FBI looks at Cardinals in Astros’ data breach

ballThe New York Times has reported that the FBI are investigating the St. Louis Cardinals baseball team for gaining unauthorized access to the computer of rivals Houston Astros in an attempt to steal information about players, scouting reports, medical information, and other proprietary player evaluations.

2006 and 2011 World Series champions, the Cardinals’ mid-to-low-level staff are at the center of the investigation, which leads back to 2013. Information on the Astros’ potential trades was released anonymously online last year, prompting Major League Baseball to ask the FBI to investigate.

“Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database,” MLB said in a statement.

“Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and will make decisions promptly.”

Jeff Luhnow

Information on the investigation is scarce, but the Wall Street Journal reports that “Investigators suspect Ground Control was targeted because the Astros’ general manager, Jeff Luhnow, worked for the Cardinals before leaving for Houston following the 2011 season, law-enforcement officials said.”

The Cardinals released a statement saying that they “are aware of the investigation into the security breach of the Houston Astros’ database,” and that “The team has fully cooperated with the investigation and will continue to do so.”

The Astros’ breach marks the first known instance that workers at a major professional US sports team were suspected of swiping another team’s computer data.

Low-tech affair

The Wall Street Journal reports : “The incident as described by people familiar with the investigation is a low-tech, or even no-tech affair. Because one or more Astros employees allegedly used the same password or another similar to one used during their time with the Cardinals, someone else apparently was able to correctly guess the password on the new database, the person said.”

Now it’s clear why I’ve not used the term “hacking” in this article but instead “unauthorized access”.