The Cardinals are under investigation for allegedly hacking into the Astros’ Ground Control database. Details are now emerging about the incident, reports Evan Drellich of the Houston Chronicle. One expert termed the hacking as “unauthorized intrusion” rather than a sophisticated attack. The legal definition of hack does include unauthorized intrusion, but no advanced techniques were used to access the Astros database.
It’s thought that one of Jeff Luhnow, Sig Mejdal, or Mike Elias did not properly update their passwords after moving from the Cardinals to the Astros. The access occurred as a result of password guessing, says Drellich. “Possibly with well-educated guesses.”
As you might have intuited, the security for the Ground Control database was below industry standards. Anybody could access the log-in page via groundcontrol.astros.com and a password. This is referred to as single-factor authentication. Houston has since moved the database to a virtual private network (VPN). It reportedly now has two-factor authentication which is more secure.
At least one of the three breaches was done by somebody using Tor, an “anonymity network” meant to hide the activities and location of its users. While the article doesn’t mention it, there is a freely available browser-based front end to access the Tor network.
In other news, the Cardinals brand has been “tarnished” by the scandal, but economic damage should be minimal according to the Associated Press. Primary revenue streams like fan attendance and television network payments will be unaffected by the crime. Sponsors have not backed away from the Cardinals according to a spokesman for FOX Sports Midwest.
Taking the other perspective, Derrick Goold of the St. Louis Post-Dispatch elaborated on the Cardinals back story. Luhnow was hired by Cardinals chairman Bill Dewitt Jr. in 2003 to bring St. Louis into the sabermetric revolution. Luhnow was in large part responsible for building the group that is now under investigation. The team’s analytical efforts yielded excellent results like the selection of first baseman Matt Adams in the 23rd round. The article provides many other great anecdotes about St Louis’ move into the information age.
fredthegodson
LOL @ the Cardinals rep being “tarnished” nobody is even talking about this anymore. I forgot about it until this update.
Dock_Elvis
That was my thought… That and some fans will actually privately cheer at the teeth these password crackers displayed.
I mean….people are putting down hundreds of dollars to attend single games….I’d say their economic choices might be questionable anyway. People aren’t asking many questions anyway.
stl_cards16 2
Maybe the Cardinals brand has been tarnished, but that’s a bit silly, at this point. If it’s proven that upper management was involved/knew about the breach, then I can see how it would tarnish the organization as a whole. As it stands now, it appears to be some low level employee(s) seeking revenge on Lunhow. That’d be like if the Rangers had a player in the minors test positive for steroids, so we labeled the entire Rangers team steroid users/cheaters.
It is absolutely wrong and whoever is involved should be held accountable. But making it like this is the “Cardinals hacking the Astros” is nothing more than narrative driven.
mrnatewalter
Ground Control’s password: MajorTom
Dock_Elvis
That’s funny…..in a most peculiar way.
Dave 32
What an amazing non-story.
Dudes don’t change passwords when quitting their job. Piss off people they left behind. Grumpy kids (TOR is not for “hacking” btw) do some password guessing and then instead of doing anything useful with what they come up with, just leak it to make somebody embarassed.
This has basically squat to do with the Cardinals, and way more to do with the fact that the Astros hire people who have no idea what they’re doing. If anything it should make them look bad in equal or greater amounts. If the Cardinals have responsibility over the actions of all their employees, the Astros sure should as well all the way from the IT staff at the bottom, to the execs who should know better than to use the same password at a new job for the same service.
I know the narrative wants to be hammered in that the Cardinals are the new Patriots but come on, this reeks of a little desperate yellow journalism here all around.
Dock_Elvis
The fact is that the Cards employees weren’t doing it to gain an edge. That completely takes it away from Patriot territory. It does display a serious lack of survival instinct on the part of these Cardinal employees though.