FBI to 'aggressively' probe St Louis Cardinals in baseball 'hack' storm
Who had the passwords to Houston Astros' database?
The St Louis Cardinals – the perennial good guys of pro baseball – are being investigated by the FBI after someone allegedly gatecrashed computer systems belonging to the Cardinals' former rivals, the Houston Astros.
Office staff at the Cardinals may have gained unauthorized access to the Astros' internal databases using nothing more than a guessed password, it is claimed.
"The St Louis Cardinals are aware of the investigation into the security breach of the Houston Astros' database," the Cardinals said in a statement today.
"The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further."
The investigation comes ten months after confidential material from the Astros' player database was leaked online. The documents contained detailed notes about player transfers and negotiations.
That compromise alerted the sport's governing body, Major League Baseball, which called in the FBI. The agents soon traced connections to Astros' internal systems back to a home shared by some Cardinals staff, it is claimed.
Anonymous federal agents told The New York Times that the top suspects are members of the Cardinals office staff, who had apparently reacted badly to the elopement of a key team member to the Astros: in December 2011, Jeff Luhnow left the Cardinals to join then-rivals the Astros as general manager. Luhnow also took some IT staff with him.
While at the Cardinals, Luhnow developed a big-data repository, dubbed Redbird, containing training and playing stats, medical records, and development schedules on all players. The system allowed bosses to identify problems with players early on, and try out different training and playbook strategies.
When Luhnow moved to the Astros, he built a similar system, called Ground Control, and it was reportedly a big success. But the Feds believe that new system worried some staff at the Cardinals, and they allegedly used one of the oldest tricks in the book to gain access: guessed passwords.
The FBI is working on the theory that some Cardinals staff found a list of the passwords that had been used by Luhnow and the other former staff on Redbird, and tried them on the Astros' Ground Control system until one of them worked.
"The FBI aggressively investigates all potential threats to public and private sector systems," an FBI spokeswoman told The Register. "Once our investigations are complete, we pursue all appropriate avenues to hold accountable those who pose a threat in cyberspace."
MLB statement regarding investigation into last year’s security breach involving Astros: pic.twitter.com/eGgrfLYDon— MLB (@MLB) June 16, 2015
It's unclear what action MLB will take against the Cardinals if they are found guilty of any wrongdoing. Given the MLB's lackluster crackdown on the steroid scandal in the sport, don't expect too much in terms of punitive action – but the Feds may not be so forgiving. ®