Two bears are the mascots for the Pyeongchang 2018 Winter Olympic and Paralympic Games that follow.
Dan Mullan / Getty Images
Just over a month after Russia was banned from participating in the 2018 Winter Olympics, and 30 days before those games start, hackers associated with the Russian government have released a handful of emails that appear to have been stolen from the International Olympic Committee.
Calling themselves “Fancy Bears” — a trolling reference to the games' mascots and the cybersecurity firm ThreatConnect saying a related, earlier hack was the work of Russian military intelligence hackers known in the industry as Fancy Bear — the hackers published the emails Wednesday. They used the same website and the same format used to publish documents in 2016 that had been hacked from the World Anti-Doping Agency (WADA) in response to that agency's finding that hundreds of Russian athletes had taken banned substances.
In December, citing evidence that the Russian government had created a vast, state-sponsored doping scheme, the IOC took the unprecedented step of banning the country from participating in the Winter Olympic Games in Pyeongchang, South Korea, in February.
Spectators at a hockey match in December held a placard that read, “Korea welcomes Olympic athletes from Russia at the 2018 Winter Olympics in Pyeongchang.”
Maxim Shemetov / Reuters
The origin of the emails is unclear. Some of the emails, which date from late 2016 to the spring of 2017, appear to be between IOC employees and third parties discussing the Russian doping conspiracy.
“These emails and documents point to the fact that the Europeans and the Anglo-Saxons are fighting for power and cash in the sports world,” “Fancy Bears” said in its posting, though it’s unclear how the emails are meant to support that claim. Some of the emails' contents are encrypted and are therefore illegible.
The IOC declined to comment on the “Fancy Bears” post or to verify that the emails are authentic, telling BuzzFeed News that “we do not comment on leaked documents.” WADA has not disputed the validity of any of the hacked documents previously attributed to the organization.
One of the people whose emails appear in the leak, and who is specifically named on the “Fancy Bears” website, is Colorado lawyer Richard Young, who helped WADA draft new anti-doping rules and worked to create a so-called “independent person” report for WADA on the doping allegations.
Young told BuzzFeed News he was unaware of the “Fancy Bears” activity, but said that a September 2016 email included in the dump sounded authentic to him when read over the phone.
“It’s no great revelation that I was involved in the IP investigation. I’m named in it,” Young laughed. “I think it’s somewhere in the first five pages that my role is explained.”
The original WADA hack occurred in the late summer of 2016, as allegations that Russian athletes had been caught participating in a vast and elaborate blood doping conspiracy were gaining international attention.
ThreatConnect quickly identified Fancy Bear, the same group identified by Crowdstrike as behind the 2016 hacks of DNC networks, as behind the WADA attack. That September, after speaking with international law enforcement about the hack and those behind it, WADA took the unusual step of corroborating that Fancy Bear was indeed responsible.
The “Fancy Bears” website, which was created in the wake of ThreatConnect’s announcement, posted medical information taken from WADA files of famous non-Russian Olympians' use of sometimes banned substances, including WADA's approval for tennis star Serena Williams to take anti-inflammatories and gymnast Simone Biles use of ADHD medication. For some Russians, news of American athletes being approved for such medicine was evidence of a scandalous double standard.
Asked in December if previous Russian hacking attempts had convinced the organization to take steps to bolster its cybersecurity, an IOC spokesperson told BuzzFeed News that “The IOC continues to monitor security arrangements in the light of the changing environment and threat assessment,” but declined to elaborate.