Add a New Charge Against Chuck Wielgus and USA Swimming: Clumsy and Paranoid Hacking of Critics’ Computer

Published June 10th, 2014, Uncategorized

by Irvin Muchnick

A Colorado parent and activist with impeccable credentials, who has been a years-long critic of executive director Chuck Wielgus’s operation at USA Swimming – especially the “safe sport” program – has gathered clear evidence that a critical website called “Swimming Exposed” was unsuccessfully hacked by a user at a computer inside the organization’s Colorado Springs headquarters.

This revelation by Jeff Renwick, a United States Naval Academy alumnus and a combat-decorated naval aviator, adds to the image of an out-of-control swimming national governing body that has descended from dysfunction and cover-up into the realm of paranoia.

Renwick’s information emerges just after Wielgus stood down from his scheduled induction into the International Swimming Hall of Fame and apologized to victims of sexual abuse for his insensitivity and inaction. USA Swimming is being investigated both by federal agents and by Congressman George Miller, ranking minority member of the House Committee on Education and the Workforce, who has called for public hearings.

Renwick told us that he has contributed to a website called “Swimming Exposed.” He first noticed attacks on the site on August 14, 2012.

Renwick and his wife Cary (who swam collegiately at the U.S. Military Academy at West Point and represented the U.S. at the 1995 Military World Games) and their swimming kids were retaliated against and forced to move to a new team after they raised questions about the words and images on the MySpace page of an assistant coach. Renwick recounted this episode in a May 18, 2012, guest column for Concussion Inc., “USA Swimming Is Putting a Bullseye on the Backs of Our Children,” https://concussioninc.net/?p=5663.

Renwick’s probe of the USA Swimming computer hacking was shared with and confirmed by a Denver-area Federal Bureau of Investigation agent who is a cybercrime specialist, and by a civilian member of the FBI’s InfraGard unit. (InfraGard is a public-private partnership.)

“While these experts agreed that this was a scripted attempt to access the site, the FBI’s limits on prosecution were at one million dollars’ worth of damage or direct involvement in child pornography,” Renwick told us. “It is USA Swimming’s own ineptness that saved them from immediate federal involvement.”

According to Renwick, the attacks persisted across a period of months, before USA Swimming lawyer Richard Young was informed that Swimming Exposed’s members were aware of the attacks and had contacted legal counsel. Shortly after that, the “delete and destroy” portions of the script were removed, but other aspects of the cyber-probing continued. Concussion Inc. expects to report further on this shortly.

Renwick said the source of the attacks was unquestionably the Internet Protocol (IP) address of USA Swimming’s in-house server. An audit of traffic at the Swimming Exposed site showed thousands of bad commands sent for every legitimate attempt to download a web page of Bill Maxson, a past board president of USA Swimming who has publicly expressed his enthusiasm for pornography.

The commands were from a script of vulnerabilities primarily associated with Twitter, Renwick said, adding: “Any intelligent Information Technology type would know to hide the IP address and certainly not run it from USA Swimming’s own server. Also, a person with even a basic grasp of computer security would not have targeted Twitter when the Maxson post was hosted separately. There were repeated, daily attempts to obtain user lists and passwords, as well as to gain control over the site through administrative controls. All failed due to the attackers’ incompetence.”

 

In redundantly stated policy and practice, USA Swimming does not respond to Concussion Inc.’s inquiries. This post is being forwarded to executive director Chuck Wielgus and Scott Leightman, the head of public relations. Any comments by them will be reported in updates.