The Cardinals are currently under federal investigation for allegedly gaining illegal access into the Astros’ internal computer network, and Evan Drellich of the Houston Chronicle reports the latest wrinkle in the scandal. In addition to the previously known security breaches in 2014 and 2013, Drellich now has learned that the Cardinals accessed the Astros’ network as early as 2012, bringing light to a third and previously unreported breach.
Previous reports have indicated that the Cardinals employees in question gained access to Houston’s Ground Control system by utilizing a master list of passwords from when Jeff Luhnow and other execs were still with St. Louis, fueling speculation that Luhnow had neglected to update old passwords. The Houston GM told Ben Reiter of SI.com that any such speculation was “absolutely false,” continuing to add:
“I absolutely know about password hygiene and best practices. I’m certainly aware of how important passwords are, as well as of the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard.”
In speaking to Reiter, Luhnow also addressed the supposed concern from Cardinals employees that he may have taken some proprietary information from St. Louis to Houston, denying that any such action took place and adding that he never received any sort of inquiry from the Cardinals on the matter. Luhnow says that his departure from the Cardinals was amicable, adding that many of his former colleagues were invited to and in attendance for his 2012 wedding.
Drellich has previously reported that the list of suspected Cardinals employees has been narrowed to four or five, and it seems at this point that the highest-ranking members of the Cardinals’ front office weren’t involved. Attorney Jim Martin, whose firm was retained by the Cardinals in February to perform an organizational review upon learning of the investigation, expressed confidence to the Associated Press that GM John Mozeliak and chairman/CEO Bill DeWitt, Jr. had no knowledge of the events. “With what we have done so far, I am 100 percent confident that this does not touch upper management,” said Martin.
Via Robert Patrick of the St. Louis Post-Dispatch, DeWitt himself addressed the media yesterday and said that he was “shocked” and “in disbelief” when he learned of the allegations. “There was zero knowledge until the FBI launched their investigation and we became aware of it,” said DeWitt.
The Chronicle reported earlier in the week that the investigation was in its latter stages, and Drellich explained in a followup piece last night that it would be the commissioner’s office — not a civil suit — that would determine the punishment for the Cardinals and award potential damages to the Astros. As Drellich explains, Major League clubs cannot file civil suits against one another, despite the fact that a former Department of Justice attorney who specialized intellectual property and commercial litigation told him the Astros “could have a case for theft of trade secrets.” The Cardinals cannot be fined more than $2MM as an organization, and DeWitt and other employees cannot be fined more than $500K. However, the commissioner’s office can punish the Cardinals by way of both the Rule 4 Draft (the yearly amateur draft in June) and the Rule 5 Draft, in addition to “other unspecified actions as the commissioner sees fit.”
Dock_Elvis
Some will say that the Cardinals will scapegoat these lower level employees, but there might be some truth the GM now knowing, etc. The info was leaked to an internet site, surely if anyone in the higher levels had knowledge they would have at least instructed this to be kept internal and not essentially made public
oh Hal
I don’t agree with that at all. It has much more value once made public.
stl_cards16 2
Once made public, any advantage of having the information on hand is lost.
Lunhow even acknowledged that there isn’t really a competitive advantage to getting the information from Ground Control because of how often things change.
NoAZPhilsPhan 2
Looking for the “I Agree’ button. Releasing the information did not increase its value.
Dock_Elvis
What was the point in publishing the leaked info by whoever is guilty? Someone at this internet leak site received it from within the Cards org. Why? Why on earth light that fire? Is it an employee with an ax to grind against STL?
Dock_Elvis
I’m saying that imagine the GM does catch wind of this…he has a few options in handling it. This was leaked by the Cardinals staff to an internet site. It’s like breaking into a bank and then releasing a statement that you’re guilty….why would they say ANYTHING about hacking the Astros. Luhnow didn’t take issue until Deadspin broke it
stl_cards16 2
That’s why it seems pretty obvious(to me) it was either A.) an employee not happy because Lunhow did not choose him to take to Houston with him or B.) An employee trying to make a name for himself that believed that Lunhow took his information.
The evidence we have (so far) just does not point to the organization trying to gain an advantage when looked at rationally. That said, I’m sure we will be finding out more soon.
Dock_Elvis
But, it ultimately backfires on this employee and his employer once it’s leaked to the public. First question out of anyone’s mouth is…”how did you obtain this info?”
I don’t know….I suppose some employee with a list of passwords could have been messing around and got one that hit….then decided to go ahead and put it out there to embarrass Luhnow without giving consideration for the blow back.
It’d be like trying to guess my wife’s password…I wouldn’t think of that as hacking…even though legally it would be considered federal. Maybe the hack was meant to gather info….I’m not a tech guy…but I suppose all that we’ve seen is the published info….perhaps it was a hack that enabled them to check the structure of the Astros system. But.. What are they going to do if they find out Luhnow stole their proprietary info? Are they going to be able to say how they knew,it?
Dave 32
So, that’s totally false. Especially if the breach was legitimately done with credentials and not actual hacking. If someone’s getting in by normal means and nobody knows there’s an intrusion (and if it’s happening in Florida during Spring Training, it’s not like there are solid ways of nailing down geographical access as being an intrusion, if it uses a legit password) then it can keep going for as long as whoever has access wants.
Therefore, if nobody had leaked anything for all anyone knows the Astros would have never had a reason to even check their logs for unauthorized access. It’d be just another machine in Florida accessing their stuff, just like any other legit user.
Leak it and now someone has to respond to that sort of unique information being public and figure out where it came from. It’s infinitely less valuable in the public if you’re using it for yourself. If you’re using it to embarrass or prove a point, that’s when you leak it. The information has no real use to anyone else that isn’t in baseball, so helping all the teams instead if your own is rather silly.
sergelang
It shouldn’t matter what level the employee was, or whether they were “rogue.” The organization is responsible for hiring those people, and they should be responsible for everything those people do, good or bad, regardless of whether the organization knew about it.
Dock_Elvis
I agree…I’m just saying that finding out a employee did this is one thing, being complicit with that employee is another. Any major business has IT workers…how do they keep tabs on what they do..even on private time. Someone might see something during working hours and then go after hours and cause troubles from their own home. Many baseball teams basically subcontract this work.
On another note… The Cards look bad during this…but I suspicion some Darth Vader qualities in Luhnow as well. I’m curious if over the coming years he takes on a kind of dark persona in the game….He doesn’t appear to be liked. This was a guy that was in technology before baseball…how was this hack committed? He denies passwords were used. But if they were…I’d say its as likely as not that he left them as bait….
Dave 32
I sure hope you don’t actually employ anyone, because you’re gonna end up in a world of litigation with that attitude.
My job sure ain’t responsible for what I do at home. That kind of thinking is bizarrely draconian at best, thought police at worst.
stl_cards16 2
Right. By this line if thinking if a prospect in A-Ball is caught using steroids, the Major League team should be suspended.
Dock_Elvis
The IT issue is HUGE in my wife’s corporate life. She’s an accounting manager handling massive wattage financially investment transactions for a global company. Corporate has for the past few years outsourcing IT work….she has a fear that an IT worker without much to lose after being let go will hack their system and cause a major breach.
oh Hal
Find the first media report that claimed it was just an old password and that Luhnow was basically a thief. Almost certainly that will be what is known as a management source. If there was an honest and real inquiry, you would likely find upper management helping to propagate false information likely with the help of professionals who specialize in this.
The NFL uses Ari Fleischer. Bill DeWitt almost certainly knows him personally.
The statements that Mozeliak and DeWitt are unknowing are standard when they don’t know and when they do. it reveals nothing. Its all part of the standard PR process.
Dock_Elvis
I suppose there could be a data trail to their email accounts if these were forwarded on to them. It’s reasonable to think they opened such emails. Bigger issue is that this is likely VERY common, so it wasn’t even taken as serious….having a password and cracking an email iwrong…but we’ll see…if this was an elaborate espionage job that’d be another. If it’s truly a real hack job these tech guys then they might have covered themselves with a trail that leads to higher ups.
Steve_in_MA
I would have questions concerning upper management’s role here. I’m sure that the GM’s and CEO’s fingerprints are nowhere to be found in regard to direct evidence of the breach. But was information floating around in the Cardinals front office that should have put them on notice that something might be amiss? For instance, if I’m GM, and underlings are talking about the health status of a particular player on another team, sharing information between themselves that I know is not in the public domain, I am thereby put on inquiry as to how my underlings came to know this sensitive information. GM’s have a duty that is far higher than simply avoiding the placement of their fingerprints on nefarious schemes.
Dock_Elvis
Teams trade info through the grapevine…I’m not sure as a GM I’d question basic chatter….but if they showed me a computer screen or an email…that’s another. I wouldn’t want, unethical people working for me….hacking a password is simple even for non-tech types….but if this was complicated… It’s a good bet those involved have evidence that the info went higher in the chain if that’s the case
NoAZPhilsPhan 2
One of the things you just touched on, info being fairly well known by most all teams, is the main reason several of the legal analysts I have read have stated that they do not believe criminal charges will be brought against anyone. In a court of law all they would have to prove that the information gathered on the players etc. was not available through any other source whatsoever. It appears that the only ramifications will be those imparted by MLB.
jb226
And how, exactly, does some information being known by people negate an unlawful access to a computer system under the Computer Fraud and Abuse Act?
Dock_Elvis
Jb226 has a point. This is essentially breaking and entering on a federal level. That’s a criminal act. Perhaps a civil case would be harder to prove because then damages would have to be proven.
mookiessnarl
cerived?
MadmanTX 2
somebody is lysdexic
gozurman1 2
After reading several articles on the subject, sounds like what the Cards gained from this is Lunhow’s analysis on other players, not just the Astros. Every team has scouting reports and sabermetric reports and just about every player available pro or amateur. If Lunhow’s methods are superior to others in the league in identifying what players would fit for their team, and you could gain access to those reports, you would have a whole 2nd set of data to compare and contrast with your own. Make better personnel moves that way. This could get very interesting
Dock_Elvis
Perhaps, but these are human elements they are dealing with. If this were a business dealing with controlled production assets…it’d be bigger. An Houston’s view would be tailored to their own needs. Nothing I read in the leak was even interesting. Pretty much everything I saw was something I’d heard other scouts discuss from other organizations.
I mean… Luck is still a HUGE factor in any player personnel decision..even talent assessment. Even having Luhnows magic clues or whatever doesn’t push anyone over the top…
To me it sounds a little like the secretive coke recipe…its no secret….any chemist can break it down and tell you what it is…and likewise…Luhnows magic Ground Control can be figure out. Same thing when Billy Beane was invented in the media. Everyone knew what Oakland had been doing since about the time Charlie Finley sold the team.
MadmanTX 2
Too bad MLB doesn’t have a death penalty beyond maybe dissolving a franchise or removing an owner. If/when the Cardinals are proven guilty of breaching the Astros computers, the very least that should happen is a hefty fine and some employees going to Federal prison. If the execs knew about the breach, then the Cardinals should lose tv revenues, be stripped of draft picks and be put under MLB management/supervision for maybe 10 years.
vtadave
They should also be tarred and feathered and forced to watch Full House reruns for a year.
MB923
“However, the commissioner’s office can punish the Cardinals by way of both the Rule 4 Draft (the yearly amateur draft in June)”
Manfred, please please permanently ban the Cardinals from getting a free pick for being a “small market” team. Everyone knows this team isn’t a small market and draws tons of fans. The Cardinals are basically the Green Bay Packers of MLB.
Dock_Elvis
I don’t know about St. Louis and market, but I was driving around the Bronx a few years ago…its not all that big…seemed like a small market to me…maybe the Yankees need a compensation pick.
MB923
Sarcasm? Cannot detect, sorry.