GENEVA — Russian hackers have been blamed for breaking into a World Anti-Doping Agency database and posting confidential medical data of some American athletes online.
WADA said Tuesday the attack — which targeted some female members of the United States team which competed at the Rio de Janeiro Olympics — was carried out by a “Russian cyber espionage group” called Fancy Bears.
The hackers revealed records of “Therapeutic Use Exemptions” (TUEs) which allow athletes to use substances that are banned unless there is a verified medical need.
WADA previously warned of cyberattacks after investigators it appointed published reports into Russian state-sponsored doping.
“These criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia,” World Anti-Doping Agency director general Olivier Niggli said in a statement.
WADA said it “extended its investigation with the relevant law enforcement authorities.”
Last month, hackers obtained a database password for Russian runner Yuliya Stepanova, a whistleblower and key witness for the WADA investigations. She and her husband, a former official with the Russian national anti-doping agency, are now living at an undisclosed location in north America.
A spokesman for Russian state President Vladimir Putin rejected WADA’s statement blaming Russian hackers as unfounded.
“There can be no talk about any official or government involvement, any involvement of Russian agencies in those actions. It’s absolutely out of the question,” spokesman Dmitry Peskov said in a statement carried by Russian news agencies. “Such unfounded accusations don’t befit any organization, if they aren’t backed by substance.”
The International Olympic Committee said it “strongly condemns such methods which clearly aim at tarnishing the reputation of clean athletes.”
“The IOC can confirm however that the athletes mentioned did not violate any anti-doping rules during the Olympic Games Rio 2016,” the Olympic body said.
The top American anti-doping official said it was “unthinkable” to try to smear athletes who followed the rules and did nothing wrong.
“The cyber-bullying of innocent athletes being engaged in by these hackers is cowardly and despicable,” said Travis Tygart, CEO of the U.S. Anti-Doping Agency.
The president of the governing body of tennis cautioned against “unjustified conclusions” being drawn from exemptions it approved.
“All TUEs granted under the Tennis Anti-Doping Program are for the legitimate therapeutic use of medications and are in no way indicative of doping or a breach of the anti-doping rules,” International Tennis Federation president David Haggerty said in a statement.
The name “Fancy Bears” appears to be a tongue-in-cheek reference to a collection of hackers which many security researchers have long associated with Russia.
In a statement posted to its website early Tuesday, the group proclaimed its allegiance to Anonymous, the loose-knit movement of online mischief-makers, and said it hacked WADA to show the world “how Olympic medals are won.”
“We will start with the U.S. team which has disgraced its name by tainted victories,” the group said, adding that more revelations about other teams were forthcoming.
Internet records suggest Fancy Bears’ data dump has been in the works for at least two weeks; their website was registered on Sept. 1 and their Twitter account was created on Sept. 6.
Messages left with the group were not immediately returned. A French name and phone number associated with the site both appeared to be bogus. A mailing address listed by the hackers appeared to point to a florist east of Paris; messages left with the business were not immediately returned.