Why the Russian state 'weaponised' stolen medical records of famous footballers

Russia's Prime Minister Vladimir Putin looks on as he takes part in a congress of the ruling United Russia party in Moscow, on September 23, 2011NATALIA KOLESNIKOVA/AFP/Getty Images

On Tuesday 22 August, a hacking group released the alleged medical records of 25 football players who had been allowed to use banned medicines during the 2010 World Cup, part of an ongoing series of disclosures centred on stolen therapeutic use exemptions (TUEs).

The group claimed that the information was hijacked from Wada, the World Anti-Doping Agency, and framed the release by stressing that "more than 150 players were caught doping in 2015" and that by the next year, the number had "increased up to 200 athletes (sic)".

"Football players and officials unanimously affirm that this kind of sport is free of doping," read the hackers' statement published to a website hosting the download.

Advertisement

"Our team perceived these numerous claims as a challenge and now we will prove they are lying."

This so-called "team" has many names. According to experts in the cybersecurity industry they include Fancy Bear, APT28, Sofacy, Pawn Storm and Tsar Team.

Analysis suggests the unit is closely linked to Russian intelligence and often conducts espionage, cybercrime and leaks of data to further the interests of the Kremlin.

In 2016, for example, Fancy Bear used a series of leaks of information to influence the outcome of the US presidential election and "undermine public faith in the democratic process" by conducting a clandestine campaign against Democratic Party candidate, Hillary Clinton.

US officials said Russian president Vladimir Putin likely sanctioned the operation.

But why would the Russian state suddenly be interested in releasing the medical data of professional footballers? It's a question experts are now attempting to understand.

The first major leak of therapeutic use exemptions (TUEs), which are completely legal, was confirmed by Wada officials in September 2016 and dubbed #OpOlympics. "We are going to tell you how Olympic medals are won," the Fancy Bear hackers pledged at the time.

Advertisement

The headline-grabbing leak came two weeks after Russian athlete Yuliya Stepanova was targeted by hackers after blowing the whistle on a huge, state-sponsored, doping operation.

Experts concluded that the first round of leaks were retaliation for Wada's probe into athletes' use of banned substances – used to bolster performances. In a report, officials found collusion between the FSB, the Ministry of Sport (MofS) and the Russian Anti-Doping Agency.

The bombshell findings left Russia banned from a slew of major sporting events.

Carlos Tevez was named in the list of TUEsGetty Images

In August 2016, ThreatConnect, a US cybersecurity firm, was able to analyse two separate web domains used by the hackers as part of a phishing campaign against Wada employees in August, a month before the medical leaks hit the public domain.

Advertisement

"The sites were recently registered and their registration and hosting information are consistent with Russian Fancy Bear tactics, techniques, and procedures (TTPs), an in-depth report, titled "Russian Cyber Operations on Steroids", revealed at the time.

"Russian activity targeting these organisations is an important example of how Russia responds to wide-reaching current events that have negative implications for Moscow," it added.

But in the latest case, it remains explicitly unclear why the Russian state released footballers' information. But – like the so-called #OpOlympics – it is likely that all roads lead to Wada.

The bruises caused by the bombshell doping report, conducted and published by a law professor called Richard McLaren, may still be yet to heal.

On 28 July, McLaren urged Fifa to appoint a prosecutor to look into Russian doping in the sport of football and suggested a cover-up may already be underway. In 2018, Russia is set to host the World Cup – but already the state is being accused of cheating on a massive scale.

"We have some information where there is reference to trying to find a sample which would be suitable possibly for swapping," McLaren said.

"Either there's been tampering with the caps [...] or the contents haven't been changed, but there may be prohibited substances in there. That gives rise to a suspicion that there is a bank of clean samples and that it's been used with respect to footballers," he added.

In the midst of such pressure, it's obvious why Fancy Bears would again emerge from the shadows.

"The public release and repeated attempts to get the information into publications is an attempt to use private information, most of which to date does not demonstrate transgressions, to change the narrative and media spotlight on its own nefarious practices," said Ross Rustici, a senior manager of intelligence research at Cybereason, a security firm.

"To allow states to weaponise private citizens' information opens a whole new front in the shadow wars that are taking place on the internet," he added.

 (From L) Barrister & Solicitor Richard McLaren, former World Anti-Doping Agency (WADA) President and chairman of the WADA independent commission Richard W Pound, and Head of Department Cybercrime with Bavarian Landeskriminalamt (LKA) Guenter Younger take part in the presentationFABRICE COFFRINI/AFP/Getty Images

Ultimately, the tactics and targets of the Fancy Bear hackers are well-documented.

The group favours email phishing and malware exploits, using backdoors to sneak around inside computer networks. Increasingly, the group exfiltrates data and leaks it; the most recent case being the French presidential election. It's true size and source of funding remains unclear.

It's likely, experts said, that the leaks will continue as long as Russia feels victimised.

"Regardless of whether the latest data dump contains actual files the message from this group is clear: 'Russia may be blamed for doping scandals on a regular basis but look at all the other countries that have issues too. No one side is worse than the other,'" Rustici said.

"What is lost in the rush to discuss the scandal of doping players and the stories about how Russia is back to its old tricks regarding information operations is that private citizens are being used as chess pieces in what essentially amounts to a PR game," he added.


What is a therapeutic use exemption?

As described by the Wada website: "Athletes may have illnesses or conditions that require them to take particular medications. If the medication an athlete is required to take to treat an illness or condition happens to fall under the Prohibited List, a therapeutic use exemption (TUE) may give that athlete the authorisation to take the needed medicine."

There is no suggestion of legal wrongdoing.

Yuliya Stepanova - doping whistleblower - was previously targeted by hackers Matthew Lewis/Getty Images for European Athletics

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.