As the Community Manager for the Symantec Social Media team, one of the greatest perks of the job is swimming in breaking security stories every day. An interesting story broke recently involving data theft in Major League Baseball. Whether what happened to the Houston Astros qualifies as a “hack” is up for debate. What is indisputable, however, is that the Astros suffered a loss of intellectual property due to outside agents infiltrating their systems. Hacking has been going on in baseball for 100 years.
So, which is the more difficult hack in baseball today?
- Standing at home plate in front of a crowd of cheering fans; waiting on a pitch that could come at 100 mph; and looking at your teammate on second base to relay to you which pitch is coming, or
- Illegally accessing internal systems of a business valued at $800 million, with a 2014 revenue of $175 million that is part of a consortium valued at $36 billion.
In this case, the systems hack seemed easier to pull off. Here’s why.
Baseball’s oldest hack requires a base runner to decipher a sign from the catcher to the pitcher. The base runner relays the type of pitch to the batter, and the batter translates that data into actionable information before swinging at the pitch. Considering that the realistic reaction time a batter has to swing at a 96 mph fastball is 0.43 seconds . . . I’ll take the comfort of a desk chair, good Wi-Fi and fast internet connection any day of the week.
On the field, baseball players and coaches practice pre-emptive security. Signals between players are coded and spoofed to prevent the opposition from understanding them. If only it was as easy as using hand signals and coded language to protect the data that is the lifeblood of any business.
Recently, the NY Times broke a story that the FBI is now investigating Major League Baseball’s St. Louis Cardinals for allegedly hacking into the Houston Astros’ database, Ground Control, which housed the “collective baseball knowledge” of the organization. The data that was stolen included a proprietary system of valuing players in their organization, around the league, and around the world. For an $800 million company, this is a devastating loss. This information had taken the Astros, one of the worst teams in baseball, to the top of the American League in just two years. Stealing the Astros Ground Control database is like stealing the recipe for Coca-Cola or the source code for Pied Piper.
So, what happened?
With Major League Baseball now caught up in a data-driven revolution. Data analysts have become key members of the front office. Innovative teams began to win more frequently, putting pressure on the rest of the league to keep pace. The Houston Astros were among the least successful teams in MLB, before the breach. But had a plan. New ownership's executive team brought strategy similar to a company selling off its assets in order to focus on a core competency and rebuild for the future.
The new owner had one simple goal: turn the Astros into the St Louis Cardinals. The first step was hiring the Cardinals’ keeper of the data, Jeff Luhnow, to be their new General Manager. While Luhnow had been wildly successful, many in the Cardinal organization did not buy into his science driven style.
It seems the Cardinals have archives of the master list of passwords that Luhnow used during his stint in St Louis. Luhnow has vehemently denied this. Whether this part of the story is true or not, we do not know yet. What we do know is that a single password can expose a company to data theft—and something as simple as two-factor authentication could have prevented this type of breach.
Any company, be it worth $800 million or $800, relies on its data to function. In a competitive marketplace where rivals offer similar products, proprietary intellectual property can often be the difference between success and failure.
On the baseball diamond, Data Loss Prevention comes in many forms. Pitchers and catchers have their own language to protect their strategy. A base coach has a series of signals that only matter once a specific indicator has been used.
In the Enterprise, things get a bit more complex. With data moving among mobile devices, in the cloud, and staying on-premise, you need to know where it is, who is accessing it, and that it is safely protected from theft or leads. Symantec extends data loss prevention to the cloud and across all of your high-risk data loss channels, so you can discover, monitor and protect your information more completely and effectively.
For more information, check out the Symantec Data Loss Prevention page.
Follow us on Twitter, LinkedIN and Facebook for all the news that’s fit to print on the world of security.