Earlier this month, a federal grand jury in Pennsylvania indicted seven Russian military intelligence officers on charges of hacking American and international anti-doping agencies and sports federations, thereby accessing data and medical records of 250 athletes from about 30 countries.
Investigators from the United States Department of Justice claim the hackers accessed the data through cyber attacks on networks and officials at roughly 40 anti-doping agencies and sporting organizations, including the International Olympic Committee (IOC) and the World Anti-Doping Agency (WADA), the International Association of Athletics Federations (IAAF), and FIFA.
In addition to stealing data from these organizations, the hackers also sold information to reporters, at times modifying it beforehand. Other charges include conspiracy, wire fraud conspiracy, wire fraud, aggravated identity theft and conspiracy to commit money laundering. Several of the hackers involved with the cyber attacks on WADA, the IOC, and others were “caught red-handed” during an attempted breach of the Organization for the Prohibition of Chemical Weapons (OPCW) in the Netherlands.
The DOJ alleges that Russia began its cyber attacks one month before the opening of the 2016 Rio Olympics, as a method of retaliation for WADA’s 2016 McLaren Report, which provided evidence of a State-sponsored doping scheme in Russian sports. Though the phrasing “State-sponsored” is no longer used by WADA and has been watered-down following an investigation led by the IOC Disciplinary Committee and its Chair Samuel Schmid, there is still no doubt that a conspiracy to cheat the world anti-doping system existed for years across summer and winter sports, involving athletes, Russian official in the Ministry of Sport, the Russian Anti-Doping Agency (RUSADA), and the Moscow Anti-Doping Laboratory, among other. Nonetheless, WADA reinstated RUSADA in September after nearly three years of delinquency, despite the fact that WADA’s original standards for Russian reinstatement were not fully met.
Furthermore, the DOJ claims that if the networks and data that the officers wanted couldn’t be accessed remotely, the Russian officers would travel to other countries in order to hack into Wi-Fi networks and share access with their Russia-based counterparts. Russian officers are said to have traveled to Brazil for the 2016 Summer Olympics where they successfully hacked vital accounts and captured the credentials of an Olympics anti-doping official, which they used to get pilfer the WADA database. According to NPR, the hackers used a Wi-Fi network to steal credentials issued to “a senior USADA anti-doping official,” giving them access to emails including “summaries of athlete test results and prescribed medications.”
The charges also include a hack that took place in September, 2016, in Lausanne, Switzerland, during a WADA conference where a laptop was compromised by the APT 28 malware infection, which eventually compromised the IP addresses of the International Olympic Committee.
As reported by NPR, the seven Russian operatives named are:
Aleksei Sergeyevich Morenets, 41; Evgenii Mikhaylovich Serebriakov, 37; Ivan Sergeyevich Yermakov, 32; Artem Andreyevich Malyshev, 30; and Dmitriy Sergeyevich Badin, 27 — whom the Justice Department says were assigned to Military Unit No. 26165 — along with GRU officers Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46.
The Russian Government is denying the charges.