Get the DealBook newsletter to make sense of major business and policy headlines — and the power-brokers who shape them.
Sport’s best-kept secrets — confidential information about game-day strategies and player performance and critical insights into competitors — are closely guarded for good reason. The information could help teams as well as those betting on the games gain an edge.
The Supreme Court’s ruling in Murphy v. National Collegiate Athletic Association underscores the value of such information. In a 6-to-3 ruling this spring, the court opened the door to the lucrative business of legalized sports wagering in the United States. The justices struck down a law, the Professional and Amateur Sports Protection Act, that barred states from allowing sports gambling. States can now choose whether to pass laws to legalize gambling, and several states are already taking steps to do so.
Sports teams, leagues and casinos are all looking to cash in on legalized sports betting. Yet the biggest winner might be hackers. And it won’t take long for them to seize upon the opportunity.
Hackers follow the money, and there is lots of it at stake. Although precise data on illegal sports betting in the United States is hard to come by, it’s estimated to be $150 billion to $400 billion yearly. With so much money on the line, everyone will be looking for an edge. Inside information about teams and their players will become more valuable. And that’s an opportunity for sophisticated cybercriminals, who will inevitably seek to hack into confidential sports information and use it to their advantage in placing legal sports bets. It is where cybercrime will no doubt meet insider trading in sports.
The competitive value of data analytics gained traction in professional sports in 2002. The Oakland Athletics baseball team didn’t have the bankroll of other major league teams, and its general manager, Billy Beane, needed to figure out a way to build a competitive team on a low budget. Mr. Beane turned to statistics to uncover inefficiencies in the way teams valued players.
It worked. The A’s made the playoffs the next two years. Since then (and in part due to Michael Lewis’s book “Moneyball”), teams across sports have used sophisticated analytics to gain an edge.
For a sophisticated hacker or an organized crime syndicate, this presents limitless criminal opportunities. Hack into nonpublic sports information, gain an edge and place your bet. The motive can be making a profit, laundering money or, even more nefarious, using confidential player information for extortion.
When we think about traditional insider trading — even in our interconnected digital world — we think of rogue stock traders. Today, hackers combine the high-tech sophistication of cybercrime with old-fashioned insider trading. Three years ago, law enforcement authorities indicted stock traders in New York and New Jersey who had been engaged in a multiyear scheme that included hacking into companies like PR Newswire and Business Wire to mine press releases with information about earnings or mergers and trade on the information before it was publicly released. The hackers and traders netted more than $100 million in illegal profits.
Such hacking to gain an edge has already hit sports. In 2015, the St. Louis Cardinals’ scouting director, Chris Correa, hacked into the Houston Astros’ database looking for competitive intelligence, including player evaluations. He mined the database for more than two years without detection, using the information to the Cardinals’ advantage. Mr. Correa was later sentenced to 46 months in prison for corporate espionage.
Sports teams generate reams of sensitive information relating to players’ salaries, contract negotiations, proposed player swaps, and even injury and other health information, all of which can be used to gain an edge in wagering.
And it’s not just the teams that generate information that can be exploited by a hacker. Wearable technology, for example, has become standard in both professional and college sports. It tracks everything from player physiology and heart-rate data to sleep patterns. A hacker could easily exploit the fact that a star running back has suffered from a bout of insomnia and may not be at his best for game day.
While stakeholders are scurrying to grab a piece of the gaming pie, they can’t afford to lose sight of the cyber risks to the integrity of the games themselves. Even before the court ruling, there were risks, but now those risks are exponentially greater. By putting heightened cybersecurity safeguards into place now to protect confidential sports information, legal wagering doesn’t have to unleash hackers.
Craig A. Newman is a partner and chair of the privacy practice at Patterson Belknap Webb & Tyler, a New York law firm.