Tuesday, 13 September 2016

Russian hackers leak Simone Biles and Serena Williams files


The World Anti-Doping Agency (Wada) has condemned Russian hackers for leaking confidential medical files of US Olympic athletes.
Athletes affected include tennis players Venus and Serena Williams and gymnast Simone Biles.
A group calling itself "Fancy Bears" claimed responsibility for the hack of a Wada database.
Wada said in a statement that the cyber attacks were an attempt to undermine the global anti-doping system.
Russian government spokesman Dmitry Peskov said it was "out of question" that the Kremlin or secret services were involved in the hacking, Russian news agencies reported.
The hackers accessed records detailing "Therapeutic Use Exemptions", which allows the use of banned substances due to athletes' verified medical needs.

'Compromising trust'

Russia's track and field team were banned from the Rio Olympics over an alleged state-backed doping programme.
"Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia," Wada director-general Olivier Niggli said.
Fancy Bears pledged to release confidential records from other national Olympic teams.

Analysis: Dave Lee, BBC North America technology reporter

It's an old adage in cybersecurity that the weakest point of any supposedly secure system is the people that use it.
Wada says it believes this hack was made possible thanks to a successful spearphishing attack. Phishing is a term given to the technique of tricking a user into giving up crucial information - often by clicking a link that takes them to a malicious website disguised as a familiar one, such as the log-in page for a bank or social network.
Spearphishing takes this one significant step further. While a phishing attack is often aimed at many people in the hope some will fall for it, spearphishing is highly targeted. Hackers perhaps identified a small number of people, or even just one person, and wrote a phishing attack specifically designed to trick them.
Other than pushing a message of vigilance among staff, spearphishing is incredibly difficult to defend against. Attackers often scour the internet, looking for added information on the target that might make an email more believable. Sometimes even knowing a person's favourite football team is enough to tip the balance in making a spearphishing email seem genuine.

No comments:

Post a Comment