Fancy Bears release data on soccer players’ TUE drug use and doping cases

Russia-linked hackers Fancy Bears claimed that around 160 football players failed drug tests in 2015, and 25 2010 World Cup players used doping medicines.

A self-styled hacker group that calls itself Fancy Bears has set up the website fancybear.net to leak emails and medical records related to football players who used doping substances under a campaign dubbed OpOlympics.

The group who claims to be associated with the Anonymous collective is believed to be operating out of Russia.

“Today Fancy Bears’ hack team is publishing the material leaked from various sources related to football,” the hackers said. “Football players and officials unanimously affirm that this kind of sport is free of doping. Our team perceived these numerous claims as a challenge and now we will prove they are lying.”

The leaked files include email messages exchanged between the Fédération Internationale de Football Association (FIFA) and representatives of anti-doping agencies.

The emails leaked by Fancy Bear are dated as recent as June 2017, according to the hackers, leaked files demonstrate that more than 150 players were caught doping in 2015, and 200 in 2016.

The messages discuss test results of many football players, leaked documents include information on the number of football players using doping substances, but there is no reference to specific players.

The documents also provide information on the therapeutic use exemptions (TUEs) acknowledged for several players.

Fifa condemned the leaks “in the strongest terms” the association said. “The release of such information constitutes a clear violation of the athletes’ privacy and puts at risk the ongoing fight against doping,” Fifa said.

The test exception allows athletes to take prohibited substances for medical reasons, the files include TUE authorizations at the 2010 World Cup for Mario Gomez, Carlos Tevez, Juan Sebastian Veron, Dirk Kuyt and Ryan Nelsen.

The Fancy Bear group already leaked data belonging to sports organizations such as the International Association of Athletics Federations (IAAF) and the World Anti-Doping Agency (WADA).

In September 2016, the World Anti-Doping Agency confirmed that Russian hackers breached its Anti-Doping Administration and Management System (ADAMS) database.

The hackers obtained the access to the system by stealing credentials through a spear phishing attack against an “International Olympic Committee (IOC)-created account for the Rio 2016 Games.”

Hackers exploited the attention on the Olympic Games in order to trick the victims with a classic social engineering attack.

According to the experts, the hackers hit the WADA agency in response to accusations of government-sponsored doping for Russian athletics, some of them were even banned from the Olympic Games this summer.

For this reason, security experts linked Fancy Bears to the APT28 group.

“Previous Fancy Bear dumps were almost always retaliatory and in response to sanctions from various international sports organizations. When the Russian athletic team was banned from participating in World Athletics Championships in London, embarrassing IAAF doping reports about major Western athletes were made public,” explained Recorded Future’s Insikt Group.

“As international pressure on Russia intensifies, with open calls to strip Russia of World Cup in 2018 and recent the FIFA investigation into suspected prohibited substance abuse of the national soccer team, today’s release was almost guaranteed to surface,” it added. “The message reads very clear and loud – ‘Dare to touch us, we’ll come after you. Don’t expect us to remain silent and maintain status quo’.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Fancy Bears, data breach)

[adrotate banner=”13″]