The St. Louis Cardinals are being investigated for hacking into an internal Houston Astros computer system to obtain player personnel information, the New York Times reports.
The FBI’s Houston office and prosecutors from the Justice Department are leading the investigation. Law enforcement sources told the Times that evidence has been found that Cardinals officials broke into the specially designed system. The sources did not reveal which Cardinals employees are under investigation or whether high-ranking team officials were aware of the hacking or authorized it.
Here’s what you need to know:
1. The System Was Created by Former Cardinals Executive & Current Astros GM Jeffrey Luhnow
The investigation is into the hack of the Houston Astros internal computer system, which is called Ground Control, according to the Times report.
The Houston Chronicle said in a 2014 article about the database, “Contract information, scouting reports, statistics common and proprietary – the Astros have centralized most every piece of useful baseball information at one password-protected web address.”
The system was put in place after the Astros hired former St. Louis Cardinals executive Jeffrey Luhnow to be their general manager after the 2011 season. Luhnow was a “successful and polarizing” figure in the Cardinals front office, implementing “Moneyball”-style scouting and player development systems. The Times reports that the hacking may have been done by “vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow.”
The Ground Control system was called a “project unlike anything baseball has seen before,” by Bloomberg Business.
Luhnow told the Houston Chronicle about how the database was built from 2012 to 2013:
The analytical engine is separate from the interface, so there was a lot of work going on developing the database and developing the interface. The database you have to build right away, because you can’t analyze without having the data in the right format. The priorities were the database first, then the analytical engine, and the interface was a third priority.
We had a very bare-bones interface for a while. After the draft, the next critical milestone was the trade deadline, because we knew we were going to be trading players and we knew we wanted to have all our information organized in a way that would help.
The Cardinals had a similar system called “Red Bird Dog,” according to the Chronicle article.
St. Louis has been one of the best teams in baseball since 2000, making the playoffs 11 times over that span and winning the World Series twice. Until 2013, the Cardinals and Astros both played in the National League’s Central Division. Houston moved to the American League West that year. Luhnow has helped turn around the Houston franchise since he was hired, and the Astros currently sit in first place in their division. The Cardinals, meanwhile, have the best record in baseball so far this year.
2. Documents From the Astros’ Computer System Were Posted Online Last Year
The sports website Deadspin reported last June that several documents from the Ground Control system had been posted online anonymously to the website Anonbin, where users can post hacked or leaked information.
The documents included 10 months of internal trade talk.
The Astros released a statement after the Deadspin article brought attention to the leak:
Last month, we were made aware that proprietary information held on Astros’ servers and in Astros’ applications had been illegally obtained. Upon learning of the security breach, we immediately notified MLB security who, in turn, notified the FBI. Since that time, we have been working closely with MLB security and the FBI to the[sic] determine the party, or parties, responsible. This information was illegally obtained and published, and we intend to prosecute those involved to the fullest extent.
It is unfortunate and extremely disappointing that an outside source has illegally obtained confidential information. While it does appear that some of the content released was based on trade conversations, a portion of the material was embellished or completely fabricated.
3. Subpoenas Have Been Served to the Cardinals & the MLB for Electronic Correspondence
According to the Times report, the Justice Department has subpoenaed the MLB and the St. Louis Cardinals for electronic correspondence.
“Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database,” the MLB said in a statement. “Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and will make decisions promptly.”
The Cardinals and Astros both said in statements that they are cooperating with the federal investigation and can’t comment any further.
4. The Cardinals May Have Used a Master List of Luhnow’s Old Passwords to Gain Access to the System
The Cardinals officials may have been able to access the Astros database by using passwords found on a master list left behind by Luhnow, the Times reports.
“Professional sports teams like the Astros hold closely guarded information on players and personnel and having those files stolen because of poor password security is pretty embarrassing,” said iboss Cybersecurity CEO Paul Martini in an email. “This alleged hack was not very sophisticated, relying simply on stolen passwords, and this all could have been prevented by monitoring for suspicious data movements when hackers are in the process of stealing information. Whether it’s a state-sponsored hacker from China or a rival team hijacking data, corporate cyber espionage is a real threat that all businesses face and monitoring for hacks in progress could stop these breaches in their tracks.”
5. Evidence Showed the Network Was Accessed From a Home Where Some Cardinals Officials Had Lived
According to the Times, the unauthorized access to the Astros database was traced to a home where some St. Louis Cardinals officials had lived.