Cyber Incident Victim: United States Anti-Doping Agency
Date:
Nov 2016
Location:
United States of America
Summary
A cyber-espionage group known as Fancy Bears breached the United States Anti-Doping Agency, accessing confidential emails containing sensitive discussions about high-profile athletes' potential irregularities, including abnormal blood values and alleged substance use. The attack also compromised personal details of senior officials and revealed prior unauthorized disclosures of athletes' therapeutic use exemptions for medications like prednisone and methylphenidate. The agency's data was obtained alongside breaches targeting international anti-doping authorities, with evidence suggesting initial access may have occurred through a public computer during a major sporting event. The leaks included internal communications about unverified tip-offs and medical claims, prompting condemnation from oversight bodies as attempts to undermine anti-doping efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late November 2016, the cyber-espionage group Fancy Bears conducted a series of attacks targeting the World Anti-Doping Agency (WADA) and the United States Anti-Doping Agency (USADA), compromising confidential email communications of senior officials. This incident followed their September 2016 breach of WADA's athlete management system through phishing tactics, which had exposed therapeutic use exemptions (TUEs) for prominent athletes including Serena Williams, Simone Biles, and Bradley Wiggins. The November attacks resulted in the theft of sensitive email correspondence containing discussions about high-profile US athletes with unusual blood parameters, an anonymous tip alleging cocaine use by at least two US Olympians for weight loss prior to the Rio Games, and references to an unnamed non-American athlete suspected of receiving a blood transfusion before a major competition. The compromised data also included personal details of WADA president Sir Craig Reedie, such as his home telephone number, intensifying concerns about anti-doping organizations' data security capabilities. Evidence suggested the USADA breach originated from an official accessing systems through a public computer during the Paralympics, though specific technical intrusion methods for the WADA compromise weren't detailed in available reports.
The leaked emails revealed operational discussions about potential doping cases, medications declared by athletes before competitions, and internal assessments of suspicious biological profiles. WADA publicly condemned the data theft as a deliberate attempt to undermine global anti-doping efforts, though no specific containment measures or system upgrades were disclosed following either breach. The exposure of Reedie's private contact information raised additional security concerns beyond competitive integrity issues. This incident marked Fancy Bears' second major anti-doping agency intrusion within three months, demonstrating persistent targeting of sports regulatory bodies. The group's selective publication of stolen medical records and internal communications appeared strategically timed to maximize reputational damage to both athletes and anti-doping authorities. While the full technical scope of the breaches remained unclear, the incidents highlighted vulnerabilities in protecting sensitive athlete data and internal investigative communications from sophisticated cyber threats.