Baseball’s Hacking Scandal Underscores Need For Password, Cloud Security
Major League Baseball will not investigate allegations that Cardinals’ front office personnel illegally hacked Houston Astros’ databases until the federal investigation has been completed, according to recent reports. Rob Manfred said the FBI and Justice Department had informed the Commissioner’s office aware of the investigation’s timetable and movement, but of few specifics.
The incident is unprecedented for baseball and sports in general. It is an entirely different incident than the New England Patriot’s exploits of stealing plays and deflating NFL footballs. And it should have been totally expected. Cheating has been a part of baseball for a very long time. “Cheating is baseball’s oldest profession. No other game is so rich in skulduggery, so suited to it or so proud of it,” wrote sports columnist Thomas Boswell. Whether it’s the long list of game fixing incidents, steroids or amphetamines, baseball players tend to agree: cheating is a part of the game. Just don’t get caught. So that’s why the hacking scandal should come as no surprise although it should raise the concern of sports franchises everywhere who use the Internet.
Analytics and their databases have become a major part of baseball and sports. The so-called Moneyball era has made statistics king and analytical minds (and thus software) a premium in baseball and sports generally. Advanced baseball theory today views every action in a game as a bit of data waiting to be analyzed and then stored in a database. If sports history is any indicator, access to the databases of analytics is highly desirable. That’s why the recent Cardinals-Astros hacking scandal has major implications. As Will Leitch writes for NY Mag in an article entitled, “The Sports World Enters The Surveillance Era”:
The Astros’ central database is so advanced, so critical to the team’s sense of organizational direction, that management has given it a code name: “Ground Control.” The system contains “the repository of all our baseball knowledge,” as Luhnow put it to Joshua Green of Bloomberg; every bit of information the Astros had was funneled to Ground Control
As to what led to the breaches of the Astros’ databases, the public cannot be sure. The Houston Astros reported numerous breaches of their baseball operations database dating back to March 2014. The FBI zoomed in on the Cardinals’ front office. One breach originated in a condo in Jupiter, Florida leased by numerous members of the Cardinals’ baseball operations staff.
Rumors have it that it could have been old personnel who worked for the Cardinals, and left for the Astros, used the same passwords with his new team as he did his old team. Interns and low-level employees, according to the Cardinals, then got the idea to access the database in what would be a simple social engineering hack. But answers are still forthcoming. The Cardinals fired scouting director Chris Correa weeks after he was in charge of the club’s amateur draft earlier this summer, giving no reason for the firing. Multiple sources said this was the club’s response upon discovering Correa’s involvement in at least one breach.
“Unfortunately, I don’t think this is a next-few-days resolution,” Manfred said. “We have regular contact with them in terms of progress, when they expect to be finished, those sorts of things. But they are not sharing with us all of the information they have from their investigation. We decided the most appropriate course is to let them finish that investigation and delay any action until that process has been completed.”
“With respect to this incident, you have to begin with the understanding that this is not our investigation,” Manfred told members of the Baseball Writers’ Association of America.
It’s an investigation that is being conducted by the FBI and the U.S. Attorney. We have regular contact with them in terms of progress, when they expect to be finished, those sorts of things.But they are not sharing with us all of the information that they have in the investigation. It simply would not be appropriate for them to do that.
The FBI and the US attorney have yet to file charges, nor have they commented. The Justice Department could charge individuals in the hacking, and the Cardinals could be penalized by Major League Baseball, with Cardinals Chairman Bill DeWitt Jr. looking into an internal action.
Whatever the result of the investigations, the damage has been done. Hacked published a guide on how to create a secure password that perhaps some of the old brass in baseball and sports generally should read. Baseball is not alone with its cloud security concerns. The 2015 Black Hat Asia Conference focused on cloud security earlier this year. Cloud security evolves quickly, with some projects even attempting block chain cloud schemes, such as Storj.io.
Images from Shutterstock and Cardinals.