Posted on October 29, 2019 at 6:12 PM
The Three-Year War on The Olympics: Fancy Bear Renews Assault
There is a certain sense of fear and awe that a hacker group as powerful as Fancy Bear can bring. Years of action movies have given us both the evil and the right side of a romanticized hacker. However, few people know of the massive grudge held between Russia-backed Fancy Bear and the Olympics.
Fancy Bear has been waging their little war against the Olympics for over three years. The reason for this is simple: Retaliation for banning Russian athletes for doping charges. Russia has a surprisingly long history of doping within its Olympic athletes. The records and accusations stretch as far back as the Cold war. Thanks to the new digital age of the world, Russia is capable of striking back against the anti-doping regulators for daring to ban their athletes.
It’s things like these that makes you unsure whether you should laugh or cry.
Old Feuds Renewed
This new wave of cyberattacks came to light thanks to a blog post from Microsoft. The post states that over 16 sporting and anti-doping organizations were attacked, though most were unsuccessful. It all happened just before news reports started to show that there was a risk of potential action being taken by the World Anti-Doping Agency due to suspicions that Russia’s athletes were doping again. These suspicions have a genuine chance of banning Russia from the 2020 Olympics. They were, after all, banned from the Winter Games back in 2018.
Not only are these attacks noteworthy in and of themselves, but the sheer ferocity that Fancy Bear has had in these assaults is also rather remarkable. GRU, the Russian intelligence agency, has long been rumored to back the cybercriminal group in their ventures. So much so that they managed to get a few of themselves indicted through spreading embarrassing information about the Olympic regulators on the Internet.
James Lewis, Director of the Strategic Technologies Program at the Center for Strategic International Studies, classified it as a grudge match. Lewis explained the typical modus operandi of Fancy Bear when they target anti-doping regulators like they’re doing now. The two goals they have in mind while doing it is to expose embarrassing information about the agencies or to carry out the traditional sense of espionage. Through getting details on how WADA tests drugs, Russia might plan to enhance their athletes in such a way as to make it undetectable with the regulators’ tests.
Lewis continued by explaining that the history of Russians doping their athletes is both long and rich. When WADA showed up and took that away from them, the Russians were extremely upset. Lewis reckons that they’ve never forgiven WADA for refusing to let drugged athletes play. He stated that it was the reason why they were pushing so hard. Fancy Bear doesn’t just want to humiliate WADA; it wants to bypass it by figuring out how they do their tests.
Microsoft has declined to divulge further specifics about this new surge in attacks. They only added that Fancy Bear is using the same kind of tricks they’ve already employed to high-profile institutions like political campaigns, governments, and the civil sector around the world. These include brute force password guessing, targeting vulnerable internet-connected devices directly, or the staple spear-phishing campaigns.
A Brief History
GRU’s grudge against the Olympics came to light back in 2016. The hacker group spread stolen files from WADA that held medical records of Simon Biles as well as Venus and Serena Williams. Fancy Bear took the time to mock the name CrowdStrike gave them before trying to discredit WADA with the provided information. Simon Biles had taken ADHD medication since she was a child and WADA approved its use during her stint at the Olympics.
After Russia was banned from the Winter Olympics, Fancy Bear made sure WADA felt the backlash. They leaked even more information but did it from the International Olympic Committee’s network to rub salt in the wound.
The most dramatic reaction thus far would undoubtedly be the Olympic Destroyer Malware. Just as the winter Olympics started in Pyeongchang, this sophisticated piece of malware managed to take down the entire Olympic network. They even managed to put in false flags that led to a false trail to China or North Korea. FireEye managed to trace it back to the group that did it. They connected it to meddling in the 2016 US election and thus to Fancy Bear.