D'Amato: Hacking is the new juicing in sports industry

As long as men (and women) have competed in sport, there have been cheaters. According to Greek mythology, Pelops cheated in a chariot race against King Oenomaus. The prize was the king’s daughter, perhaps because the Vince Lombardi Trophy had not yet been invented.

Tampering with chariot wheels begat tampering with the baseball and the bat, which begat tampering with body chemistry, which begat Jose Canseco.

There’s an old saying that if you ain’t cheating, you ain’t trying. Hence we have over-aged Little Leaguers, under-aged gymnasts, Deflategate, Ben Johnson and Lance Armstrong.

In team sports, the new frontier in cheating has nothing to do with PEDs and everything to do with the computer sitting on the general manager’s desk.

Hacking is to a team’s database what juicing is to a player’s power base.

“Think about the unbelievable data (teams) have and the confidential data they have,” said Adam Levin, the chairman and founder of CyberScout and author of the best-selling book Swiped. “A lot of organizations are very focused on physical security but you never know how focused they are on cybersecurity.”

On Jan. 30, baseball Commissioner Rob Manfred ordered the St. Louis Cardinals to forfeit their top two picks in this year’s amateur draft and pay the Houston Astros $2 million as compensation for hacking the Astros’ email system and scouting database.

Manfred also banned former Cardinals scouting executive Chris Correa for life. Correa reportedly had accessed the Astros’ internal database some 50 times over 2½ years, illegally providing the Cardinals with competitive advantages.

Correa was no computer genius. Any seventh-grader could have done what he did.

“He knew a password of one of the fellows who left (the Astros),” Levin said. “He said, ‘Let me try this password and see if it works.’ And bingo, he was in.”

Levin called the case a wake-up call for the sports industry and equated it with the hacking of Target in retail and the hacking of the U.S. Office of Personnel Management in government.

“Industrial espionage, sports espionage, getting a leg up on the other guy, is as old as the beginning of time,” he said. “No doubt it’s going on. This is just a case where someone got caught. I have no doubt it’s happening elsewhere.”

Given the volume of information teams have stored on computers – everything from analytics and scouting reports to consumer information provided by their ticket-holders – cybersecurity should be a top priority, Levin said.

The Milwaukee Brewers declined an interview request about the steps they take to safeguard their intellectual property. A spokesman said general manager David Stearns didn’t feel comfortable talking about it, which is understandable.

“As an attacker you’ve only got to find one point of vulnerability,” Levin said. “It doesn’t matter how secure any system is, all you need is one mistake.”

He said organizations should encrypt their data, be vigilant about employee awareness training and demand two-factor authentication.

And then cross their fingers that hackers don’t find a way in.

“The environment is that breaches have become the third certainty in life, behind death and taxes,” Levin said. “You have to assume that if you have data that’s valuable to you, someone else wants it. To a hacker, everyone is Kim Kardashian.”

Even the Class A relief pitcher or the third-string defensive tackle.

Contact Gary D'Amato at gdamato@journalsentinel.com or on Twitter @garydamatogolf