Harm from Private Data Manipulation

Goals

To identify people or companies that have been harmed by having their private data manipulated (not stolen) to create content for data integrity services lead generation.

Early Findings

Preliminary research indicates that companies and people who have been harmed by malicious data manipulation are so far fairly rare, although experts expect such attacks to increase. Two companies that have been harmed by malicious data manipulation are Tesla and the World Anti-Doping Agency. Some individuals who have been harmed as a result of malicious data manipulation through the World Anti-Doping Agency data release include Simone Biles, Serena Williams, Venus Williams, and Elena Delle Donne.

TESLA

  • In 2018, a former employee of Tesla, Martin Tripp, who was disgruntled at not receiving a promotion, "made changes to the Tesla Manufacturing Operating System, the set of basic commands for Tesla’s manufacturing lines, under false usernames, apparently in an act of sabotage."
  • According to Elon Musk, Tesla CEO, "The full extent of his actions are not yet clear... But what he has admitted so far is pretty bad."
  • Tripp is accused of using his inside knowledge to "alter Tesla’s sensitive code, intentionally stalling production."
  • In addition, Musk claims that Tripp used other employees' passwords and information in an attempt to frame them for the sabotage. Musk's lawsuit states, "Tripp admitted last week to writing the software but to add insult to injury the software was running on three additional computer systems belonging to Tesla employees so that the data would be exported even after he left the company and so that those individuals would be falsely implicated as guilty parties."

THE WORLD ANTI-DOPING AGENCY

  • In 2016, Russian hackers, referred to as "Fancy Bear," entered the World Anti-Doping Agency's systems and released medical data on famous athletes; however, "investigators discovered that much of this data was altered before release."
  • The hackers stole credentials for the Anti-Doping Administration and Management System (ADAMS) through "'spear phishing' e-mails sent to IOC officials who owned the accounts."
  • The ADAMS account for Russian athlete Yuliya Stepanova was illegally accessed when her password was stolen.
  • According to investigators, "It should also be noted that in the course of its investigation, WADA has determined that not all data released by Fancy Bear (in its PDF documents) accurately reflects ADAMS data."
  • The stated purpose of the data leaks was to "smear the impartiality of WADA by suggesting that Russian athletes had been unfairly stigmatized" because some athletes were "allowed to use some otherwise banned substances for medical purposes."
  • However, "it now seems likely that the hackers altered the data prior to release to magnify that perception."
  • Four of the individuals who were harmed as a result of this data manipulation were Simone Biles, Venus Williams, Serena Williams, and Elena Delle Donne, but data for 41 athletes from 13 countries was illegally released.
  • All named athletes had "tested positive for banned drugs, [but] all had received what are known as 'therapeutic use exemptions' for the medications, and those documents were included in the leak."
  • The data release forced athlete Simone Biles to disclose on Twitter that she has ADHD, as one of the banned substances is a drug used to treat ADHD. Biles stated, "I have ADHD and I have taken medicine for it since I was a kid... Please know, I believe in clean sport, have always followed the rules, and will continue to do so as fair play is critical to sport and is very important to me."

Proposed next steps:

You need to be the project owner to select a next step.