Catapult Sports (cfb practice software being restricted by Michigan and bama) under NCAA investigation
Per Catapult:
“We are aware of the ongoing investigation of the alleged unauthorized access to NCAA football video footage. We have conducted an internal investigation and have not found any security breach in our systems. We have shared this with local authorities that are conducting an investigation. We will continue to support the ongoing investigation with the NCAA and local authorities. At Catapult, we hold ourselves to the highest of standards and safeguarding customer information is of utmost importance to us.”
this was the software the “stalbombs” Twitter handle was claiming osu exploited to spy on Penn state, Maryland and others
December 29th, 2023 at 6:44 PM ^
My experience with tech startups has led me to believe that, while what you say re: multifactor authentication is certainly best practice, it's not a safe assumption
Unless there’s some regulatory requirement with actual enforcement mechanisms forcing it, companies typically view security and privacy as cost sinks and they get neglected. So unless you’re operating in finance or government or healthcare or some other regulated space… yeah, I wouldn’t be all that surprised if they still had a shared admin account using default credentials to manage such a server
December 29th, 2023 at 6:56 PM ^
Yes, the finance industry. We have and store customer financial and personal data including SS#, email, location etc.
As secretive as football coaches and administrators are I'm surprised anyone would agree to use the software without feeling reasonably certain it was actually secure.
December 29th, 2023 at 7:31 PM ^
Yes, but these cloud software vendors tend to be pretty cagey about disclosing technical details related to potential vulnerabilities. The customers probably get some boilerplate about how great their security is and if their diligence is aboverage, maybe they can get a SOC 2 audit report or something along those lines from the vendor.
December 29th, 2023 at 5:08 PM ^
Legally speaking it's probably the same thing, unuathorized access to confidential information.
It is materially no different to customers of, say, a bank, if their bank information is obtained by unauthorized parties by an insider feeding the information instead of a hacker breaking into the system.
December 29th, 2023 at 5:52 PM ^
Agreed. This statement just means no external hacker was found to have breached their systems.
Does not rebut that an insider may have granted access to certain tapes/files to an individual that shouldn’t have had it. That would be a breach of contract but wouldn’t relate to a cyber breach.
the OSU insiders at the company and the earlier smoke, it’s not hard to jump to the conclusion that some presumably Michigan-related videos were passed along to OSU
December 29th, 2023 at 9:49 PM ^
Since the original allegations involved PSU videos going to OSU, I'm going to assume that's what we're talking about until there's some indication otherwise. If we had reason to think our own videos were leaked we would have said that, instead of talking about somebody else's stuff.
December 29th, 2023 at 6:39 PM ^
That absolutely is a data breach, if true
December 29th, 2023 at 5:11 PM ^
Correct. This:
We have conducted an internal investigation and have not found any security breach in our systems.
is a meaningless statement
December 29th, 2023 at 6:14 PM ^
Yeah, having worked in software development and IT at companies with very sensitive data I have my doubts about the veracity of that statement. People wouldn't be looking into illegal data access if their hadn't been some purported form of unauthorized access, and my guess is this is a very narrow, semantic use of the term "breach" here mostly as damage control.
December 29th, 2023 at 4:59 PM ^
Time for everyone to care about this story again. Go ahead and give our boys a fresh dose of motivation and watch them make you pay!
December 29th, 2023 at 5:01 PM ^
There's definitely a market opportunity in this space for truly enterprise-grade software.
December 29th, 2023 at 5:30 PM ^
A lot of (most?) enterprises could use "truly enterprise-grade software." But they don't.
December 29th, 2023 at 5:53 PM ^
“Enterprise-grade” is marketingspeak for “over-engineered, expensive, and probably not all it’s cracked-up to be.”
December 29th, 2023 at 6:31 PM ^
If anything Catapult seems *under* engineered.
December 29th, 2023 at 5:01 PM ^
Beat Bama.
December 29th, 2023 at 5:05 PM ^
Sadly, the "highest standards" these days are pitifully low.
December 29th, 2023 at 5:06 PM ^
Wow.
This explains why both Bama and Michigan have restricted their players from using iPads. I thought it was a catty shot at the Stallions thing, but apparently not.
Unauthorized capture of practice footage by opponents *is* a big deal (Stallions is alleged to be getting information that is literally publicly shown to 50-100,000 people, not at all the same thing) and is, frankly, a much bigger controversy than what is alleged by us. Now, if *Michigan* is the guilty party, that is indeed serious and a gut punch. But if it's someone else, I would expect and demand a proportionately larger media scandal, and any failure to do so would expose the Stallions thing as an issue of hype rather than substance.
Much like the lack of interest in Nick Saban having contact with Domani Jackson during a recruiting dead period while Harbaugh has been suspended multiple games for a hamburger.
Edit: FWIW, nothing has yet been found, and based on the quote in the OP, for all we know *all* of this could just be something done in response to the type of allegations found in the stalbombs stuff. Which is to say, suggestions without any actual fact. But who knows.
December 29th, 2023 at 5:14 PM ^
It appears that "Stalbombs" did in fact have SOME good info. Where this will lead? Who knows, money can fix near any problem.
December 29th, 2023 at 5:20 PM ^
If a single further link to stalbombs stuff can be found, those posts take on a whole new level of credibility and people are kind of forced to take them seriously.
*If*.
December 30th, 2023 at 10:18 PM ^
That's always how I thought this would go down; it's probably what was intended. The point of stalbombs was/is to get some journalists interested in stuff that Michigan was convinced of but couldn't prove. It only takes one of those to pan out for people to start digging at the others, and this was always the most likely to break first. Catapult is motivated. They've got a worldwide analytics business that could collapse under them if they let things go.
December 29th, 2023 at 6:15 PM ^
"SOME good info?" How is this good information when it's not verifiable by credible sources?
Similar to Day's potential involvement in PI hiring, Stal Bombs took a life of its own when Isiah Hole gave credence to it but of course, he couldn't reveal his sources He even mentioned that several big media outlets are working on the story. And that lasted about a week, then went silent and now in hibernation. Since then, Stal Bombs posted exactly ZERO tweet and Hole hasn't given any update, not a thing.
Where this will lead? Nowhere. Don't expect these bombs to ever detonate.
December 29th, 2023 at 6:25 PM ^
Dan Wetzel is a reputable source. Catapult itself admitted NCAA and police are investigating this.
December 29th, 2023 at 5:10 PM ^
They should just change their name to NCsAbAn and get it over with.
December 29th, 2023 at 5:22 PM ^
I'm sure this is Michigan's fault.
December 29th, 2023 at 7:02 PM ^
Amazing to me this wasn't in the news given what UM was supposed to have done. Guess it's a nothing burger if we aren't the bad guys.
December 29th, 2023 at 5:25 PM ^
Wow, OSU may actually be cooked
December 29th, 2023 at 5:42 PM ^
December 29th, 2023 at 7:28 PM ^
If the allegations are true, this would make what Stalions did look like nothing
December 29th, 2023 at 6:15 PM ^
The media can't wait to blame Michigan or the Russians.
December 29th, 2023 at 7:37 PM ^
How does one even compare these two?
December 29th, 2023 at 7:55 PM ^
It was jokey..like, if something gets hacked or spied it must be UM or Russia...but I'm no jokey the joke man, I guess...I'm on my way out
December 29th, 2023 at 7:56 PM ^
You're fine. I got it. It was pretty obvious.
December 29th, 2023 at 6:24 PM ^
How credible is Scott Bingsburg or Deadspin? Bingsburg X'd that sources tell Deadspin the investigation center around Ohio State
December 29th, 2023 at 6:25 PM ^
Obligatory.......IT'S HAPPENING!!!
December 29th, 2023 at 6:41 PM ^
Good enough for me.
December 29th, 2023 at 6:56 PM ^
That’s a parody account, just block him.
December 29th, 2023 at 7:04 PM ^
But there's "sources", thats all a person needs, real or fake.
December 29th, 2023 at 6:27 PM ^
This is still one of the headlines still on the ESPN NCAAF home page:
"Tide take precautions in wake of Michigan sign-stealing scandal"
Yet this has nothing to do with Michigan.
December 29th, 2023 at 6:45 PM ^
I'm surprised the B1G has yet to suspend Harbaugh for 3 games over this. There's still time before Monday's game.
December 29th, 2023 at 6:46 PM ^
ESPN is just trying to solidify their following - after all, they’ll be broadcasting the SEC next year.
They may not demonstrate knowledge about football - but, that Disney marketing machine knows a thing or two about keeping potential customers / visitors interested.
December 29th, 2023 at 7:49 PM ^
Update: I don't see it anymore.
Even ESPN can't pull this charade off, and has given it up.
December 29th, 2023 at 7:55 PM ^
And now the top (as in newest) story is this story.
December 29th, 2023 at 7:59 PM ^
It's not on their front page but it's sill on their interwebs site.
Where is the updated one with the extra context? Yeah, that one doesn't exist.
Edit: Oops, yes it does.
December 29th, 2023 at 6:43 PM ^
So, did a Catapult authorized individual enable certain individuals to review / acquire material which was the property of other entities?
Could there be any accuracy to a rumor that a certain school in Columbus actually received access to - or the media - of other teams?
December 29th, 2023 at 6:56 PM ^
Has anyone sent this to Ben Axelrod or Matt Finkes?
December 29th, 2023 at 7:02 PM ^
Alabama media is very confused about the whole thing and is trying desperately to make sense of it. It's pretty funny, actually. They're calling UM police and FBI's Detroit office seeking comment, and they're trying to connect it to Weiss (of course).
I don't think the Alabama media is being devious, here. I think they're legitimately confused. From their perspective:
- Michigan is under investigation for stealing signs.
- Helow was hired.
- Bama said "We don't use iPads now because of stuff Michigan is known for" (paraphrasing their player).
- Catapult security is part of an NCAA investigation.
They do mention that Wetzel said UM is not at the center of the Catapult investigation and also that Michigan stopped using Catapult out of precaution two months ago. Those two items would seem to suggest that Michigan is not abusing Catapult but rather has been a victim of it. Yet, Alabama is suddenly concerned themselves just ahead of the Michigan game. Why?
My theory is that as Alabama researched Michigan, they came across this rumor about OSU getting info from Catapult and that Michigan knew about it. Maybe they learned this from Helow, but I doubt it, because Helow was gone before this was a known issue.
Unsure of what or how this happened, they decided that if Michigan knew Catapult could be exploited, they thought Michigan might be willing to exploit it. It's no big deal (as both UM and Bama have now said) to just watch all the film at team facilities, so, better safe than sorry.
December 29th, 2023 at 9:20 PM ^
As someone who is en route to watch the Rose Bowl at BFF’s (a Bama alum), thanks for the heads up as to what I will be walking into tomorrow morning
December 29th, 2023 at 7:11 PM ^
Can’t wait to hear about Michigan somehow being responsible for this and Michigan should just forfeit the Rose Bowl.
You know, for player safety and the sanctity of the game…..
December 29th, 2023 at 7:45 PM ^
As mentioned in threads earlier this season, I work in the TV biz. Just so happens one of my best friends from college worked at Catapult until being laid off earlier this year due to cuts (and believe me, he’s not crying over it but I’ll leave it at that), so of course I had to ping him on this. His dept was responsible for recording games for multiple sporting events and cutting up game tape for teams and conferences (could be a whole game or a clip for social media for example). He said depending how tape is labeled could be an issue. For example, if Michigan requested something and it was labeled Michigan, only they would have access to it. However, if whoever was cutting the tape labeled it Big Ten by mistake, then any team in the conference would have access to it. Or if the conference requested something and it gets labeled under the conference, then any team could see it. Not saying that’s what happened but that’s the one thing he could think of that could have been an issue from his experience there. I’ve seen mentions of practice film being a potential issue but his dept didn’t deal with that so he doesn’t know about any of that.
December 30th, 2023 at 1:01 AM ^
Catapult sounds like a clown show. How is it even still in business if they can’t even get the simple things like labeling correct?!?