Wednesday, June 24, 2015

Change teams, change signs ... and passwords.

Duh.

This computer thing between the St. Louis Cardinals and the Houston Astros is sort of a player thing but in reverse.

If a player had gone from the Cardinals to the Astros, in future games the Cardinals would use different signs so that their former player would not read them and help his new team to defeat his old.

In the computer "hack" case, non-players went from the Cardinals to the Astros.  They built a computer system similar to the one they had worked on with the Cardinals.  But in this case it was not the former Cardinals people trying to access the data of their former team, at least not as far as we know.  It was some remaining Cardinal people who used ID and password info to access the new Astros system.  Apparently the Cardinal people who left not only took some intellectual property to their new employer but they also took at least one ID/password pair, which was used to access the Astros system.

Actually, it would have been more difficult for it to have worked in reverse.  It would have worked as it has for decades: the old team would change its signs (ID/passwords).  System administrators (sysadmin) for the Cardinals would have purged any old ID/password pairs used by their departed employees.  The Cardinals sysadmins would probably have had all their current people immediately change their passwords and ensure that any previous passwords were not used again.  The Cardinal sysadmins would also have put their system's security on high alert and been looking for a possible breach by their former employees.

So in a strict baseball protocol, was there an ethical violation?  Weren't the Astros negligent?  Didn't they get what they deserved?  The analogy so far may be incomplete.  If baseball signs, say those between the catcher and pitcher, are observed and deciphered by a runner at second base, then it's OK.  But if the observation is made from the center field bleachers using binoculars, then it's not OK.

The Cardinals who accessed the Astros computers, seem to have done so remotely by first accessing the Astros computer network.  That's where the FBI and U.S. Attorney get involved.

F.B.I. Struggles to Pinpoint the Fingers Behind a Hacking
By MICHAEL S. SCHMIDT JUNE 22, 2015 The New York Times


... personnel in the St. Louis Cardinals’ front office ... are accused of breaking into the network that housed the Houston Astros’ closely guarded baseball intelligence ...

Whoever gained access to the Astros’ network tried to take some measures used by experienced hackers to disguise their location. But, law enforcement officials said, the intruders were not adept...

The inability to properly cover tracks proved to be a significant break for the F.B.I... trail of the intrusion directly to the computer that had been used at the residence in Jupiter (Florida)...

... logging in as Jeff Luhnow, the Astros’ general manager, or Sig Mejdal, whose title is director of decision sciences. Both officials joined the Astros from the Cardinals...

Franchises have tried to develop elaborate information-sharing platforms in recent years, but they have increasingly relied on young and inexperienced programmers and analysts, like the ones now under investigation in the Cardinals’ front office.

While paying players exorbitant salaries, teams maintain small budgets for their front offices, often leading to the hiring of analysts and programmers right out of college. Those workers, who are paid significantly less than what they could make at a technology company or a start-up ...

... the analysts and programmers have been given significant leeway in building programs, and until now there has been little pressure to put tight security in place. One team executive said he had not changed his password for his team’s network in three years.

_______________________________

No comments: