The World Anti-Doping Agency (WADA), the international agency that enforces the rules regarding the use of performance enhancing drugs and other prohibited substances by athletes around the world was hacked, apparently by Russian hackers who released the medical files of American athletes Simone Biles, Venus Williams, Serena Williams and Elena Delle Donne. In each case, the records show that these athletes used drugs that were permitted under the Therapeutic Use Exemptions for legitimate medical reasons. In the case of Simone Biles, the records indicated that she took Ritalin for ADHD. None of the use of these drugs appeared to be related to improper drug use for performance enhancement.
Perhaps the bigger aspect of this story and one that is being overlooked in much of the media is how the hacking was accomplished. Once again it appears that the hacking was done by exploiting information obtained through spear phishing. Spear phishing occurs when you receive an email or text message specifically tailored to you with a link in it that the victim clicks on and unwittingly downloads keystroke logging malware that enables the hacker to be able to steal all of the information from the victim’s computer or smartphone including passwords and other critical information.
Spear phishing has been used successfully by hackers in most of the major data breaches of the last few years including Sony, Target and the Office of Personnel Management (OPM). Spear phishing is distinguished from the usual phishing email that can be easily spotted because, unlike ordinary phishing emails and text messages, spear phishing emails and text messages often appear to come from a trusted source and contain sufficient personal or relevant information that they appear to be genuine. Often, we are our own worst enemies because we provide too much personal information on social media that can be used by clever cybercriminals to fashion spear phishing emails and text messages. It is for this reason that you should never click on any links in an email or text message until you have confirmed that the email is legitimate. You should also use security software and make sure that it is constantly updated with the latest patches although even doing that won’t protect you from the newest zero day exploits which exploit computer vulnerabilities that have previously not been discovered. It usually takes the security software companies about a month to come up with defenses against the latest zero day exploits.