The glow from Rio still follows U.S. gold medal gymnast Simone Biles, but this week the young Olympian grabbed some undesirable headlines when Russian hackers accessed and then published her private medical files. The hack of numerous athlete records raises questions regarding prescription drug use in sports and also offers a lesson for those of us who prefer to watch as others compete.
The documents released come from World Anti-Doping Agency (WADA) files. WADA maintains records of medical tests for banned substances including files created specifically for the 2016 Olympics. Tuesday, the WADA confirmed and condemned the hack, which was first uncovered by law enforcement.
“WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act,” said Olivier Niggli, Director General of WADA.
The hackers identified themselves by the name Fancy Bears. They promise more athlete data will be released soon. “We were shocked with what we saw. We will start with the U.S. team which has disgraced its name by tainted victories,” the group wrote.
While U.S. athletes were the target of the first data dump, other nations could face similar leaks. In addition to Biles, the group released data on tennis stars Serena and Venus Williams. Each apparently received an exemption to allow the use of certain drugs for a confirmed medical condition. Without those ‘therapeutic use’ exemptions, their drug use would have banned them from competition.
Biles tweeted to fans after her long term medical challenges with attention deficit disorder were revealed: “Having ADHD, and taking medicine for it is nothing to be ashamed of, nothing that I’m afraid to let people know.”
The U.S. Olympics Committee confirmed that Biles had received permission for her medication use and therefore qualified to compete without restriction.
A note of irony is evident in this breach by the Russian hacking group. Numerous members of the Russian Olympics team were unable to compete in last month’s games after evidence of illegal doping surfaced. The group dumping the stolen data called the Biles and Williams exemptions a ‘license for doping’ not available to other athletes.
Details of the hack are still emerging, but it appears a spear phishing attack targeting WADA email accounts was at the center of the hack. Passwords obtained by phishing then enabled hackers to access confidential files created specifically for the Rio 2016 Games.
Phishing is a rampant problem in many workplaces, not just at WADA. Employers can put their workers through simulated phishing tests beef up their detection skills, but home users also need to note this growing threat. To test your own detection skills, see if you can spot the fake emails amongst the legitimate ones. Email your results to firstname.lastname@example.org. So far, the highest blog reader score is 12 correct answers out of a possible 14.