© 2024 WNIJ and WNIU
Northern Public Radio
801 N 1st St.
DeKalb, IL 60115
815-753-9000
Northern Public Radio
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

St. Louis Cardinals Officials Condemn Alleged Houston Astros Hack

KWMU

Top St. Louis Cardinals officials are condemning an alleged computer hack on the Houston Astros by members of the team’s front office.

The team says it conducted an internal investigation after they were made aware of the allegations several months ago. 

The FBI and Justice Department are investigating whether front office personnel for the St. Louis Cardinals hacked into Houston Astros' computer networks that contained player statistics, information about trades and other sensitive data, The New York Times reports.

"Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager who had been a successful and polarizing executive with the Cardinals until 2011," the New York Times report says.

Cardinals employees are accused of using old passwords to access a confidential database. 

The Cardinals issued this statement Tuesday morning: 

“The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros’ database. The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further.”

Jeff Luhnow was an executive with the St. Louis Cardinals before he became the Astros general manager in December 2011. The Cardinals officials had allegedly kept a list of passwords used by former executives, including Luhnow, and used that information to gain access to the Houston network.

“As a Cardinals fan, I’m disappointed -- as a cyber security practitioner, I’m not surprised to find that a password hadn’t been changed,” Paul Frazier, a cyber security expert and adjunct professor at Webster University, said. “That’s the first thing we teach in cyber security is change your password, so the developers can’t find their way back in.”

It’s not that hard for the FBI to figure out that someone’s been somewhere in cyberspace they shouldn’t be, Frazier said.

“Everybody leaves a trace as to where they’re talking from,” Frazier said. “So through the use of their machine access codes and internet protocols, [the FBI] will be able to go back and figure out right down to the machine and time of day the hack occurred, and whether or not the machine was owned by a person in the St. Louis Cardinals organization. They’ll even be able to tell who was logged in at the time.”

The vast majority of so-called “hacking” cases are prosecuted under 18 USC § 1030, the Computer Fraud and Abuse Act, though various state and local laws also apply. The federal law has been around in its current form since 1986.

“It’s a broad and very powerful tool for the federal government,” said Paul Ohm, a former prosecutor for the U.S Department of Justice’s Computer Crime and Intellectual Property Section who is now an associate professor at the University of Colorado Law School. “It’s often analogized to physical trespass.”

At its most basic level, the law punishes those who obtain information after accessing a computer without permission. The “hack” must also result in a person obtaining information, but that’s a pretty low threshold to meet, Ohm said.

“Courts have said, ‘Look, Congress didn’t say you have to download and save a copy of information,’” Ohm said. “If it crosses the network and appears on your screen, that’s good enough for a crime. Casual poking around still satisfies the criminal provision.”

Ohm said the alleged intrusion is like dozens of others prosecuted by the federal government day in and day out.

“What seems most novel about this to me is the actors involved,” Ohm said. “If this was just two titans of industry fighting it out and one of them allegedly crossed the line and FBI got involved, I doubt most of the world would have taken this much notice. I certainly wouldn’t have.”

The Computer Fraud and Abuse Act authorizes prison sentences of up to 20 years, though Ohm said it’s unlikely that first-time offenders would receive penalties that stiff. He said the Astros could also pursue civil claims against the Cardinals for theft of trade secrets.

Chip Pitts, a former chief legal officer for Nokia and lecturer at Stanford Law School, said he did not believe such inter-team hacking was widespread in baseball.

“Baseball learned its lesson from the earlier corruption scandals in the 20th century that it is a prized institution, and the best results for the teams and their stakeholders come from fair competition on the field,” Pitts said.

Pitts said any allegations of impropriety could hit the Cardinals especially hard.

“When they’re accused of cheating, it’s really unfortunate,” Pitts said. “It’s somewhat reminiscent of Lance Armstrong. When a perceived winner cheats, it’s even worse.”

Both the Cardinals  and Major League Baseball said they were aware of the federal investigation into the security breach, and were cooperating fully. The league went on to say, “Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and make decisions promptly.”

A spokeswoman for the FBI office in St. Louis referred all questions to the Houston bureau. A spokeswoman there would not confirm or deny the existence of that investigation, but released the following statement:

"The FBI aggressively investigates all potential threats to public and private sector systems.  Once our investigations are complete, we pursue all appropriate avenues to hold accountable those who pose a threat in cyberspace."