HACKING JUST HIT the major leagues. Professional sports has
a long inglorious history of subterfuge—remember the New England Patriots’ SpyGate?
Or that time Formula One team McLaren “came into possession” of all those
documents describing Ferrari’s tech? Dirty tricks are nothing new—and neither
is digital espionage—but for the first time the two have come together to rock
Major League Baseball.
The Hack
The New York Times reports that the FBI is opening an
investigation into the St. Louis Cardinals for allegedly hacking into the Houston
Astros network to steal personal data about players. The breach first came to
light last year after information taken from the Astros’ “Ground Control”
database appeared online.
Those Affected
The Astros and the Cardinals, obviously, but also every
baseball player in the major and minor leagues. Why? Because baseball teams are
competing for a very scarce resource: players. And it was fundamental info on
this coveted resource that was allegedly breached in this hack. Officials told
the Times that the Cardinals obtained “internal discussions about trades,
proprietary statistics and scouting reports.” The privacy of Houston Astros
officials having these conversations was violated, as was the personal data of
current, former, and prospective players. One side effect of this hack may be
increased silence from general managers, sports writer Jonah Keri tells WIRED.
“GMs and other executives might start seeing the risk vs. reward equation
differently, and thus start offering less information. We’re already seeing it
with a bunch of new-generation GMs. Something like this story might just
accelerate the process.” When the hack was first uncovered last year, the
Astros believed it to be the work of rogue hackers, but the FBI has homed in on
Cardinals front office officials after tracing to the attack to one of their
homes. The Times indicates they were possibly motivated by a grudge with their
former coworker and current Astros General Manager Jeff Luhnow. The FBI is
handing out subpoenas to Cardinals and MLB leadership, though they are not
saying which Cardinals employees are specifically under investigation.
How They Did It
The old-fashioned way: allegedly by stealing the Astros’
password. It’s no coincidence that the Cardinals chose to spy on the team now
being managed by one of its former executives. The Times reports that Ground
Control is similar to a database Luhnow built for the Cardinals before leaving.
Investigators told the Times that Cardinals officials “examined a master list
of passwords used by Mr. Luhnow and the other officials who had joined the
Astros when they worked for the Cardinals.” Working off that list, they appear
to have guessed the Astros password. If that is how they got in, there’s
nothing sophisticated about this hack.
How Serious Is This
Well, let’s put it this way: the Cardinals managed to access
the Astros’ most valuable intellectual property. Those reports on prospective
players are the secret sauce of a professional sports team, revealing not just
how the team feels about any given player but what its overarching philosophy
toward the game is. In our post-“Moneyball” world, sports teams are increasingly
analytical about building their rosters. And the Houston Astros are at the
forefront of that innovation. When Jeff Luhnow left to become the Astros
General Manager, he pivoted the team’s strategy to be decidedly radical in its
approach. After a few bumpy years, his approach has paid off: the Astros now
have some of the best players in baseball. He built and championed Ground
Control, telling Bloomberg last year that the database served as “the
repository of the organization’s collective baseball knowledge—the Astros’
brain.” The Cardinals appear to have plugged directly into that brain. “It’s
certainly information that could be used to undermine the Astros,” Joshua
Green, the author of the Bloomberg article on Ground Control, told WIRED. We
imagine every general manager in baseball is changing their passwords right
about now. Let this be a reminder to us all: never reuse passwords. And, come
on, don’t write passwords down, either.
Source: Wired
Comments
Post a Comment