Are you interested in WADA and USADA confidential documents?" Fancy Bears HT is the front for the hacking operation that spear-phished International Olympic Committee members to gain access to the systems of the World Anti-Doping Agency (WADA).
Those records were leaked—and in some cases, according to WADA officials, modified—in an effort to discredit the Olympics' drug-testing rules.
The leaks were seen by officials as retribution for the bans imposed on Russian athletes after widespread doctoring of drug tests by the Russians at multiple Olympic games was exposed by a WADA investigation. The hack of the United States Anti-Doping Agency (USADA) e-mails was first revealed in October.
A spokesperson for USADA told Ars that the e-mails were probably exposed during the Paralympic Games in Rio de Janeiro, possibly when a scientific advisor to USADA was using public Wi-Fi at the games. The Federal Bureau of Investigations and an outside information security firm are still investigating the breach.
But officials have indicated that, as in the WADA breach, the perpetrators are in some way tied to the group behind part of the network intrusion at the Democratic National Committee and the hacking of e-mail accounts of a number of political figures—including Hillary Clinton's campaign chairman, John Podesta. Those hacks were attributed by security researchers to a group designated by Crowdstrike as "Fancy Bear"—a name the hackers apparently liked so much that they adopted it for their Twitter account name and WADA/USADA leak site. On the other hand, whoever is behind the Fancy Bears Twitter account told Forbes' Thomas Fox-Brewster (who got a similar pitch by DM) that they were not the same Fancy Bear (aka APT28). Nothing in the e-mails leaked from USADA so far is particularly controversial.
The latest batch includes discussions with officials from a number of different countries' anti-doping agencies about contingency plans for what to do if Russian athletes were not banned from the Olympic games as well as preparation for a lawsuit to be filed by USADA and the Canadian Centre for Ethics in Sport against the International Olympic Committee that was never taken forward.
The contents of the e-mails, USADA Communications Manager Ryan Madden told Ars, "just show us doing our jobs." And it's that mundane level of content—and the resulting lack of interest in continued press coverage—that may have prompted Fancy Bears to reach out to Ars and other outlets this morning.
The WADA/USADA leaks are apparently not getting the amount of attention that Fancy Bears feels they deserve, as it offered a lure to write more about them: A transcript of Ars' chat with some Fancy Bears.
Greenford, UK (December 8, 2016) In the wake of Brexit there seems to be an air of gloom hanging over British business – but not at Ultra Electronics.
Based in Greenford, London, the Group continues to supply its products to some of the world’s biggest and most technologically advanced organisations.
Gemini, the world’s first licensed Bitcoin and Ether exchange, chose Ultra’s Hardware Security Module (HSM) to protect its most valuable information despite competition from US and mainland Europe cyber security giants.
The coup for Ultra outlines the significant amount of respect the organisation commands in the world of cyber security.
Gemini, founded and managed by Olympic rowers the Winklevoss brothers, allows clients to trade Bitcoins to USD, Ether to USD and Bitcoins to Ether.
The company is the first of its kind to receive a license from a major regulatory body, receiving its accreditation from the New York State Department of Financial Services (NYSDFS) in 2015.
Cryptocurrencies are fast becoming a more widely respected form of payment, so much so that the city of Zug, a well-known financial hub in Switzerland has started allowing residents to pay for public services with Bitcoins.
Ultra, Gemini and Bitcoin
For such a rapidly expanding business within a field where security is absolutely paramount, Gemini has ensured it recruits security professionals from some of the world’s most distinguished companies.
For a company which has invested so much in security personnel it begs the question, what exactly was it that made them choose the Ultra Electronics’ HSM?
According to Cem Paya, the CSO of Gemini;
“Information security is one of the most important parts of the Gemini business model and ensuring we utilise the most secure HSMs is vital.
There were a number of reasons as to why we chose to work with Ultra Electronics KeyperPlus. Not only did KeyperPlus have a superior key management system, comprehensive security options and Linux support but it also was without any severe vulnerabilities.”
The fact that Gemini chose Ultra Electronics is a positive sign.
Brexit or not – truly innovative companies who can offer unique product solutions will always be desired by the rest of the world. Rob Stubbs, Product Director at Ultra’s Communication & Integrated Systems business, outlines why he believes Gemini selected the KeyperPlus and how the Ultra team will continue to ensure it wins orders from market-leading businesses such as Gemini in the future.
“The success of Bitcoin is critically dependent on the security of exchanges such as Gemini. We have already seen the cyber-theft of Bitcoins from Mt.
Gox, Bitfinex and others totalling over $500m.
Gemini’s decision to use KeyperPlus was based on its own detailed security evaluation as well as the product’s international certification and market reputation so as to provide the upmost security for its clients.
HSMs are an important cyber security tool, and can be used to enhance any security system. KeyperPlus is the only network-attached HSM to incorporate a cryptographic module validated to FIPS 140-2 Level 4 overall, one of the toughest security standards in the world. Ultra’s Keyper™ HSMs have successfully maintained this level for over 15 years, earning them a deserved reputation as the world’s most trusted HSMs.
For example, two generations of Keyper™ HSM have been used by ICANN to protect the security of the global Internet domain name system, upon which the whole world-wide-web ultimately depends.”
Ultra Electronics’ experience and expertise within the cyber-security sector is set to stand both the business and the security of its clients’ valuable information in good stead for the foreseeable future.
If you have any further questions regarding either Ultra Electronics cyber-security capabilities or this article please contact:
Morgan Sellars, Marketing Executive:
Office: 020 8813 4621 – Email - Morgan.Sellars@ultra-cis.com
It’s also important that we highlight the work conducted by our North American partners at Connect IT Solutions Inc.
Their skill and security expertise were invaluable during the design, sale and management phases of this project.
If you have any questions regarding Connect IT Solutions or its services then please contact:
Jasper Rose, Vice President, Cyber Security Division:
Office: 1- 888-246-6350 x 102 Email - email@example.com Web - www.citsus.com
There’s a “concerted effort” by cybercriminals to recruit health care industry insiders as accomplices in these thefts.
Efforts to recruit insiders are far from subtle and can brazen online ads and offers sent through social media, according to a new study (PDF) by Intel Security. Intel Security researchers found evidence that formulas for next-generation drugs, drug trial results, and other business confidential information are all of potential interest to hackers turned industrial spies.
Confidential data is stored not only by pharmaceutical companies but with their partners and (sometimes) government regulators. Cybercriminals are taking advantage of the cybercrime-as-a-service market to execute their attacks on healthcare organizations through, for example, the purchase and rental of exploits and exploit kits in order to attack targeted organizations. Doctored records Away from the top end of the scale there’s even a market for the health records of ordinary people.
Stolen medical records are available for sale from $0.03 to $2.42 per record, McAfee Labs reports.
Comparable stolen financial account records are available for around $14.00 to $25.00.
And credit and debit card account data is available for $4.00 to $5.00 per account record. Protected health information could include family names, mothers’ maiden names, social security or pension numbers, payment card and insurance data, and patient address histories.
Easier-to-monetize credit card information commands a greater price on black markets, at least for the immediate future, as Intel Security explains: Upon stealing a cache of medical records, it is likely cybercriminals must analyze the data and perhaps cross-reference it with data from other sources before lucrative fraud, theft, extortion, or blackmail opportunities can be identified.
Financial data, therefore, still presents a faster, more attractive return-on-investment opportunity for cybercriminals. “In one case, a relatively non-technically proficient cyber thief purchased tools to exploit a vulnerable organization, leveraged free technical support to orchestrate his attack, and then extracted more than 1,000 medical records that the service provider said could net him about $15,564, Intel Security reports. Raj Samani, Intel Security’s CTO in EMEA and author of the McAfee Labs’ Health Warning report, said: “Given the growing threat to the industry, breach costs ought to be evaluated ... in terms of time, money, and trust – where lost trust can inflict as much damage upon individuals and organizations as lost funds.” “When a well-developed community of cybercriminals targets a less-prepared industry such as health care, organizations within that industry tend to play catch-up,” Samani continued. “Gaining the upper hand in cybersecurity requires a rejection of conventional paradigms in favor of radical new thinking. Where health care organizations have relied on old playbooks, they must be newly unpredictable. Where they have hoarded information, industry players must become more collaborative. Where they have undervalued cyber defense overall, they must prioritize it.” ®
Investigators discovered that recently published data from anti-doping testing at the 2016 Olympics in Rio de Janeiro had been altered by parties connected to a Russia-based hacking group behind the breach, according to a report issued by the World Anti-Doping Agency (WADA) yesterday. The International Olympic Committee (IOC) dump, released by a group calling itself "Fancy Bears," was found by WADA's incident response team to contain altered information. "WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects [Anti-Doping Administration and Management System (ADAMS)] data," a spokesperson for WADA wrote in a post on the investigation.
The attackers gained access by stealing ADAMS credentials through "spear phishing" e-mails sent to IOC officials who owned the accounts.
The attack was similar to the e-mails sent to DNC and Clinton campaign officials earlier this year. This fits into a pattern tied to recent hacks by "Fancy Bear" and other groups—organizations that researchers and government authorities believe are connected in some way to the Russian intelligence community—being used for misinformation.
Some of the data in the initial Democratic National Committee "dump" by the entity calling themselves Guccifer 2.0 was revealed to have been altered, and that leaked metadata indicated files had been edited by someone who spoke Russian. While the latest "leak" from Guccifer 2.0 allegedly against the Clinton Foundation's network contains no such smoking guns, the metadata does exist and suggest data came from previous "Fancy Bear" breaches at the DNC and other organizations that used the DNC's network. Forensic examination of the Guccifer 2.0 Clinton files specifically suggests the files came from previous breaches of the DNC and Democratic Congressional Campaign Committee (DCCC). Payroll files, expense reports, receipts, and lease documents for Democratic party field offices—as well as scans of checks issued for payment for FOIA requests and vendors—all point to the DCCC, DNC, and some state Democratic Parties.
Files not from the DNC or affiliated organizations came from GMBB (an advertising firm that does work for the Democratic Party), the Federal Election Commission, and the House of Representatives. Some of the more controversial documents in the collection posted directly on the Guccifer 2.0 WordPress blog, including one titled "Master Spreadsheet PAC Contributions," may have been modified before posting.
That file was created and edited once in February 2009.
Based on file metadata, it was pulled off the DCCC server on May 23, 2016.
This hack facilitated access to the medical history of athletes that participated in the games. WADA’s technical and forensic team’s current assessment is that hackers illegally accessed the Rio 2016 ADAMS Account multiple times between 25 August 2016 and 12 September 2016, using credentials obtained through a spear phishing campaign. The broader ADAMS system was not compromised in the attack, according to WADA.
In response to the admitted breach, WADA has tightened its security controls, introduced increased logging as well as hiring FireEye Mandiant to handle incident response. Security watchers have warned of the possibility of hacking attacks that involved data manipulation for several years, and the only real surprise on that front is that the attack affected a sporting rather than a banking organisation. Jason Hart, CTO of data protection at Gemalto, commented: “As the news that data from the WADA hack may have been manipulated shows, business leaders need to realise they are no longer just at risk from data simply being stolen.
As well as exposing gaps in a company’s security, the next frontier for cyber-crime will be data manipulation.
Data is the new oil and the thing most valuable to hackers. “Businesses can make vital decisions based on incorrect or exaggerated information, or data that has been stolen can be altered to change public sentiment regarding a business or individual, which hackers can exploit for personal or financial gain,” Hart said, adding that the fact that a breach can take months to detect further exacerbates the problem. Bootnote *The TUE process allows athlete to obtain approval to use a prescribed prohibited substance or method for the treatment of a legitimate medical condition, such as asthma.