9:57pm: The breach in the Astros’ computer system was traced to a home in Jupiter, Florida, where the Cardinals hold Spring Training, a source tells Jeff Passan of Yahoo Sports. Per the report, “a number of Cardinals employees used the house.” That could make it more difficult to determine precisely who accessed the database, though of course investigators surely possess means of acquiring that information.
Passan also notes that, per his source, “the breach involved more than taking old passwords” from Luhnow “and inputting them into a website.” Indeed, there were initially concerns in the league office that more information might ultimately be made public than has been revealed to date.
3:44pm: Cardinals front office officials are being investigated by the FBI in connection to the 2013 hacking of the Astros’ Ground Control database, reports Michael S. Schmidt of the New York Times. According to Schmidt, federal investigators have uncovered evidence which indicates that Cardinals officials were the ones to break into the Astros’ network and databases, leading to the compromise of trade discussions, proprietary statistics and scouting reports.
At this point, it’s unclear which officials are being investigated, but Schmidt reports that no one with the team has been put on leave, suspended or fired at this time. Subpoenas have been served to both the Cardinals and Major League Baseball. In a statement to Schmidt, a spokesperson for commissioner Rob Manfred said that MLB “has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database.”
Schmidt continues to say that the “hacking” was rather low-grade, as it’s believed that Cardinals officials gained entry by using a master list of passwords from Jeff Luhnow and those who followed him from the St. Louis front office to the Houston front office. The current belief among investigators is that Cardinals officials were concerned that Luhnow took proprietary information from St. Louis’ Redbird system — a network similar to Ground Control — and applied the information to his new system in Houston.
Schmidt adds that some law enforcement officials believe the breach to be the result of “vengeful” Cardinals employees “hoping to wreak havoc” on Luhnow’s work in Houston. The Astros believed the hacking to be random and notified the FBI, who learned that the Ground Control network had been accessed from a home in which a Cardinals official had lived.
The breach ultimately led to a good deal of private Astros information becoming public knowledge, including trade discussions that brought a good deal of scrutiny on the Houston organization. At the time, the Astros issued the following statement:
“Last month, we were made aware that proprietary information held on Astros’ servers and in Astros’ applications had been illegally obtained. Upon learning of the security breach, we immediately notified MLB security who, in turn, notified the FBI. Since that time, we have been working closely with MLB security and the FBI to the determine the party, or parties, responsible. This information was illegally obtained and published, and we intend to prosecute those involved to the fullest extent.”
It remains to be seen what kind of punishments will be issued if the Cardinals are indeed proved to be behind the incident. However, this is certainly the type of offense that would cost executives their jobs, and there could very well be further legal repercussions for those involved, as well as further punishments issued to the organization by the league.
mrtplush
I guess we now know how the Cardinals are run so well and efficiently.
Magnus Olsson
They were reaching for the stars?
MLB Top 100 Commenter
Commissioner Manfred will announce that as part of the penalties, the Cardinals will be have to reacquire Kyle Lohse and to add him to their starting rotation.
thunderecho
A MLB team in the hacking business. Maybe the Cardinals’ ownership should sell the team to Chinese Billionaire investors so they can officially change the team name to the St. Louis Hackers. Motto “We’re gonna hack all the way to the World Series”. Perhaps they have Guy Fawkes mask (new logo?) promotion night. Along with a Julian Assange (Wiki-Leaks founder) Bobble head night.
Cards not only hacked the Astros but the information leaked. Wow!
General_Stingray
Lol!
Rally Weimaraner
The “classy” Cards with their superior scouting department hacked the Astros?
Portland Micro-Brewers
That just doesn’t sound like the Cardinal way. No wonder Mozeliak wins all his trades he’s reading scouting reports from two different teams.
Rally Weimaraner
I though the Cards were just a step ahead of everyone else?
No Big League Choo For Yu
Lol. Luhnow was still using his old password: GoCardinals1
gozurman1 2
Too Funny……
Milo Goes To College
This reads like the plot from Silicon Valley this season.
flyerzfan12
My thoughts exactly. Side note – great show.
rct
It’s very similar. Gilfoyle got a password off of a Post-It note and stole info off the one company’s server. Apparently, Lunhow used old passwords and the Cardinals used this to steal info from the Astro’s server.
Rally Weimaraner
The one part that makes no sense is why would they release the data? If the Cardinals hacked into the system to access the Astros trade discussions, proprietary statistics and scouting reports seems like they would have been better off just keeping it to themselves.
AsFan89
Yeah that doesn’t make sense unless they were just careless or were hacked as well. Or maybe someone is after the person’s job who did the hacking, and that was his or her passive-aggressive way of getting it.
tmengd 2
they would release it to embarrass Luhnow and hurt him. There were a lot of really upset Cardinals execs when Luhnow was both there and when he left. He clashed heads with a lot of the top execs there but the owner apparently liked him. So you steal secrets, then embarrass him.
stl_cards16 2
That’s what makes me believe it was some low level guys acting on their own. If Mozeliak/higher ups were in on it, they would use it to their advantage, not make it public.
tmengd 2
except how many low level guys would of known Luhnows passwords and such 🙂
stl_cards16 2
We will see. It’s not something I’m too worried about.
oh Hal
Even if it is upper level and is motivated by spite, all they’ll get is a slap on the wrist. I would expect MLB to do its best to minimize the story and to keep relevant details from becoming public.
istravin
you sound like a patriots’ fan
jb226
If he’s the kind of person who has a “master list of passwords,” I wouldn’t be surprised if most of the people who worked directly with him knew. Nor would I be surprised if they were on a sticky note on his monitor or something equally ridiculous.
Rally Weimaraner
Most businesses keep a master list of passwords. If not you have to completely delete and recreate a system every time employee X forgets their password. His mistake was using the same passwords again after changing jobs.
jb226
@Rally:
Most businesses may keep a master list of passwords, but that is proof only that most businesses have no idea how to have a secure IT system.
As somebody who has designed such systems, one fact stands out above all others: The system never needs to know your password for more than the fraction of a second it takes to either save it (if we’re creating a password for you) or check if it is correct. “I” as a programmer, co-worker, boss, etc, never under any circumstances need to know your password.
And yes, if that is basic authentication systems 101 then “don’t reuse important passwords” is basic user precautions 101.
Incidentally, none of this is meant to excuse the person who “hacked” (ugh, hate that term for something like this) the Astros.
Rally Weimaraner
Definitely agree with you about calling this a “hacking” this was more an unauthorized access of the system.
Pike
youd be suprised. I work in IT and have worked with a few companys low tech executives and they didn’t change default passwords and I had to know them any time they’d buy a new device that would need email to sync up to it.
hojostache
Maybe his password was “password”?
stl_cards16 2
They make it sound a lot juicier than it is. Still not s good thing for the Cardinals and I hate to see this. But… Lunhow was using a system created by the Cardinals and using the same passwords he did in St. Louis. I have more security for my Fantasy Team.
No Big League Choo For Yu
The FBI getting involved made it pretty juicy!
tmengd 2
Except Luhnow was one of the ones that created the Cardinals system that was being used. So if he took the idea with him so be it.
stl_cards16 2
Right, there’s no problem in taking it. But you would think they’d at least change a password.
cpav1130
Not necessarily. Most companies have a clause in their code of conduct that says, essentially, any work you do on behalf of the company belongs to them, not you. So if he took the idea with him and implemented it exactly as he had in St. Louis, he could be guilty of theft.
natglegarr
Most companies also have a non compete clause too saying you can not work for a competitor. Baseball does not work this way, as teams routinely poach execs from other teams. The Cardinals knew that Jeff Luhnow would use a simular system in Houston especially since he wrote part of it. This may blow up to be much much bigger then we think right now all we know presently is that they hacked the Astros many many will lose there jobs at the end of this
AsFan89
It doesn’t say Lunhow was using a system created by the Cardinals. It says the Cardinals suspected him of using it. Whether he was or not is irrelevant – the Cardinals executive is in the wrong. I’m sure there are other ways to find out.
Rally Weimaraner
Lunhow was using a system created by Houston that the Cards thought may have been similar to their system. Thats vastly different from using a system created by the Cards.
danpartridge
Not sure password security is the big takeaway, here. . . .
stl_cards16 2
No it’s wrong and the guys in the Cardinals organization will be punished accordingly. I could even see the loss of a pick. But it’s still kind of funny the lack of security an MLB team would use.
danpartridge
Indeed. It is pretty absurd.
oh Hal
I look forward to being able to “rec” or upvote posts like this.
Justin Case
Between this and the All-Royals Game, not a good baseball year for Missouri.
stl_cards16 2
Baseball has never been better in Missouri. Apparently some IT guys are having some problems, though.
notnunez
On the field it is.
tmengd 2
Somewhere many Cub Fans are laughing!!
stl_cards16 2
I think fans of every team are laughing. Heck, I’m laughing.
Dock_Elvis
What do you mean somewhere… Just say in a frat bar
alex navarrette
If they find this to be true, MLB needs to come down hard on the Cardinals. They need to be stripped of multiple draft picks and be levied a hefty fine. Maybe a postseason ban for a season, although I’m not sure about that part. Either way, MLB needs to make an example of the Cardinals.
Rally Weimaraner
A postseason ban makes no sense. How would you even implement that?
MLB Top 100 Commenter
Easy to implement, just like college, take the next team by standings. But it will not happen. Someone will be fired and prosecuted. There will be a big fine and a loss of one or more draft picks. Cards are the new Pats. Deflategate and Spygate, meet BirdBrainGate.
zxcx
The postseason ban part is where you lost me, I don’t think it’d be even possible to do that. But should this be found to be true, the rest I agree with hands down.
yountsagod
Why wouldn’t it be possible? Just put the team in the NL with the next best record in the playoffs.
tmengd 2
I’d be more worried about what happens when the Astros press charges and sues the Cardinals . Jail time and a civil suit could be huge.
If nothing else MLB should make the Cardinals do something for the Astros because the hacking and leak potentially hurt them both financially and rep wise at the time among other teams.
Dock_Elvis
It’s a federal crime as it stands before even entering into civil litigation. This is bad for the Cards.
hojostache
Federal would go first and then they’d go civil. The Federal conviction rate is ridiculously high, so if it gets that far…they will probably have the person/persons dead in the water. A civil case would be an interesting discussion because they’d have to show harm and attach a $ to it.
I’d LOVE to see a yr ban from the post-season, as the MLBPA would file suit bc of losing out on bonus money for the players, some contracts probably have playoff related bonuses for awards, etc.
baseballpun
I can see MLB taking picks away, mostly for show. This wasn’t about gaining a competitive edge – if it was, they’d have hacked the Cubs and probably the Rays to see what kind of systems they used. What new info could they use from a single AL team whose scouting infrastructure is an outgrowth of their own? It was about bad-blood between ex-employees. People should lose jobs and face legal consequences, but that should really be the end of the punishment.
mrnatewalter
Deadspin had an article last year that revealed anonymously leaked trade discussions from the Astros. That involves more than one team and can help the Cardinals get an upper edge and act proactively to potential trades.
And besides, if they are leaking info such as trade discussions, could they also have information that they aren’t leaking that is more advantageous to be in control of?
baseballpun
That’s a fair point, but unless it comes out that they hacked, or tried to hack, another team, I don’t see it as much more than a personal fight over the use of a data system and algorithm. The leaked trade information is interesting because it seems like the damage done by leaking the information and alerting the Feds is worse than whatever harm the Astros could have faced. Who thought it was a good idea to do that?
Dock_Elvis
From what I gather it was multiple Cardinal employees that lived at the same residence. That would seem to imply lower level stat people or interns…considering that not too many higher ups likely share a residence
oh Hal
I expect the opposite.
Joseph Anderson
Relax. Calm down. I can see a fine unless this has been going on for years and years.
stymeedone
A fine? The FBI is currently investigating. Jail time will be involved. Corporate espionage is serious, no matter how it occurs, or who does it.
dodgerection
Alas, “the Cardinal way”…
Seriously, it’s ok now if they’re doing it. Class personified.
stl_cards16 2
Yep. Everyone said it’s ok. By the way, you should read up on what the “Cardinal Way” really is. Your favorite team has the same thing, the media just didn’t spin it as some big secretive formula.
Dock_Elvis
Let’s keep in mind that the people that perpetrated this are likely ivy leaguers. Intelligent people should know better. I think anyone involved should be banned.
MLB Top 100 Commenter
If you did the hack, you must be sacked.
alex navarrette
@Rally like I said, I wasn’t totally sure about that part. It would be fairly simple though. For a season, they aren’t allowed in the playoffs. You would just go to the next team in the standings if they finished ahead of other teams for a postseason spot.
stl_cards16 2
You must be a fun of the NCAA.
Joseph Anderson
You’d set a better example if they won their division and just left that spot be. Shouldn’t “reward” a team that doesn’t deserve to be there.
stymeedone
Better yet, hit them in the pocket book. Cut them out of revenue sharing for a year. Any post season revenue must be donated.
JB381
I wonder how often this goes on and nobody catches onto this practice.
stl_cards16 2
True. The Cardinals could have had all the access to the information with no penalty. If it hadn’t been leaked, there would be no investigation.
alex navarrette
Funny because I hate the NCAA. I hate corrupt organizations and cheating. What the Cardinals allegedly did is a lot worse than something you can sweep under the rug. I know you’re a fan of the team, but try to take an objective view.
baseballpun
You need to explain this. What would a post-season ban serve? You really think the Cardinals are trying to gain an edge on the league, so they snooped around the files of the one organization that has the least amount of new information available to them and said “Well, we’re done. With Jeff Luhnow’s knowledge, we’ll win 10 straight championships, just like we did when he was working for us!”
stl_cards16 2
I agree and they should be punished. But a post-season ban is something only the NCAA does. Depending who all was involved, I could see a huge fine and loss of Draft Picks.
Dock_Elvis
I can see the fine and loss of draft picks as well as a ban on all those with knowledge. This was a federal crime. No idea who had direct access or knowledge, but it could be ugly. I only see a matter of degree difference between this and game fixing.
Dock_Elvis
If these people are convicted as felons they will lose computer use rights anyway given the nature of the crime.
mrnatewalter
Make the Cardinals run an organization via pen and paper for a year?
gozurman1 2
Old school baseball… No more sabremetrics for you, Cardinals!!
jpres
Lifelong Cardinals fan here.
This makes me sick. More than likely this was a lower level guy and not someone like MO or DeWitt. Whoever it was, from Molina, Matheny, LaRocque, Vuch, Correa, MO, DeWitt, should receive a lifetime ban from baseball. The Cardinals should get fined and loss of draft picks. The only thing I can think of to compare this to is SpyGate. This is very similar. While SpyGate had way more of an effect on the game itself than this did, the actions are very similar.
Bob Knob
Anyone in St. Louis linked to Boston/New England sports teams ?
ItsThatBriGuy
If they hacked another team’s system, I wonder how easy it would have been for them to hack the All-Star voting system. Soften up the AL line-up for the World Series advantage.
Rally Weimaraner
Either that or a 13 year old KC fan got into the system
stl_cards16 2
You don’t have go get into the system. There’s been articles at other sites about the ASG voting. Basically, a person can vote non-stop by changing their e-mail a little.
mrnatewalter
MLB’s problem with the ASG vote is that they don’t require a verification of the email address use. If they’d make you go through and verify the email, it would take away 90% of the ballot stuffing going on… and I only say 90% because there’s still 10% of people out there with nothing better than to create emails and verify them all day for the sole purpose of trolling the All-Star Game.
Dock_Elvis
Seriously though, the ASG issue is bigger than some guys with nothing better to do than cast votes. These vote tallies are in the 6-7 digits…it’s baseball fans everywhere and the system that allows to click-vote entire teams. Honestly… It’s not much different than other years when Yankees or Sox dominated.
Dock_Elvis
As a Kansas native…. I think it’s hilarious though…just surreal. I think the entire nature of the current ASG is a joke right down to home field advantage. If you thought your team had a shot at the series…would you want some guy who made the roster simply so their team had a rep determining if you got home field advantage. KC has great baseball fans that have been dormant forever. Imagine a less self promoting Cardinals fan base after the Cardinals had just come,back to life…..that’s the Royals.
Rally Weimaraner
But that requires a person to actually sit there voting all day. Are there really that many devoted royals fans sitting there casting all start ballots all day long?
mrnatewalter
I have lots of friends in the KC area… yes, they have.
Seriously, one of my friends has a very unique name… he just typed his name and the email domain and changed the number after every 35 votes… he does it while watching TV. It’s not all that difficult.
Rally Weimaraner
wow. I just couldn’t stand to do that. It annoying enough to type in those prove-your-not-a-robot numbers 35 times. I can’t imagine doing it over and over again.
stl_cards16 2
It started out Royals fans, now it’s a lot of everyone jumping on board because they think it’s funny.
start_wearing_purple
Always thought they were a classy organization but even the accusation alone is pretty heavy tarnish. If true then MLB really should lower the hammer by either taking away future draft picks, imposing restrictions on their draft pool money, or limiting their international spending. And of course lifetime bans from the game for any executive who had a hand in this.
stl_cards16 2
Meh, not that I care if people think the Cardinals are classy and Mozeliak doesn’t really seem to care either. But it’s not very likely this was ordered from the top. There will be a lot more facts come out, but right now it’s just basically fuel to the fire that everyone already doesn’t like the Cardinals. I’m ok with that, as a Red Sox fan you know it comes with winning.
start_wearing_purple
Oh, I’m definitely not saying this came all the way from the top. But I wouldn’t be surprised to hear a rung below Mozeliak knew what happened and decided to take advantage of the issue.
User 4245925809
1st the FBI has to get involved (seriously involved) without pressure from the league to give powerful executives a free pass, if they were indeed involved in any way and then Manfred needs to penalize any hacking organizations heavily to discourage this sort behavior in the future, regardless of which franchise tries it.
Dock_Elvis
I guess I go back to thinking about Whitey Herzog and Gussie Busch….loved those guys, but classy isn’t the word I’d describe them with.
treday
Well the Dodgers can’t beat the Cardinals, but maybe the FBI can
Monkey’s Uncle
Has anyone checked the baseballs the Cardinals use to see if they are being properly inflated?
gozurman1 2
To bad for St. Louis that it is the Cards and not the Rams…….. The NFL would have investigated this internally and months later slapped the Rams on the wrist….. MLB did the right thing and turned this matter over to the Feds where the investigation belonged. Feel bad for the Cardinal fans but hope the team has some stiff punishment to keep other teams from wanting to do the same. As in all sports, many teams/players cheat everyday. This is just way to far over the line to not punish the team severely besides whatever legal punishment the ones who actually were involved in the hacking get.
NotCanon
The only reason the feds got involved is because one business hacking another (especially across state lines) is a felony. MLB didn’t have a choice about “turning this matter over to the feds,” because it was their jurisdiction, and literally their responsibility to investigate/prosecute. I imagine there will be a concurrent MLB investigation, to assess penalties within the sport (which the federal government has no power to levy), which is a completely separate matter from any legal action taken by the government.
I don’t love the Patriots in the slightest, but the reason “deflategate” didn’t get turned over to the FBI is because it revolved around a violation of the rules of the game, not a literal crime. Much the same way that a pitcher caught rubbing up the ball with pine tar isn’t prosecuted federally, but will suffer a fine/suspension from the league.
gozurman1 2
A whole lot of crimes over the years got swept under the rug by players, etc in the NFL… Ernie Holmes was sitting along a highway shooting at PA State Police helecopters back in the day. Few state and federal laws against that. Got swept under the rug. Not comparing Deflategate to the Cards in the least. Yes the Geds got involved. Betting if the same thing had happened to an NFL team, somehow someway, nothing would have come of the mess and the offending team would have gotten a slap on the wrist. I am glad MLB did the right thing and hope they continue the right thing and punish the Cards if they are found to have had staffers/Front office personnel involved.
NotCanon
Ehhh. I don’t see any indication that this is the sort of thing that would get swept under the rug by any team. This isn’t a player or team executive committing a general crime, this is one team committing a literal crime against another team.
We just don’t see that often enough to have any sort of comp. Breaking rules, like tampering with RFAs and verbal agreements with IFAs? Sure. But not literal “team-on-team” crimes.
gozurman1 2
Ok, for the last time, give me your password!!!
Oh ok it is 12345678……….
gozurman1 2
So now they have to re hire old time “Baseball Guys” No Sabermetrics for you, St. Louis!!
MLB Top 100 Commenter
The Cardinals are the new Patriots. Possibly jail time for the hacker, at least a felony plus probation plus a civil lawsuit. Take first three draft picks from Cardinals in 2016 and give them to the Astros. No ban on post-season.
yountsagod
This affected more than just the Astros though. They would have had scouting reports on every team and player in the league. Reports on prospects for the draft which would have potentially changed who they drafted and who everyone else got to draft. The info on trades would have affected how the Cardinals dealth with any team in contact with the Astros. I think every team should sue them seperately.
arobb
The St. Louis Patriots
Bob Knob
Selected members of the New England Patriots management & coaching staff are reportedly en route to Lambert–St. Louis International Airport for a ‘job fair’ targeting the Cardinals’ IT Staff !
(There’s a perfect match !)
yountsagod
MLB needs to do something big. They gained a competitive advantage over every team in the league by doing something that is against Federal Laws. Teams are obviously going to have scouting reports for every team because they all play one another and if they don’t that particular year they could be potential trade partners.
So now you have 2 coaching staffs going up against your team every time they play the Cardinals. They have the advantage in every trade knowing what other teams are willing to trade and what kind of talent they want in return before they even discuss anything with anyone else. They would have a 2nd whole scouting departments information on prospects.
This affected every team in the league and MLB should come down extra hard on them.
Fangaffes
Tom Brady will be suspended because he might have known something about this.
MB923
For a punishment, how bout permanently getting rid of the Cards free supplemental draft pick for being a “small market” team?
NotCanon
I do find that pick pretty ludicrous. Yes, the St. Louis metro area is smaller than a large number of other metro areas, but they’ve got one of the largest blackout regions in the country because of how spread out the fanbase is.
They’ve been top-10 in attendance for at least the past 15 years (top 5 for most of the past 10), so it’s not like they’re not getting people to come to the ballpark.
tbdavidh
They should be forced to give the pick to the Astros for the next 20 years.
Jrankin1246
The Astros go from looking horrible last year with the leaks, now it turns out they’re not at fault… and they’ve been vindicated with the Aiken situation as well.
Sickle
Nothing like cheating to win. Bill Belichick would be proud.
stroh
As an Astros fan, I can only say that is is disappointing to hear this. I admire the Cardinals organization, and also think Jeff Luhnow is doing a great job with the Astros. It’s too bad that some misguided individual within the Cardinals has chosen to steal information. The person should be prosecuted and the organization should be punished. But I really don’t have any hard feelings towards the Cardinals fans or the players – they are great competitors. And very frankly with the Astros in first place, and 3 out of their 4 top farm teams in first (the only one not in first is in second) it hasn’t affected Luhnow and the Astros at all.
raysfanenigma
This new commenting system is horrible
Tim Dierkes
Do you have any specific feedback?
gozurman1 2
No edit available for typo’s. Most recent posts should be at the top and not the bottom plus Box to post new comments should be at the top not the bottom.
gozurman1 2
also an option to agree/disagree with a particular post would be nice. Like a thumbs up/down or Like, etc.
shaneredsfan 2
Sure do wonder what will happen at the end of all of this.