Major League Baseball was rocked Tuesday by a New York Times report that the FBI is investigating the St. Louis Cardinals for hacking the networks of the Houston Astros. This marks the first-known case of one major sports team hacking another.
Law enforcement officials believe the hacking centers around former Cardinals executive and current Astros general manager, Jeff Luhnow. Investigators suspect the Cardinals' front office members got a hold of Luhnow's master list of passwords to gain access to the Astros' network.
Although details of the investigation are still emerging, Tech Times reached out to Atif Ghauri, chief technology officer and cyber security expert of the Herjavec Group (which was founded by Shark Tank investor Robert Herjavec), to get his opinion on this landmark sports case.
Ghauri isn't surprised that hacking has hit the sports world. From the brief details available thus far, he thinks the Astros could have actually prevented the Cardinals from infiltrating their networks. How? Well, it all comes down to the strength of their passwords.
"There's very simple things that can be done to prevent this type of attack," explained Ghauri, who has worked in cyber security for 15 years. "What's happening here in our industry is called a dormant account or a password reuse, [which] are the terms that we use. Most users, they use the same passwords. With security, you can buy the most sophisticated controls and you can add as many layers as you want, but it's only as good as your weakest link. And in this case and many other cases, the weakest link is often the password."
Ghauri said the Astros could have probably prevented being hacked had they changed their passwords every 90 days and bolstered the strength of their passwords by utilizing characters and numbers. They would also have been aided by the implementation of a password lockout, which would have denied access to their database after three failed attempts to log in.
He said the big mistake that corporations often make is using a "'hard on the outside, soft in the middle' model for security." Ghauri added that just because this is the first pubicly known hacking case involving major sports teams doesn't mean that it hasn't gone undetected in other sports before.
"We can presume that they've been going on and other teams are essentially doing inside attacks within the sports world," he said. "Internally, they were soft in the middle and they didn't have controls in play. As far as what the impacts are of being reported, the public is now getting more understanding. It's not surprising that it took this long to come out [in sports], but it's been happening and it's happening right now and it's not being reported."
The FBI's investigation into the Cardinals' hacking is expected to conclude soon.