lolloj - Fotolia

Fancy Bears hackers target International Olympic Committee

News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again. Plus, a former NSA contractor pleads guilty to stealing government data, and more.

The International Olympic Committee has had its email stolen again, this time in a response to its ban on Russia from the 2018 Winter Olympics.

A hacking group that calls itself Fancy Bears posted email messages allegedly from officials at the International Olympic Committee (IOC), the U.S. Olympic Committee (USOC) and other associated groups, like the World Anti-Doping Agency (WADA). There's no confirmation yet that the email messages are authentic, but Fancy Bears focuses on anti-doping efforts that got Russia banned from this year's Olympic Games.

"The national anti-doping agencies of the USA, Great Britain, Canada, Australia, New Zealand and other countries joined WADA and the USOC under the guidance of iNADO [Institute of National Anti-Doping Organisations]," Fancy Bears said on its website. "However, the genuine intentions of the coalition headed by the Anglo-Saxons are much less noble than a war against doping. It is apparent that the Americans and the Canadians are eager to remove the Europeans from the leadership in the Olympic movement and to achieve political dominance of the English-speaking nations."

Fancy Bears is believed to be the same hacking group known as Fancy Bear that claimed responsibility for the 2016 hack on the U.S. Democratic National Committee, which interfered in the 2016 presidential election. Fancy Bear hackers have been linked to Russia's military intelligence unit, the GRU, by American intelligence officials.

The batch of email messages Fancy Bears posted is from 2016 through 2017 and mainly focuses on discrediting Canadian lawyer Richard McLaren, who led the investigation into Russia's widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.

The IOC declined to comment on the "alleged leaked documents" and whether or not they are legitimate.

It's not clear how Fancy Bears allegedly breached the IOC email. However, in 2016, the same group targeted WADA with a phishing scheme and released documents that focused on previous anti-doping efforts following the 2016 Summer Olympics. In that case, the hacking group released the medical records for U.S. Olympic athletes Simone Biles, Serena and Venus Williams and Elena Delle Donne. The medical records showed that these athletes were taking prohibited medications, though they all obtained permission to use them and, thus, were not violating the rules. This release happened in the midst of McLaren's investigation into the widespread misconduct by Russian athletes.

In one email released in this week's dump, IOC lawyer Howard Stupp complained that the findings from McLaren's investigation were "intended to lead to the complete expulsion of the Russian team" from the 2016 Summer Games in Rio de Janeiro and now from the 2018 Pyeongchang Games.

The 2018 Winter Olympic Games are set to start on Feb. 9, 2018, in South Korea.

In other news:

  • A former contractor at the U.S. National Security Agency has agreed to plead guilty to stealing classified information. Harold Martin is scheduled to plead guilty to one count of willful retention of nation defense information at a federal court in Baltimore on Jan. 22. Martin, who was indicted in February 2017, is accused of stealing highly sensitive government information -- including national defense data -- from the NSA and other agencies for 20 years. Martin could serve up to 10 years in prison and have to pay a fine of up to $250,000. Martin was employed by several private companies and worked as a contractor for various U.S. government agencies from 2003 to 2016, during which time he maintained top-secret security clearance. With his top-secret clearance, Martin was able to access highly sensitive government data, and he collected both physical and digital documents, which he stored in his home and car, according to the documents released by the court. There is no indication yet about what, if anything, Martin did with the information he stole.
  • Facebook now offers an encrypted group chat tool, despite the widespread government criticism of encrypted messaging systems. The tool, called Asynchronous Ratcheting Tree, or ART, was developed by Oxford University's Katriel Cohn-Gordon, Cas Cremers, Luke Garratt and Kevin Milner, as well as Facebook's Jon Millican. In their paper about ART, "On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees," the group noted that the communication app for only two users is secure, but group messaging is not. "An adversary who compromises a single group member can intercept communications indefinitely," the group said about group messaging. "One reason for this discrepancy in security guarantees, despite the large body of work on group key agreement, is that most existing protocol designs are fundamentally synchronous, and thus cannot be used in the asynchronous world of mobile communications." With the ART protocol, a user can participate in a group message securely, even after one participating user is compromised. The ability comes from the use of different asymmetric keys. Technical details on the protocol can be found in the group's proof of concept.
  • Cisco introduced a technology called Encrypted Traffic Analytics (ETA), which identifies malware in encrypted traffic without intercepting and decrypting the data. According to Cisco's white paper, ETA is "derived by using new types of data elements or telemetry that are independent of protocol details, such as the lengths and arrival times of messages within a flow. These data elements have the attractive property of applying equally well to both encrypted and unencrypted flows." The product has been in trials since the summer of 2017 and is now being rolled out to enterprise routing platforms. Cisco estimated that, by 2020, 80% of all traffic will be encrypted, and ETA aims to solve the problem of security scanners not being able to sift through that traffic for malware. Cisco said ETA uses "multilayer machine learning," advanced statistical modeling and enhanced telemetry to detect malware.

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing