This Week: Hospitals Hit Again (And The Olympics Aren't Over)

Next: Hack To School: Education Exploits on the Dark...
Previous: This Week: Yahoo Still Has A Problem (And...
When you want the tennis ball but you just heard about the Fancy Bear leaks.
September 16, 2016

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

Personal Health Information (PHI) made the news this week, and some of the best known names on the dark web posted new leaks. Let’s start here: the confidential World Anti-Doping Agency (WADA) forms of 29 Olympians from various countries and sports appeared online over the course of the week.

That’s Dope

On Tuesday, Fancy Bear released confidential WADA files on Simone Biles, Elena Delle Donne, and Serena and Venus Williams. The documents appeared with a note acknowledging the medalists hold certificates of approval for therapeutic use of “strong illicit drugs”. The documents reveal the details of which drugs the athletes tested positive for, ranging from painkillers to steroids.

Later in the week on Thursday, Fancy Bear’s Hack Team leaked even more WADA records for Olympians. This round of leaks included 25 athletes from a variety of countries, including the United States, Great Britain, Denmark, Russia, Poland, Czech Republic, Romania, and Germany. The records show multiple positive tests for banned substances. Fancy Bear – or, at least the Fancy Bear Hack Team taking credit for these WADA records – uses a clear web site. The documents are available as downloadable files, ensuring availability even if the site is taken down (someone is bound to have a copy), and appear amongst a field of #OpOlympic hashtags and illustrated bear gifs.

Some view WADA withholding the reports contained within these athletes’ files as corrupt and dishonest, that the public deserves to know whether or not these individuals we hold in high esteem are also testing “clean”. Since the Olympic athletes are viewed as a representation of their country, the argument goes that athletes’ drug test records should be public information, since they are technically public figures. Regardless, posting these forms without approval from the athletes is illegal. Leaking PHI also infringes on the broader personal privacy of the athletes – the forms contain more than just their medical history. No matter how popular the celebrity, everyone still deserves the right to privacy.

Guess who’s back. Back again.

Following a two-week hiatus, the alleged Democratic Party hacker Guccifer 2.0 released more DNC and DCCC documents. Guccifer 2.0 leaked 670 megabytes of data after giving a “Hacking Insights” live stream presentation in London. This live stream took place on the same day as the WADA leaks – a busy day for criminals all around. The data includes what appears to be the personal cell phone number of vice presidential candidate Tim Kaine, along with the contact information of top White House officials. Two days later, additional data showed up on Guccifer 2.0’s blog - this time, on the internal workings of Democrats in New Hampshire, Ohio, Illinois, and North Carolina. The memos and emails show fundraising conversations, demographics for campaign areas, and a “path to victory.”

In the leak, Guccifer 2.0 calls out the Democratic party for supporting former Secretary of State Hillary Clinton and encourages people to “dig deeper” to see the truth about Clinton. This language reinforces a theme we’ve seen throughout this election cycle, the pattern of foreign actors are seeking to undermine Hillary Clinton’s presidential bid. And since all signs point to Russian involvement, political hacking continues to dominate security and policy discussions.

“TheDarkOverlord” has also resurfaced with more sensitive healthcare data for sale. TheDarkOverlord claims to have breached the servers of a network of hospitals and clinics in the Midwest and promised to release the data before week’s end if it isn’t purchased for 24 Bitcoin (nearly $15,000). TheDarkOverlord said they presented the victims with the opportunity to buy the health records, but the hospitals refused to pay the ransom.

Hospitals aren’t known for sophisticated security and are generally slow to upgrade their systems, leading many hackers on dark web forums to declare hospitals as off limits. The numerous vulnerabilities that exist in health care systems, coupled with the damage that leaked data or ransomware could do to suffering patients, is a new low – one to which most aren’t willing to stoop. This latest incident reminds us that the hackers and vendors of the dark web aren’t a monolith. While some adhere to a code of ethics, others are willing to go after the easiest target in sight, and that target often includes hospitals.

One more thing: McFraud

A McDonald’s employee in West Lafayette, Indiana made off like the Hamburgler when he stole 100 credit card numbers while working the drive thru. The employee worked with an accomplice to steal the credit card information and then go shopping at local stores. Not all fraud occurs on the dark web. The only protective measure here would be to pay for your nuggets in cash.

RELATED ARTICLES
analysis October 08, 2018
The Nine Lives of a Stolen Payment Card

For financial institutions, simply cancelling and issuing a new card will only prevent fraudulent charges on that specific payment card—a canceled card does nothing to stop future fraudulent activity stemming from other compromised cardholder...

analysis October 02, 2018
The Truth About Dark Web Pricing

Asking how much data costs on the dark web is a good question, but the line of inquiry should not end there. In our research of the dark web, Terbium Labs not only examines...