AP

False clues make it tough to find WADA hackers

Leave a comment

LONDON (AP) — Medical data from some of the world’s leading athletes has been posted to the web and the World Anti-Doping Agency says Russians are to blame. Even the hackers seem to agree, adopting the name “Fancy Bears” — a moniker long associated with the Kremlin’s electronic espionage operations.

But as cybersecurity experts pore over the hackers’ digital trail, they’re up against a familiar problem. The evidence has been packed with possible red herrings — including registry data pointing to France, Korean characters in the hackers’ code and a server based in California.

“Anybody can say they are anyone and it’s hard to disprove,” said Jeffrey Carr, the chief executive of consulting firm Taia Global and something of a professional skeptic when it comes to claims of state-backed hacking.

Many others in the cybersecurity industry see the WADA hack as a straightforward act of Russian revenge, but solid evidence is hard to find.

What’s known is that it was only days after scores of Russian athletes were banned from the Olympic Games that suspicious looking emails began circulating . Purporting to come from WADA itself, the booby trapped messages were aimed at harvesting passwords to a sensitive database of drug information about athletes worldwide. Among other things, the Anti-Doping Administration and Management System carries information about which top athletes use otherwise-banned substances for medical reasons — prize information for a spurned Olympic competitor seeking to embarrass its rivals.

On Sept. 1 someone registered a website titled “Fancy Bears’ Hack Team.” A few days later, a Twitter account materialized carrying a similar name. Just after midnight Moscow time on Sept. 13, the Fancy Bears Twitter account came alive, broadcasting the drugs being taken by gold medal-winning gymnast Simone Biles, seven-time Grand Slam champion Venus Williams and other U.S. Olympians. It followed up Thursday with similar information about the medication used by British cyclists Bradley Wiggins and Chris Froome, among many others.

There is no suggestion any of the athletes broke any rules, but Russians seized on the leak as evidence that U.S. and British players were using forbidden drugs with the blessing of anti-doping officials.

“Hypocrisy” Russia’s embassy to London tweeted in reaction to the news. Kremlin channel RT broadcast a cartoon showing a WADA official picking up a bulky American player’s steroid bottle with a smile. “All good! You’re cleared to compete!” he says.

Citing law enforcement sources, WADA said the attacks “are originating out of Russia.” Russian officials dismissed the allegation; in an email, WADA said it wouldn’t be commenting further.

With little to go on, independent investigators have still made some intriguing connections.

Virginia-based intelligence firm ThreatConnect said that whoever compromised WADA did so using websites registered through an obscure domain name company that also set up the fake sites used in a variety of other hacks blamed on the Kremlin, including the one that hit the Democratic National Committee. In a telephone interview, the company’s chief intelligence officer, Rich Barger said he had been cautious at first about tying the WADA breach to Russian hackers but that “confidence is certainly growing as more and more people weigh in and lend their voice.”

Even the meaning of the name “Fancy Bears” is unclear. California-based threat intelligence firm CrowdStrike has long applied that nickname to an allegedly Russian state-backed group, but the hackers’ adoption isn’t necessarily a brazen acknowledgement of CrowdStrike’s research. It might be an attempt to hold it up to ridicule. Which interpretation the group favors hasn’t been made clear. Repeated messages to email addresses associated with Fancy Bears have gone unreturned.

Fancy Bears’ website doesn’t necessarily provide any more insight. Some its artistry appears to have been lifted from a Russian clip art page. But tech podcaster Vince Tocce also found Korean script in the site’s code — characters which vanished shortly after he made his discovery public. In a telephone interview, he said that showed how difficult it was to take anything for granted.

Some pieces of Fancy Bears’ infrastructure were almost certainly structured to sow confusion.

The site, for example, appears to be hosted in California but was registered at an address in the town of Pomponne, east of Paris, under the name “Jean Guillalime.”

A man residing at that address, Jean-Francois Guillaume, told The Associated Press the registry information was bogus and that he was mystified as to why the hackers had picked on him.

“I have absolutely nothing to do with this,” he said, adding that he ran a consulting shop and a flower business and wasn’t particularly interested in sports. “I don’t know any Russians.”

MORE: Six of top seven from 2012 Olympic event could be disqualified

Yuzuru Hanyu opens Olympic season with record score

Yuzuru Hanyu
Getty Images
Leave a comment

A sore knee didn’t hold Yuzuru Hanyu back. A record score to open his Olympic season.

The Olympic and world champion from Japan hit a pair of quadruple jumps in his short program at the Autumn Classic, a lower-level event in Montreal.

He was rewarded with 112.72 points, the highest short program score recorded under the 13-year-old judging system. Video is here.

It looked like a home competition for Hanyu.

Upon finishing, he bowed toward one set of bleachers (maybe a dozen rows) at the Sportsplexe Pierrefonds. More than two dozen Japanese flags made it hard to see most of the faces.

He bettered Javier Fernández, a two-time world champion and training partner, by 11.52 points. Fernández also landed two quadruple jumps to tally 101.2.

Full scores will be here upon the conclusion of the short program. The free skate is Saturday at 8 p.m. ET. A live stream is here.

Hanyu now owns the three highest short program scores under the 13-year-old system. The other two were set in the 2015-16 season.

Showdowns like Hanyu-Fernández are usually reserved for, at the earliest, the Grand Prix series in late October and November.

Hanyu and Fernández are very familiar with each other, having shared a coach in Canadian Brian Orser, the 1988 Olympic silver medalist, since 2012. They train in Toronto.

In that time, Hanyu became the first Japanese man to win an Olympic title (and the second teen from any nation to do it). He followed it up with world titles later in 2014 and this year.

Fernández achieved unfathomable success for a Spanish skater — world titles in 2015 and 2016, overtaking Hanyu in the free skate both times.

In PyeongChang, Hanyu can become the first man to repeat as Olympic champion since Dick Button in 1952. Fernández can become the third Spaniard to earn a Winter Olympic medal of any color in any sport, and the first since 1992.

The figure skating season continues next week with Nebelhorn Trophy in Germany, the final Olympic qualifying competition. North Korea could clinch its first spots in any sport for the Olympics in the pairs event.

OlympicTalk is on Apple News. Favorite us!

MORE: What to watch every day of PyeongChang Olympics

USOC letter assures Olympians about South Korea security

Getty Images
Leave a comment

The U.S. Olympic Committee’s security chief sent a letter to potential Winter Olympians saying there are no indications that recent developments between the U.S. and North Korea have compromised security in South Korea.

The letter, obtained by The Associated Press shortly after it was sent Friday, makes no suggestion that the U.S. is considering skipping the PyeongChang Winter Games for security reasons.

But Chief Security Officer Nicole Deal does write that provocations that have been volleyed between the United States and North Korea are likely to persist for the foreseeable future, and “should not be dismissed as insignificant nor feared as precursors of an inevitable conflict.”

The letter comes at the end of a week in which France’s sports minister suggested the country’s athletes would stay home if security could not be guaranteed.

The International Olympic Committee, trying to calm concerns, reiterated that in conversations with high-level officials in China and South Korea, none have expressed doubt about the Winter Games proceeding as scheduled, next February.

The USOC also sent out a public statement Friday from CEO Scott Blackmun.

“We will continue to work with our State Department and local organizers to ensure that our athletes, and our entire delegation, are safe,” he said.

The letter, sent to athletes, national governing bodies and other Olympic leaders in the United States, said the USOC’s security division is operating as “business as usual for our security planning and preparations.”

Deal writes that the USOC is reviewing crisis management plans that address a range of potential scenarios “to ensure our athletes, and our entire delegation, are safe.”

OlympicTalk is on Apple News. Favorite us!

MORE: What to watch every day of PyeongChang Olympics