Opinion: #CyberDeflategate and the beginning of sports hacking

It was only a matter of time before American sports added hacking to its tricks for gaining the upper hand. But unlike other cheating scandals that have led to suspensions and fines, computer crimes can lead to prison time.

Security

Even the most successful American sports franchises can’t resist the urge to cheat.

To catch up readers who may have been sleeping or are European: Over the winter, the New England Patriots were caught apparently tampering with the air pressure in footballs to suit bad weather and the arm of their superlative quarterback Tom Brady. The National Football League investigated #Deflategate – one of those nouns best preceded by a Twitter hashtag – and judged that Mr. Brady probably knew about the meddling, despite his fervent denials.

Now, one of the top teams in baseball is accused of something far worse. According to a recent New York Times story, officials from the St. Louis Cardinals hacked into the Houston Astros' computers. The goal was apparently to swipe secrets about players and prospects. The breach gave hackers access to information about trades, statistics, and scouting reports. For a rival team, it was a goldmine – the baseball equivalent of the Coke formula or KFC's secret recipe.

While this kind of cheating might be new to sports, we all know that professional athletics are rife with rule-bending, risk-taking, and, well, unsportsmanlike behavior. In baseball, for instance, pitchers will beam hitters with 100 m.p.h. balls as retribution for some perceived sin. Players are always trying to sneak something by the referees. And then there's the much darker side of cheating in taking performance-enhancing drugs. 

So, with the rise of hacking and computing mischief in general, it should be no surprise that sports cheating would eventually involve hacking. 

But here's the thing about hacking: It can seem easy to perform and easy to get away with because most organizations have lousy security, but even the best – think National Security Agency or notorious hacker Kevin Mitnick – get caught. And when you get caught trying to cheat in sports by breaking into computer networks, the culprits aren't just facing suspension or a fine, they're facing jail time.

While Brady will sit out some games and the Patriots will fork over $1 million due to Deflategate, the Cardinals have to deal with the special agents of the FBI. Cheat using underinflated footballs, face a fine and suspension; cheat using performance-enhancing drugs and get suspended and stripped of your Tour de France wins; cheat by hacking and face felony charges under Title 18 of the US criminal code.

Much like the federal government database maintained by the Office of Personnel Management, the Astros database represents an operational bounty. While the Times story did not reveal the target of the investigation, it's unlikely that players were involved in any hacking that may have taken place. The debate will now ferment over whether this was just rogue employees or what senior management knew and when.

Regardless of who gets prosecuted or potentially serves time, this is probably just the beginning of a dangerous new phase of cheating in professional sports. 

Just think about the spoils. If Spanish tennis star Rafael Nadal uses a Fitbit in practice, imagine how many other tennis pros might be interested in getting their hands on the data, just for an extra tiny edge?

We can’t hope that the Cardinals hacking story will be the last such cybersecurity cheating scandal. We can only hope we have a better name for it. Until then … #CyberDeflategate.

Jason Healey (@Jason_Healey) is Senior Research Scholar for cyber policy at Columbia University’s School for International and Public Affairs and Senior Fellow for cyber statecraft at the Atlantic Council.