IAAF expose system hack, alert athletes on possible effects

The International Association of Athletics Federations (IAAF) on Monday confirmed it had found and exposed the fact that infamous international hackers, Fancy Bear, had invaded their systems.

The IAAF expressed fears of a possible breach of athletes’ medical records stored in the global track and field governing body’s servers in Monaco by the hackers, also known as APT28.

Fancy Bear have been notorious for carrying out cyber-attacks with their list of victims including the World Anti-Doping Agency (Wada).

Fancy Bear have also been accused of disrupting political elections in several countries, including Germany and USA.

IAAF President Seb Coe apologised for the intrusion and pledged to get to the bottom of the matter.

Monday’s attack, according to the IAAF, seems to have compromised athletes’ Therapeutic Use Exemption (TUE) applications stored on IAAF servers.

TUE refers to express permission given to athletes to take specific medications to treat illnesses or conditions while such medications may appear on Wada’s list of banned performance enhancing substances.

Among top sports stars on TUE are tennis star Serena Williams and British cycling stars Chris Froome and Brad Wiggins.

In athletics, Britain’s distance running star Mo Farah has also been a beneficiary of TUE.

But the IAAF were confident that they had been able to contain the incident and shut out the intruders.

To date, Fancy Bear have issued no data.

The IAAF issued a statement on Monday saying they, over the last one month, consulted the UK National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique (Monaco AMSN) “and worked with Context to carry out a complex remediation across all systems and servers in order to remove the attackers’ access to the network.”

The statement noted that the “remediation” was completed last weekend.

The IAAF further said athletes who had applied for therapeutic use exemption have been contacted “and provided with a dedicated email address to contact the IAAF if they have any questions.”

The statement added: “Any other athlete concerned about their TUE applications should go to askiaaf.org, complete and submit the form and we will respond, wherever possible, within 24 hours.”

Coe noted that the first priority would be given to athletes who had confided with the IAAF and offered information they believed would be secure with the Monaco-based track and field organisation.

“They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organisations to create as safe an environment as we can,” Coe, a former Olympic track champion added.

The IAAF contacted the 80 or so athletes that had applied for a TUE from the beginning of 2012 to the present day to alert them to the possibility of their TUE data being compromised.

“The IAAF has been a victim of a cyber-attack which it believes has compromised athletes’ Therapeutic Use Exemption (TUE) applications stored on IAAF servers,” Monday’s statement from the IAAF said.

“The attack by Fancy Bear, also known as APT28, was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security, who were contacted by IAAF at the beginning of January to undertake a technical investigation across IAAF systems.

“The presence of unauthorized remote access to the IAAF network by the attackers was noted on 21 February where meta data on athlete TUEs was collected from a file server and stored in a newly created file.

“It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will.”

Meanwhile, Context Information Security, whom the IAAF is using in their investigations, said: “In January 2017, the IAAF contacted Context Information Security to conduct a proactive and thorough technical investigation across its systems, which led to the discovery of a sophisticated intrusion.

“We have received the full support of the IAAF during the subsequent Cyber Incident Response (CIR) engagement and, throughout the investigation, the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance.

“This has been critical in allowing us to both quickly identify the nature of the intrusion and to provide a full and diligent resolution.”