Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

6/18/2015
05:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Houston Astros' Breach A 'Wake-Up Call' On Industrial Cyber Espionage

The St. Louis Cardinals' alleged breach of the Astros' proprietary database raises concern over the possibility of US companies hacking their rivals for intel.

Cyber espionage traditionally has been the domain of nation-states spying for intelligence-gathering and stealing intellectual property, but the recent cyber-theft of information from the Houston Astros baseball team's proprietary scouting and team information database sheds light on the prospect of business-on-business cyberspying.

The breach of the Astros' database allegedly by members of the St. Louis Cardinals organization was a rare case, exposing one organization cyberspying on another; security experts say it's the first such attack in the sports world that has come to light. But competitive intelligence-gathering and spying -- whether it's casual conversations with a competitor, shoulder-surfing, deciphering a team manager's signals in mid-game, or even extreme cases like bugging conference rooms -- long have been a real threat and concern among corporations and sports organizations, experts say.

It should come as no surprise that industrial cyber espionage would become a nefarious option for companies outside the nation-state realm to keep tabs on, or to gain a competitive advantage over, rivals in their industry, security experts say.

"The recent focus on anything cyber espionage-related fingers overseas [threats] and foreign group attacks against the US" and others, says Nick Pelletier, senior consultant with incident response firm Mandiant, a FireEye company. "There's not a lot of discussion on things such as someone in the US hitting someone else in the US" to date.

"This is a wake-up call," he says of the Astros' breach.

Cases of one business spying on another in the US are unusual, and nowhere near the threat or pervasiveness of nation-state cyberspying. Mandiant's Pelletier says he hasn't seen any cases of business-on-business cyber espionage as yet, but it's something the firm is tracking.

"It's something we've been sort of keeping our eye on," he says. The most common form of industrial espionage to date, he says, is a "physical" attack, whether it's bribery or an insider leaking information for profit or other reasons. Most organizations don't have the ability to pull off an actual cyberattack, anyway, he says, so old-school espionage is a more common tack.

Former FBI cyber special agent and supervisory special agent Andre McGregor says the agency has seen industrial cyber espionage cases from time to time, some of which have involved a business using nefarious hacker-for-hire services to do their dirty work. "These have been more one-off intrusions rather than the norm," accounting for a small percentage of all cyber espionage, he says.

The FBI and other law enforcement agencies have been investigating and watching hacker-for-hire operations for years now, says McGregor, who recently joined Tanium as a director of cybersecurity. These are typically nation-state hackers who "moonlight" as cyber-mercenaries, he says.

As for the Astros' breach, McGregor says,"Traditional corporate espionage has now entered cyberspace."

Meanwhile, initial reports that the breach occurred via a list of reused passwords by Astros general manager Jeff Luhnow, who worked for the Cardinals organization from 2003 until 2011 when he took the job with Houston, were shot down today, as Luhnow told Sports Illustrated that he did not use the same passwords he had used while with St. Louis. The breach itself was first discovered and publicized in June of 2014 when some data was posted online on Anonbin; this week was the first time the Cardinals organization had been publicly implicated in the FBI investigation.

Cardinals officials reportedly may have been worried that Luhnow had taken their team's proprietary information with him to the Astros, an allegation Luhnow also dismissed in his interview with SI.

Adam Meyers, vice president of intelligence at CrowdStrike, says business-on-business cyber spying is rare and definitely not at the same level of sophistication as a nation-state attack would be. "Breaking and entering" is a better way to describe the alleged attack on the Astros' database, he says. "They [reportedly] got access to information they weren't authorized to have," he says.

"Industrial espionage [itself] is a thing," Meyers says. "Businesses have sweeps of boardrooms before big meetings," for example, he points out.

What the Astros' breach illustrates is that the business side of sports organizations and all enterprises need to take cybersecurity threats more seriously, he says. "Information security isn't a computer nerd problem anymore. It's a business problem and needs to be treated as such," Meyers says. "If you are only relying on computer nerds to defend against these kinds of things," your business is at risk of attack, he says.

"You need to know from a business perspective how things are going to impact you," he says.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Mohan Koo
100%
0%
Mohan Koo,
User Rank: Author
9/9/2015 | 1:56:14 PM
Sports Security Must Be Up to Snuff in the Digital Age
Cybersecurity tools and measures that are regularly implemented to protect sensitive IP in the technology and automotive industries could have easily alerted St. Louis that potential theft was taking place when its staffers left to join Houston and this could have been averted.

Rather, we have a case of spiteful employees angry at an ex-boss and looking to exact revenge. This shows that malice and a little bit of tech-savviness can damage an entire organization's competitive edge through a single intrusion into a rival team's network. 
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.