Thursday, January 18, 2018
Home Tags Rio Olympics

Tag: Rio Olympics

Anti-doping body WADA says it ain't so Hackers may have doctored athletes’ data prior to leaking it, according to the World Anti-Doping Agency (WADA). The "Fancy Bear" hacking group has been releasing details of athletes' Therapeutic Use Exemptions (TUE*) after breaking into the systems of the fair play enforcement agency, as previously reported. WADA, which acknowledged the breach last month soon after leaked data surfaced on Fancy Bear’s website, said on Wednesday that “not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data” - implying some of the leaked information had been deliberately altered prior to its release. Russia is the prime suspect in the Fancy Bear attacks, thanks in large part to a ban by many sports preventing many Russian athletes from participating in the Rio Olympics. WADA itself has previously blamed a Russian hacking group for the breach, which it further condemned in its latest update. “The criminal activity undertaken by the cyber espionage group, which seeks to undermine the TUE program and the work of WADA and its partners in the protection of clean sport, is a cheap shot at innocent athletes whose personal data has been exposed,” WADA’s statement fumes. Fancy Bear compromised an account in WADA’s Anti-Doping Administration and Management System (ADAMS) created especially for the Rio 2016 Olympic Games.

This hack facilitated access to the medical history of athletes that participated in the games. WADA’s technical and forensic team’s current assessment is that hackers illegally accessed the Rio 2016 ADAMS Account multiple times between 25 August 2016 and 12 September 2016, using credentials obtained through a spear phishing campaign. The broader ADAMS system was not compromised in the attack, according to WADA.
In response to the admitted breach, WADA has tightened its security controls, introduced increased logging as well as hiring FireEye Mandiant to handle incident response. Security watchers have warned of the possibility of hacking attacks that involved data manipulation for several years, and the only real surprise on that front is that the attack affected a sporting rather than a banking organisation. Jason Hart, CTO of data protection at Gemalto, commented: “As the news that data from the WADA hack may have been manipulated shows, business leaders need to realise they are no longer just at risk from data simply being stolen.

As well as exposing gaps in a company’s security, the next frontier for cyber-crime will be data manipulation.

Data is the new oil and the thing most valuable to hackers. “Businesses can make vital decisions based on incorrect or exaggerated information, or data that has been stolen can be altered to change public sentiment regarding a business or individual, which hackers can exploit for personal or financial gain,” Hart said, adding that the fact that a breach can take months to detect further exacerbates the problem. Bootnote *The TUE process allows athlete to obtain approval to use a prescribed prohibited substance or method for the treatment of a legitimate medical condition, such as asthma.
Confidential medical files on Simone Biles and the Williams sisters have been published online. Russian cyber spies recently hacked the World Anti-Doping Agency and stole the medical data of international Rio 2016 Olympic athletes. The hackers—known as Tsar Team or Fancy Bear—gained access to WADA's Anti-Doping Administration and Management System database, likely via a phishing email, according to WADA.
Some details—including files on gymnast Simone Biles, basketball star Elena Delle Donne, and tennis pros Serena and Venus Williams—have already been leaked to the public. — Simone Biles (@Simone_Biles) September 13, 2016 "We'll keep on telling the world about doping in elite sports," the Fancy Bear website says. "Stay tuned for new leaks." "WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act," Director General Olivier Niggli said in a statement. "[We] condemn these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system." It appears the hackers were only after info about the Summer Games; no other data has been compromised, according to the agency, which is conducting internal and external security vulnerability checks. The attack comes only a month after Yuliya Stepanova's WADA database password was stolen and her account illegally accessed.
Stepanova was the key whistleblower who helped expose widespread doping among Russian athletes.

The country's track and field team was ultimately banned from the Rio Olympics, and all athletes were barred from the Paralympics. "Let it be know that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency's independent McLaren Investigation Report," Niggli said. Fancy Bear was linked to the hack of the Democratic National Committee this summer.

Crowdstrike co-founder Dmitri Alperovitch said at the time that Fancy Bear has targeted defense organizations around the world, suggesting they are aligned with GRU, Russia's military intelligence service.
New information-sharing and analysis organization (ISAO) looks to provide threat intelligence to a broad range of professional and amateur sports organizations. The need for threat intelligence-sharing among sports organizations has become abundantly clear. Pick a case: The hacking of the NFL’s Twitter account this past June. News that Russian-state hacking organization Fancy Bear allegedly released the medical records of  prominent US Olympic athletes. Or, the recent decision by a federal judge to sentence former St. Louis Cardinals scout Christopher Correa to 46 months in prison for hacking into the scouting records of the Houston Astros. It's a no-brainer that sports organizations generate billions in revenue and provide an attractive target for hackers.

Enter the new sports information-sharing and analysis organization (ISAO), which started as a pilot program during the 2016 Olympics in Rio this past summer. Douglas DePeppe, co-founder of the Sports ISAO, says the ISAO plans to launch formally either later this year or in early 2017.
ISAOs stem from a 2015 Obama administration executive order to create intel-sharing groups around specific communities much like information sharing and analysis centers (ISAC) formed over the past 10- to 15 years. “We saw everything that was happening in the news with sports and knew about the Obama administration efforts so we thought there was just a tremendous need for a Sports ISAO," DePeppe explains. "The idea is to build an organization that would feed threat information to professional, college and high school sports organizations much like the FS-ISAC supports the financial industry." Jane Ginn, also a co-founder of the Sports ISAO, says the organization uses ThreatConnect as its main threat intelligence platform.
Security analysts then use ThreatConnect to manage threat intelligence feeds from the FBI, Department of Homeland Security and other government organizations, open source feeds, and a passive DNS database from Farsight Security that’s integrated into ThreatConnect. Ginn says Farsight has built a database of historical DNS information that dates back to 2010. When the Sports ISAO security analysts see something suspicious appear in ThreatConnect, they can then query the Farsight database to learn more about a specific threat. DePeppe says another aspect of the ISAO is working with the community to develop talent in the industry. He says the Sports ISAO has been working closely with Mercyhurst University in Pennsylvania to provide internships and develop security analysts. "There’s a tremendous shortage of people in the security industry and we’re working with Mercyhurst and other institutions to develop programs that will train professionals to do this kind of threat intelligence work," DePeppe says. DePeppe adds that in the next 30 days the Sports ISAO will release a detailed report on the research it conducted during the Rio Olympics.  Some of the topics will include the hacktivists who targeted the Brazilian government during the Olympics as well as US Olympians victimized by hackers.  Related Content: Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology.
Steve is based in Columbia, Md.
View Full Bio More Insights
EnlargeGetty Images/Gregg DeGuire/WireImage reader comments 123 Share this story Leslie Jones, the black comedian who starred in the recent all-female remake of Ghostbusters, has been forced to take her website down after hackers seemingly took con...
Over the last two-plus weeks, the 2016 Summer Olympics in Rio de Janeiro highlighted unbelievable athletic performances, the spirit of competition and cyber-security vulnerabilities, as waves of cyber-attacks hit organizations at both the city and stat...
Virtually, that is. Zeus trojan ported to bash Brazil banks Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 – with IBM and Fortinet reporting new banking trojans and cyber crime activity in Brazil. Big Blue has reported a variant of the Zeus trojan has emerged on crime forums targeting local banks and exploiting financial habits of users in the country in what is evidence the trojan is not a mere copy-and-paste effort. The Panda Banker trojan began in Europe and the US hitting banks in the region earlier this year before being ported to smash the home of the looming 2016 Olympics. The Brazilian variant targets 10 unnamed national banks and localised payment services and is being flogged by the original developers under a subscription payment model. Panda can also raid Bitcoin exchange credentials, airline loyalty programmes, prepaid cards and gambling sites, IBM X-Force researchers say. Its customisation continues: the trojan has been written to target a local security firm, a supermarket chain, and even law enforcement. Researchers suggest the possibly Russian-speaking designers are worked in concert with Brazil locals to develop the latest variant. "Panda grabs login credentials on the fly, is capable of injecting malicious code into ongoing web sessions to trick users with social engineering, and its operators are versed in the use of automated transaction panels," researchers say. "Panda’s operators’ favoured fraud methodology is account takeover, in which victim credentials are robbed and then used by the attacker to initiate a transaction from another device." Most infection comes via Word documents and poisoned macros with pop-up windows used to capture one-time banking passwords. Meanwhile Fortinet is warning of a huge 83 per cent spike in malicious domains and phishing URLs in Brazil across June compared to the global average of 16 per cent. Researchers with the company write in its latest threat report [PDF] that some 3,800 malicious government ( sites have spun up that target bureaucrats and Olympics officials. "As the 2016 Rio Olympics unfold, the history of increased attacks will undoubtedly continue and FortiGuard Labs is already seeing indicators of repeat techniques such as domain lookalikes for payment fraud and malicious websites or URLs targeting event and government officials," security strategist Ladi Adefala says. The findings are similar to those affecting previous major sporting events like the soccer World Cup and previous Olympic Games. In January Trend Micro found as part of its series of analysis on regional cybercrime markets that Brazil's underground was booming. Researchers at the firm said the South American nation had an "influx" of new criminals to its online communities who shirk anonymity when draining user bank accounts with malware and openly boast of their success. ® Sponsored: 2016 Cyberthreat defense report
The Olympic Games in Rio de Janeiro will attract more than just athletes and tourists this year. Hackers from across the world will also be on the prowl, trying to exploit the international event.   That means visitors to the Olympics and even people watching from home should be careful.

Cyberthreats related to the games will probably escalate over the coming weeks and could creep into your inbox or the websites you visit. Don't click if it's too good to be true The Olympics have become a beacon for cyber criminals, said Samir Kapuria, senior vice president with security firm Symantec.

A great deal of money is spent on the international event, so hackers naturally want a slice of the pie, he added. During past major sporting events, hackers have come up with fake ticketing and betting services to commit fraud on unsuspecting users.

They'll also use phishing emails and social media posts to spread malware. Computer users will see these messages and links, expecting to view a video on a record-breaking Javelin throw or a bargain on great seats to the event.

But in reality, they'll end up downloading ransomware that can take their data hostage, Kapuria warned. "Think before you click, especially if something looks too good to be true," he said. Thomas Fischer, a security researcher at Digital Guardian, has already been noticing an increase in phishing scams trying to take advantage of the Olympics. Typically, a user will receive an email loaded with an attachment that invites them to an Olympics ticket lottery.
Inside the attachment, however, is malicious code that will download the Locky ransomware and begin encrypting all the user's files. Hackers are already blanketing email addresses with this kind of attack.

They'll also pretend to be an organization like an Olympics committee, he added. "Anyone can receive these emails," Fischer said. "They usually come in English." Brazilian hackers like to target banking data Visitors who actually make the trip to Rio de Janeiro will be entering a country well known for online banking fraud, according to security firms.
It doesn't help that local laws there might not be strong enough to fight cybercrime. Trend Micro has been following the cyber crime scene in Brazil and noted in a report that hackers there "exhibit a blatant disregard for the law." "They will abuse social media and talk about their criminal enterprise, without fear of prosecution," said Ed Cabrera, the company's vice president of cybersecurity. Many of these Brazilian hackers are developing Trojans that pretend to be legitimate banking software, but in actuality can steal the victim's payment information. However, much of this Brazilian malware is focused on targeting local users, and not necessarily foreign tourists, Cabrera said. Tourists should still be careful, however.

Any banking Trojan can still be dangerous because the malware can spy on computer users, said Dmitry Bestuzhev, the head of global research for security firm Kaspersky Lab. He's warning visitors to be wary of ATM and point-of-sale machines in the country.

They often can be infected with malicious code that can secretly steal payment data once a banking card is swiped. "The attacker has the capability to intercept the data and then to clone the card," he added. Another danger is public Wi-Fi spots in Brazil, which often times are insecure.

A hacker can use them to eavesdrop on victims and steal their passwords, Bestuzhev said. He recommends users buy a VPN service to encrypt their Internet communications. Hacktivists and cyber terrorists could be lurking The other big threat that could disrupt the games is hacktivists, said Robert Muggah, a security specialist at Brazilian think tank the Igarapé Institute. Anonymous, for instance, is targeting the event and could end up embarrassing the local government.

The hacking group has already managed to temporarily shut down the official Rio Olympics website on May 11, and then Brazil's Ministry of Sports site on the following day, Muggah said. "Analysts are also concerned with Islamic terrorists," he added.

The extremist group ISIS has been trying to use the encrypted messaging app Telegram to attract sympathizers in Brazil. Local authorities, however, are bolstering their cybersecurity defenses, and the country is no stranger to holding major events, Muggah said.
In 2014, the country was the site of the World Cup. In the run-up to the Olympics, the U.S. government has launched a multimedia campaign pointing out the possible cyberthreats travelers may encounter in foreign countries.
In extreme cases, U.S. tourists could even be the targets of espionage, the campaign warns. At the very least, visitors heading to Rio de Janeiro should watch out for smartphone theft. Muggah said thefts are quite high in the country because the devices are so expensive. New iPhones, for example, have been known to cost about $1,000 in Brazil due to the local import tariffs and taxes.