3 March 2020

Group-IB’s digital forensic experts presented the analysis of documents on the case involving Russian biathletes

An international cybersecurity company Group-IB that specializes in preventing cyberattacks, has analyzed the documents under the signature of former Moscow anti-doping laboratory director Grigory Rodchenkov. These documents were presented during the hearings in the Court of Arbitration for Sport (CAS) on the case involving Russian biathletes — Olga Vilukhina, Yana Romanova, and Olga Zaytseva. During the investigation, the experts established that the documents contained completely identical images with a signature on them, which were supposedly pasted to these documents from a different source. Similar conclusions have been reached by the British graphologists. This was reported by the lawyer of former biathletes, Alexei Panich, after the first day of CAS hearings in Switzerland.

The experts from international cybersecurity company Group-IB conducted digital forensic analysis of those files that were presented by the client — a law firm, Herbert Smith Freehills CIS LLP. The files provided for analysis were: «Exhibit 43 — Affidavit of Dr. Grigory M. Rodchenkov dated 12 November 2019.PDF» and «Exhibit R-64 — Affidavit of Dr. Grigory M. Rodchenkov dated 22 February 2020.pdf». These files were presented as part of today’s CAS hearings.

Digital forensic examination, conducted by GIAC (Global Information Assurance Certification) certified analysts, revealed that these are two different files from digital forensic standpoint. They have different metadata, such as file size, PDF Version in which they were created, and etc. At the same time, forensic analysis established that page 16 of the PDF file «Exhibit 43 — Affidavit of Dr. Grigory M. Rodchenkov dated 12 November 2019.pdf» and page 6 of the PDF file «Exhibit R-64 — Affidavit of Dr. Grigory M. Rodchenkov dated 22 February 2020.pdf» contain exactly identical, from digital forensic standpoint, element that can be extracted — an image with a signature.

These images have the same file size and hash value (unique fingerprints for files). Both images can be copied and extracted from the files. It is obvious that a person’s signature is always more or less the same, however, scanned signatures will always have minor differences. If the images with signatures are exactly identical, this means that this is most likely the same image, which was pasted to different documents or one image copied from one file and pasted to another.

Sergey Nikitin

Sergey Nikitin

Deputy Head of the Digital Forensics Lab at Group-IB

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident