Security Experts:

Russian Hackers May Have Manipulated Leaked WADA Data

In a statement published Wednesday, October 5, the World Anti-Doping Agency (WADA) provided an update on investigations into the August Fancy Bear hack and data leak in September. FireEye/Mandiant has been employed to do the forensic investigation. As of Oct. 5, the investigation is 90% complete and has found no evidence of any additional compromise.

The statement also suggests that some of the leaked data may have been manipulated by the hackers before public release. "It should also be noted," says WADA, "that in the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data. However, we are continuing to examine the extent of this as a priority and we would encourage any affected parties to contact WADA should they become aware of any inaccuracies in the data that has been released." ADAMS is WADA’s Anti-Doping Administration and Management System.

Fancy Bear is a technically advanced Russia-linked hacking group. Although the Russian government consistently denies any association with the group it is generally considered that the WADA hack was a propaganda attack in retaliation for the exclusion of 111 Russian athletes from the 2016 Summer Olympics in Rio. In a reversal of usual practice, Russian athletes had to prove themselves clean before being accepted. Usually, athletes are accepted automatically, and tested during the Games.

In a series of six separate leaks, the hackers published data from dozens of different athletes, including some of the world's best known and most successful athletes. Since these athletes had been allowed to use some otherwise banned substances for medical purposes, the attempt was to smear the impartiality of WADA by suggesting that Russian athletes had been unfairly stigmatized. It now seems likely that the hackers altered the data prior to release to magnify that perception.

Although WADA's announcement does not provide any specific indication of the data manipulation, it highlights a particular attack vector that gets little discussion: that is, not the mass exfiltration and publication of stolen PI, but the surgical alteration of company data.

"Business leaders need to realize they are no longer just at risk from data simply being stolen," says Jason Hart, the CTP of data protection at Gemalto. "As well as exposing gaps in a company’s security, the next frontier for cyber-crime will be data manipulation. Data is the new oil and the thing most valuable to hackers. Businesses can make vital decisions based on incorrect or exaggerated information, or data that has been stolen can be altered to change public sentiment regarding a business or individual, which hackers can exploit for personal or financial gain. Furthermore, it can be months or even years before this is detected and by then it's too late."

The danger he sees highlighted by the Fancy Bear data manipulation is that advanced hacking groups are capable of stealing data, changing it and publishing it for propaganda purposes (as seems likely with this incident); or simply modifying corporate data in situ and leaving without being seen. For many years, information security has concentrated on maintaining the confidentiality of corporate data by building bigger and better defenses. Fancy Bear may be showing that we need to start thinking about protecting the integrity of data with as much concern.

"There have been incidents in the past," Hart told SecurityWeek, "where a hacker has simply allowed the information that a business can be breached to be distributed, in turn affecting stock prices or investor trust." It may be that in the future, corporate data could be slightly altered on site. "If an organization then makes a business decision based on that false data, depending on what it is, it could have huge ramifications down the line."

The solution, he suggests, is that "businesses need to begin protecting the integrity of the data through security protocols including encryption, utilizing two-factor authentication, and adopting key management strategies. The world of cyber-crime is changing and data manipulation is its future. Businesses need to wise up and protect the integrity of their data to ensure the vital decisions they are making are based on accurate information."

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.