My, my, how a story evolves. As soon as I saw the link on Trust But Verify to Sam Abt’s article today in the International Herald Tribune, I knew I was in for a treat. I’ve always enjoyed reading Sam’s stories and this one doesn’t disappoint.
Up to now, we’ve heard the LNDD spin on the “hacker” story. You know, a hacker broke into their systems, crafted some crudely forged documents and send them out to a whole bunch of different folks. Like the Canadian anti-doping lab in Montreal. Oh, and it was done by someone who’s command of French grammar isn’t quite so good, so it must’ve been an English-speaker whodunit. And then there’s the little tidbit where they point the finger at someone who’s “closely related” to Floyd or his camp.
And the story has, of course, made its way through other outlets and been repeated and amplified and told over and over and over again. But what we haven’t heard, up to now, is someone who’s actually seen the documents offer an assessment of LNDD’s story. Nothing like repeating stories, ala the Telephone Game.
This much we know is true: A “hacker” got into LNDD’s computer system and printed out or removed various documents, which were then sent to a long list of people, including the IHT’s Sam Abt. The documents were sent in brown envelopes with no return address, and postmarked November 9th from Aulnay sous Bois, a suburb of Paris which happens to be close to Châtenay-Malabry, which is the home of LNDD.
Abt gives details of the documents (mostly letters about various test reports) he’s seen. Letters to such places as WADA, the World Squash Federation, the International Union of Associations of Alpinism, FINA (the international swimming association) and the French Swimming Federation. Each of the letters says, in essence:
Dear _____,
Umm, we made a mistake. You know those positive doping tests? Well, our results weren’t exactly right. OK, they weren’t quite correct. Oh, all right, we were wrong.
So sorry. We hope you’ll forgive us.
Sincerely,
LNDD
After looking the letters over, you know what Abt’s conclusion is? The letters appear to be authentic. Isn’t that interesting? Kind of blows a hole in LNDD’s spin campaign to minimize the importance of what happened.
One of the questions in my mind is this: Was there really even a hack into their computer systems, or did an actual LNDD employee (in a fit of conscience) decide to release these materials? We now know that LNDD’s story about the contents of the messages may not be true. Perhaps it’s not true that they got hacked, either. Perhaps they’re just saying that to save face.
If these letters are frauds, then at least to one person who’s seen them, they’re pretty darn convincing. Maybe they’re even real. I have a hard time believing the various versions of the “we wuz hacked” story. But I suppose it’s possible. Being hacked into shows some lax security, but even well-protected sites occasionally get hacked.
One version of the story goes that they knew it had been happening since September. Since September? Give me a break! They knew their data was being accessed by intruders and they did nothing to stop it for almost two months? What kind of dopes are running the anti-doping lab, anyway?
I don’t buy it. They have a large amount of highly confidential data. To allow unauthorized access to that data for such a period of time boggles the mind. So, in my mind, there must be another explanation. Like someone inside the lab got hold of these materials and leaked them to various sports federations and the press.
Did our mystery hacker/leaker take the documents out of context? Perhaps. But the only way to know that is to see all the documentation to put the leaked materials into context. What’s the likelihood of that? Of course, you could just take Jacques de Ceaurriz’s and LNDD’s word for it.
It appears that more than one mistake has been made. A number of mistakes have been made, such as:
- Mislabeling a sample in the Landis case
- Incorrect data or interpretations of data in other cases
- Lax computer security, and worse — the willingness to let someone continue to access the system after the break-ins had been discovered
What can we conclude from all this? Well, the lab definitely has made a few errors here and there. And the judgement of the people running the security for their networks is remarkably poor. And the story the lab has offered about being hacked is suspect. Just because they say they were hacked doesn’t make it so.
Which leads me to conclude that the lab’s credibility has been shot to hell here. It may seem like technicalities to the casual observer, but here it is: If you can’t be sure where the data came from (were the Landis samples mislabeled or not?), or even if the data is accurate (perhaps someone wrote down the wrong data?), then you can’t draw any conclusions as to what the data means.
Will these kinds of mistakes be at the heart of Landis’ defense? Hard to say. There’s so much they can draw on, it seems like this merely reinforces their contention that the lab’s procedures and conclusions are wrong.
Whatever the case may be about who leaked the LNDD documents — hacker or inside employee — I agree with Sam Abt:
Give that man/woman a cigar. Keep the brown envelopes coming.
I can’t wait to see who’s going to get fried next.
I’ve just read Abt’s article, and what interests me is the variety in the letters. How did the sender decide which sports to focus on, and which specific lab reports to pull? Why those particular ones (squash?!), unless you were an employee or otherwise had knowledge of which test results were controversial? The only non-lab employee explanation I can think of is that the LNDD did leave their computers unprotected for two months, and some poor, dedicated hacker spent every night going through each record until he found ones that didn’t look right. Either way, it makes the lab look pathetic. I’m glad the world is beginning to take notice.
Debby,
Excellent points. The idea that someone just randomly grabbed these particular documents strains credulity quite a bit, doesn’t it?
– Rant
Debby is right on. Think of your own computer. Do any of us have a handy folder labelled “Screwups?” How did the hacker find these things — use the Windows search to locate file names with “Oops?” “Merde?”\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Hi Rant,
Nice summary of the issues, as usual. I’m with you and Debby and Cheryl as to the unlikelihood of someone randomly and ignorantly being able to find or fabricate such documents. Let me add another reason for some suspicion of L’Equipe’s original report. Sam Apt has been in Europe for years, yet says nothing about the supposedly ignorant French of some of the documents. It sure would be interesting to see the originals of what the hacker sent, so we could make our own judgments about their veracity.
Marc