Sports stars are rarely targets for alleged state-sponsored hacking. However, the condemnation piled upon Russia in advance of this year’s Olympic Games should have prompted the World Anti-Doping Agency (Wada) to assess its cyber security. Retribution was possible; a cyber attack the most likely means.
The theft of medical data belonging to Chris Froome, Bradley Wiggins and 3 other British sports stars from its Anti-Doping Administration and Management System (Adams) is, therefore, disappointing. While the details are not yet fully understood, the World Anti-Doping Agency believes access was obtained through spear phishing of email accounts giving access and passwords to the hacking group ‘Fancy Bear.’[1]
The attack raises worrying questions about Wada’s security systems. Last month Yuliya Stepanova – the key whistleblower for Wada’s Independent Pound Commission -that exposed widespread doping in Russian athletics – had her password for Adams illegally obtained.[2] Nevertheless, Wada insisted it was taking the attack seriously and was working with law-enforcement agencies to protect itself and its athletes from being hacked.[3]
This new revelation should be a cause for concern. Most media coverage has focused on the likely culprit, and what the revelations actually show about the sports stars’ use of particular drugs. There has been almost no public discussion of the adequacy of Wada’s security. What encryption was being used? What governance structure managed network security? What actions did Wada take after Yuliya Stepanova had her password hacked?
It may become apparent that Wada was unlucky, falling victim to a sophisticated intrusion despite robust security standards. Nonetheless, questions must be asked. The failure of such a high profile organisation to protect its most prized, private information requires interrogation.
[1] ‘WADA confirms another batch of athlete data leaked by Russian cyber hackers ‘Fancy Bear’,’ World Anti-Doping Agency, 14th September 2016
[2] Guardian
[3] Ibid
