Cardinals accused of hacking the Astros’ player database
Published 8:14 am Thursday, June 18, 2015
ST. LOUIS — Some cybersecurity experts believe professional sports teams have hacked rivals in the past without getting caught.
The St. Louis Cardinals, one of the crown jewel franchises in baseball, now stand accused.
Federal law enforcement authorities are investigating whether the Cardinals illegally accessed a computer database of the Houston Astros. The aim was obtaining information from a front office headed by a former top aide who helped transform St. Louis’ scouting operation to a sabermetrics-based system, a person familiar with the situation told The Associated Press on Tuesday.
The person spoke on condition of anonymity because Major League Baseball, law enforcement officials and the two teams were not disclosing details of the investigation. The New York Times first reported that the FBI and Justice Department were investigating whether Cardinals front-office officials were behind the effort to steal information from the Astros’ database, called Ground Control.
“It would be irresponsible to assume that this is the first time an incident like this has occurred — more likely, it’s just the first time it’s been uncovered,” said Craig Newman, chairman of the privacy and data security practice of the New York law firm Patterson Belknap Webb & Tyler.
Alexander Southwell, a former assistant U.S. attorney for the Southern District of New York and now a privacy and cybersecurity expert for the law firm Gibson Dunn, said that if the allegation is true, the employee or employees responsible will likely face federal prison time — perhaps up to five years.
“Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Houston Astros’ baseball operations database,” MLB said in a statement. “Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and will make decisions promptly.”
Commissioner Rob Manfred said subpoenas have been issued, but did not provide details.
“There are legal problems associated with federal law enforcement officials seeking cooperation from private individuals,” Manfred said. “If the federal government wants information from us they would subpoena information and that’s what they’ve done.”
Southwell said the most likely charge would involve violation of the federal Computer Fraud and Abuse Act. The Cardinals would be unlikely to face criminal charges unless it could be proven that the team, and not an employee or group of employees, was behind the act, Southwell said.
“The entity can’t be held responsible for the acts of rogue employees,” he said.
The FBI office in Houston released a statement that neither confirmed nor denied the investigation, but added, “The FBI aggressively investigates all potential threats to public and private sector systems.
“Once our investigations are complete, we pursue all appropriate avenues to hold accountable those who pose a threat in cyberspace.”
Messages seeking comment from FBI offices in Washington and St. Louis were not returned. The U.S. attorney in St. Louis, Richard Callahan, said he was unaware of the investigation.
St. Louis manager Mike Matheny said he was logging workout results on his laptop when he was informed of the investigation Tuesday morning. He didn’t think the investigation would affect players because they’re accustomed to dealing with distractions.
“It’s part of what we do, it’s a big part of what we do,” Matheny said. “We divide them into the controllables and the uncontrollables and this is one of the uncontrollables. We don’t have any clue what’s going on.”
The Cardinals are among baseball’s most successful franchises on and off the field. Only the New York Yankees have won more World Series titles than the 11 won by St. Louis, which is among the best-drawing teams in all of sports, with annual attendance topping 3 million every year since 2003.
The Astros and Cardinals were rivals in the National League Central until Houston moved to the American League in 2013. Jeff Luhnow headed the Cardinals scouting and player development department before being hired as Astros general manager in December 2011, and he has helped transform the AL Central leaders from sad sack to contender.
It wasn’t immediately clear how many Cardinals employees were under investigation, or whether top front office officials were aware of the activities.
“Then there’s the question of who did it?” Manfred told reporters in Boston. “Who knew about it? Is the organization responsible? Is the individual responsible? There’s a whole set of issues that are needed to be sorted through.”
Manfred said MLB’s forensics experts were not involved in the case, adding, “This is a federal investigation, not a baseball investigation.”
The Cardinals and Astros said they’re cooperating with the investigation but declined further comment. Astros manager A.J. Hinch said he’d concentrate on his job.
“Obviously from the baseball perspective we’ll deal with the baseball, and all other questions will go elsewhere,” Hinch said.
Luhnow was not made available to reporters in Houston on Tuesday, but said in June 2014 that the team had been the victim of hackers who accessed servers and published months of internal trade talks on the Internet.
“It was an illegal activity and we’re going to pursue it and try and find out who did it and prosecute,” Luhnow said at the time, noting that the Astros were working with the FBI and MLB security to determine who was responsible for the breach.
The Astros rely heavily on sabermetrics in their evaluation of players and have been open about the fact that they use an online database to house proprietary information. Last year, the Houston Chronicle had a detailed report on Ground Control, noting the team even had a director of decision sciences on the payroll.
Manfred downplayed wider security concerns about MLB’s digital systems.
“We have a technology company that quite literally is the envy of companies throughout America — not just sports enterprises,” the commissioner said. “We routinely make the resources of MLB Advanced Media available to all of the clubs. We have the type of security arrangements that are necessary.”
Craig Newman, chairman of the privacy and data security practice of the New York law firm Patterson Belknap Webb & Tyler, said it wouldn’t be surprising that a professional team would be involved in hacking given the amount of money involved.
“Data analytics have become a critical strategic and tactical drive for both professional and collegiate athletics and, unfortunately, the transition from statistical modeling in player evaluation made famous by ‘Moneyball’ to stealing sensitive information from competitors is a natural progression,” Newman said.