain an email allegedly sent to Fifa by the Football Association’s head of integrity, Jenni Kennedy, revealing that Middlesbrough’s George Friend had received triamcinolone prior to the team’s game at Stoke in March 2017.

However, the UKAD reportedly ruled that 29-year-old Friend had not breached the anti-doping regulations after the footballer provided medical evidence of him having been prescribed the corticosteroid for legitimate reasons.

The FA said in a statement that it was “disappointed that strictly confidential information has been released into the public domain” because the data in the leaked emails relates to ongoing investigations.

“Additionally, it is inappropriate to publish information relating to personal medical conditions or medications and we will work alongside our partners to ascertain the extent of this matter,” the FA said.

Fifa condemned the leaks “in the strongest terms” saying that the information had been obtained illegally. “The release of such information constitutes a clear violation of the athletes’ privacy and puts at risk the ongoing fight against doping,” Fifa said.

UKAD head Nicole Sapstead also condemned the leaks, adding that “the theft of medical data is completely unacceptable and this leak does not advance the cause of the anti-doping community at all”.

Read more about data protection

Javvad Malik, security advocate at AlienVault, said the latest leak by Fancy Bear illustrates how important it is to protect personal information, even more so than financial information.

“While financial fraud can affect individuals, there are usually safeguards in place that can help recover from a loss. However, once personal information is revealed, particularly information that can affect someone’s livelihood or public image, it is not as easy to manage,” said Malik.

“It serves as a sobering reminder of how all organisations that process or store any form of personal data need to have adequate threat detection and response controls in place so that any breach or potential breach can be addressed quickly to minimise the damage.” 

Kyle Wilhoit, senior cyber security threat researcher at DomainTools, said this data dump is yet another example of the importance of security measures to protect all kinds of data.

“While it’s safe to assume the release of this information has been done for politically motivated reasons, such data being released means they could have had access to player’s medical records.

“It is therefore not such a gigantic leap to assume that other private information about these individuals could also be accessed, compromised and leveraged for more financially sensitive information. Additionally, this attack could be chained with something like spear phishing attacks to further target individuals,” said Wilhoit.

Read more on Hackers and cybercrime prevention