TL;DR: a member of the Cardinals' staff left for the Astros a few years ago. Both teams had an internal system to track recruiting efforts etc. He used the SAME password in the new org, the Astros. Someone from the Cardinals org checked his master password list and was able to enter the Astros system with his old creds
>Last year, some of the information was posted anonymously online, according to an article on Deadspin. Among the details that were exposed were trade discussions that the Astros had with other teams... Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in.
And the only way they were caught was because they likely leaked some of the information they found to Deadspin. I remember at the time of the original Astro's leak, it was very interesting what specifically was leaked. It was not anything that could damage the Astros from either a legal, financial, or competitive standpoint. It only served as an embarrassment to the front office, almost as if the specific information leaked was meant as petty revenge while trying to walk a line by abiding by a certain competitive and moral code.
This is shocking, I followed this closely last year as I am a die-hard Astros fan but never thought it would be another team. I definitely doubt the Cardinals endorsed this, it was just some dudes that had access. These guys will be fired (if they haven't already) and there will be fines. Nothing too crazy will happen.
Though if the FBI finds that the GM/high level execs knew about the activity... this will be unprecedented. The penalties would be staggering as MLB would want to crack down extremely hard to deter future bad behavior.
Really interested to see how Bud Selig responds to this. Looks like this is the same guy (Luhnow) who SI did a pretty good thing last year about, reference how the Astros were doing a Ctrl+Alt+Dlt[1].
The cynical side of me says that Selig and MLB will try to maybe milk this for some rating or something, considering the meme going around that baseball is dying.
(full disclosure, Twins fan here, so I'm gonna be cynical about anything that Selig does)
Why is it so unbelievable that another team did it? The Patriots have been caught many times engaging in shady activities, including outright spying once. If a football team can do it to another football team, it's conceivable a baseball team can spy on another baseball team too.
"Investigators believe Cardinals officials, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow and the other officials who had joined the Astros when they worked for the Cardinals. The Cardinals officials are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said."
"Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in. The agents then turned their attention to the team’s front office."
It'll be very interesting to see how the Commissioner's Office responds to the FBI's findings. While I don't believe espionage is new to MLB, this is the first case of it reaching the public (and federal government) that I can think of.
Since they're no longer in the same division as the Astros, it's a bit less of a penalty, but I'd say every game since the initial breach against the Astros should be forfeited. Additionally, any draft picks during that time should be awarded to the Astros. (not the actual players, but that means they owe the Astros N first round picks, etc)
Probably not going to go down like that, but it's a matter of punishment, as well as compensating the team that was the victim. (I'm from Houston, so probably biased)
It's lucky for them that Bill DeWitt Jr. chaired the search committee who hired the new commissioner. (Shades of Goldman Sachs' perennial association with the Treasury Department...)
However, if the Cardinals are as smart (and perhaps as ethical?) as they previously seemed, they'll get out in front of this, and voluntarily give up their 2013 pennant, as well as fire whoever was involved in this harebrained scheme.
"The attack represents the first known case of corporate espionage in which a professional sports team has hacked the network of another team."
Im pretty sure that in F1 one team hacked another for design details. That said, I cant find a source. IIRC, it was Renault hacking Ferrari, but Im not sure.
> Could someone please get the NYT to drop the paywall on hackernews links?
Use self-destructing cookies or a plugin like it to delete the cookie everytime you close the tab and you won't run into the NYT paywall.
Alternatively, you could use a plugin like refcontrol and set your referrer on NYT as news.google.com and be in the clear if you like hanging on to cookies for some strange reason.
That's a really good idea. Are there any NYT folks here? Is there a procedure in place for doing this sort of thing? I imagine that news.ycombinator.com is a more common Referer than news.google.com in the development community; it'd be nice to have the same treatment from media organizations.
This really sounds like more of a "Astros suck at employee off-boarding" problem. They failed to lock out users of the previous system long after they left the company.
Regardless of their weak password storage scheme (which must be fixed), a simple set of changes (like disabling public access to their system, disabling VPN for terminated users, and changing passwords) would have stopped this from ever occurring.
No this was on-boarded employees using the same passwords at their new job that they had used at the old job. I bet the Cardinals were at least savvy enough to disable Luhnow's old accounts.
One multi-million dollar business franchise gained illegal access to the computer network and private data of another multi-million dollar business franchise. Sounds right up the FBI's alley to me.
We don't know the details, but I think it's safe to say that if the allegations are true, the Cardinals engaged in a form of cheating. It could be that their cheating had very deep and nefarious implications, but I doubt it. If anything, they may have stolen some secrets that gave the Cards an advantage over the Astros in player acquisition strategy.
What I cannot get over is how absurd is it that the Federal Government has been able to insert itself so deeply into a problem that doesn't warrant FBI involvement in the slightest. Athletic teams have been cheating for centuries. Sometimes that cheating involves ruined careers for both the cheater and the cheated, and sometimes they involve teams losing money. But what they rarely involve is the FBI. And the only times I can think of when they have involved law enforcement have been narcotics or gang related.
To me, this sounds no worse than various other advantages that teams unethically gain for themselves. That our legal system allows for this particular type of cheating to potentially be a federal crime is frightening. Let MLB handle this internally, and play ball.
[edit: holy shit. I get it. The FBI is acting within its legal right (and duty). This is a moral statement about the law that they are tasked with enforcing.]
-> Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in. The agents then turned their attention to the team’s front office.
So it looks like the Astros/MLB were unable to determine internally how their network was compromised and then contacted the FBI. This seems perfectly reasonable to me.
Interstate computer fraud and abuse is a federal crime. That the business affected plays some boring game doesn't make it any less of a crime than if they sold sugar water or provided computer services.
If I'm not mistaken, I would guess the only reason the FBI is involved is because it's interstate computer crime, which is their jurisdiction. I see what you mean though - if it's just a matter of someone stealing the old GM's password and using it to log in, let's not waste the taxpayer dollars.
I get what you're saying, but I'm actually happy the FBI is getting involved when it's a matter of "hacking" (regardless of the appropriateness of that term) involving a multi-million (billion?) dollar companies.
Or to put it another way, I'd much rather the FBI spent it's time prosecuting crimes committed by large companies than screwing over kids like Aaron Schwartz for their minor indiscretions.
You're thinking of this as if it were two local amateur sports teams, which makes it seem like it's absurd for the FBI to be involved.
Instead, I would look at this as two multi-million dollar businesses engaging in corporate espionage. When seen from that angle, it is exactly the sort of thing the FBI should be involved in.
[+] [-] timboslice|10 years ago|reply
[+] [-] slg|10 years ago|reply
And the only way they were caught was because they likely leaked some of the information they found to Deadspin. I remember at the time of the original Astro's leak, it was very interesting what specifically was leaked. It was not anything that could damage the Astros from either a legal, financial, or competitive standpoint. It only served as an embarrassment to the front office, almost as if the specific information leaked was meant as petty revenge while trying to walk a line by abiding by a certain competitive and moral code.
[+] [-] Fuxy|10 years ago|reply
[+] [-] Kevin_S|10 years ago|reply
Though if the FBI finds that the GM/high level execs knew about the activity... this will be unprecedented. The penalties would be staggering as MLB would want to crack down extremely hard to deter future bad behavior.
[+] [-] remarkEon|10 years ago|reply
The cynical side of me says that Selig and MLB will try to maybe milk this for some rating or something, considering the meme going around that baseball is dying.
(full disclosure, Twins fan here, so I'm gonna be cynical about anything that Selig does)
[1] http://www.si.com/longform/astros/
Edit: Guess I missed that Selig retired in January. Damn you, work!
[+] [-] rrss1122|10 years ago|reply
[+] [-] bdcravens|10 years ago|reply
By the letter of the law, this is a crime. You may be correct, but something substantially more could happen.
[+] [-] mrchucklepants|10 years ago|reply
[+] [-] s0uthPaw88|10 years ago|reply
"Investigators believe Cardinals officials, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow and the other officials who had joined the Astros when they worked for the Cardinals. The Cardinals officials are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said."
[+] [-] nissimk|10 years ago|reply
"Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals officials had lived in. The agents then turned their attention to the team’s front office."
[+] [-] carsonreinke|10 years ago|reply
[+] [-] bradleyankrom|10 years ago|reply
[+] [-] bdcravens|10 years ago|reply
Probably not going to go down like that, but it's a matter of punishment, as well as compensating the team that was the victim. (I'm from Houston, so probably biased)
[+] [-] jessaustin|10 years ago|reply
However, if the Cardinals are as smart (and perhaps as ethical?) as they previously seemed, they'll get out in front of this, and voluntarily give up their 2013 pennant, as well as fire whoever was involved in this harebrained scheme.
[+] [-] alan_cx|10 years ago|reply
Im pretty sure that in F1 one team hacked another for design details. That said, I cant find a source. IIRC, it was Renault hacking Ferrari, but Im not sure.
[+] [-] josefresco|10 years ago|reply
Hardly. I'm sure there are countless examples of employees improperly using access given to them by their previous employer.
[+] [-] CONTRARlAN|10 years ago|reply
https://en.wikipedia.org/wiki/2007_Formula_One_espionage_con...
[+] [-] bradleyankrom|10 years ago|reply
[+] [-] paulsutter|10 years ago|reply
[+] [-] zekevermillion|10 years ago|reply
[+] [-] asquabventured|10 years ago|reply
Use self-destructing cookies or a plugin like it to delete the cookie everytime you close the tab and you won't run into the NYT paywall.
Alternatively, you could use a plugin like refcontrol and set your referrer on NYT as news.google.com and be in the clear if you like hanging on to cookies for some strange reason.
[+] [-] pcl|10 years ago|reply
[+] [-] netik|10 years ago|reply
Regardless of their weak password storage scheme (which must be fixed), a simple set of changes (like disabling public access to their system, disabling VPN for terminated users, and changing passwords) would have stopped this from ever occurring.
[+] [-] jessaustin|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] jessaustin|10 years ago|reply
Also, the Cards staff probably shouldn't have logged in from home.
Also, how on Earth is this a valid use of the FBI's resources? Fix your broken crap yourselves, Astros.
[+] [-] mdm_|10 years ago|reply
[+] [-] bradleyankrom|10 years ago|reply
[+] [-] kolbe|10 years ago|reply
What I cannot get over is how absurd is it that the Federal Government has been able to insert itself so deeply into a problem that doesn't warrant FBI involvement in the slightest. Athletic teams have been cheating for centuries. Sometimes that cheating involves ruined careers for both the cheater and the cheated, and sometimes they involve teams losing money. But what they rarely involve is the FBI. And the only times I can think of when they have involved law enforcement have been narcotics or gang related.
To me, this sounds no worse than various other advantages that teams unethically gain for themselves. That our legal system allows for this particular type of cheating to potentially be a federal crime is frightening. Let MLB handle this internally, and play ball.
[edit: holy shit. I get it. The FBI is acting within its legal right (and duty). This is a moral statement about the law that they are tasked with enforcing.]
[+] [-] remarkEon|10 years ago|reply
So it looks like the Astros/MLB were unable to determine internally how their network was compromised and then contacted the FBI. This seems perfectly reasonable to me.
[+] [-] lern_too_spel|10 years ago|reply
[+] [-] edgesrazor|10 years ago|reply
[+] [-] jordan0day|10 years ago|reply
Or to put it another way, I'd much rather the FBI spent it's time prosecuting crimes committed by large companies than screwing over kids like Aaron Schwartz for their minor indiscretions.
[+] [-] bps4484|10 years ago|reply
Instead, I would look at this as two multi-million dollar businesses engaging in corporate espionage. When seen from that angle, it is exactly the sort of thing the FBI should be involved in.