One of my college buddies (Hi Christian!) shared my previous post on Facebook, pointing out that I’m a long-suffering Royals fan in Cardinals country, and adding that what I said was balanced and dispassionate.
I’m normally anything but dispassionate. But in this case, it’s not a baseball matter–it’s a business matter, and neither my employer nor any past employer is involved, so it’s easy to be detached and dispassionate. I guess you can say my take on hacking has changed. I was going to say “evolved,” but “changed” is more dispassionate.
The now-infamous breached Houston Astros database sounds like a classic case of what security professionals call Shadow IT: a project that the business needs, done without adequate involvement from security and, most likely, from the IT department as well.
These kinds of things happen a lot. A go-getter implements it, cutting through red tape to get a useful project done in record time, and it’s great until something goes wrong.
In this case, “wrong” meant a competitor got into the database and stole trade secrets.
So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.
It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.