Baseball Team Hacks Another Team's Networks, FBI Investigates

← Back to Stories (view on slashdot.org)

Baseball Team Hacks Another Team's Networks, FBI Investigates

Posted by Soulskill on Tuesday June 16, 2015 @07:33AM from the change-your-password dept.

An anonymous reader writes: The St. Louis Cardinals have been one of the better baseball teams over the past several years. The Houston Astros have been one of the worst. Nevertheless, there is evidence that officials for the Cardinals broke into a network maintained by the Astros in order to gain access to "internal discussions about trades, proprietary statistics, and scouting reports." The FBI is now leading an investigation into the breach, and they have served subpoenas to the Cardinals and to Major League Baseball demanding access to electronic correspondence. It's the first known instance of corporate espionage involving a network breach in professional sports. Law enforcement said the intrusion "did not appear to be sophisticated." It seems likely that a personal vendetta against the Astros's general manager is involved.

58 of 105 comments (clear)

Min score:

Reason:

Sort:

Interesting by thedonger · 2015-06-16 07:36 · Score: 3, Funny

Right up until the point you said "baseball." In the title.

--
Help fight poverty: Punch a poor person.
1. Re:Interesting by Anonymous Coward · 2015-06-16 07:40 · Score: 4, Funny
  
  Slashdot used to be interesting too. Right up until user ID 1317951
2. Re:Interesting by halivar · 2015-06-16 07:43 · Score: 5, Informative
  
  I have it at on good information that it stopped being cool at user ID 535826.
3. Re:Interesting by Anubis+IV · 2015-06-16 08:10 · Score: 1
  
  Whoever told you that is clearly incorrect. The coolness dropped off later.
4. Re:Interesting by istartedi · 2015-06-16 08:21 · Score: 3, Funny
  
  Uhhh... it was never cool. We're nerds. NERDS!!!
  
  --
  For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
5. Re:Interesting by gyerxa · 2015-06-16 08:31 · Score: 1
  
  WAY earlier than that.
6. Re:Interesting by quantaman · 2015-06-16 08:34 · Score: 1
  
  I have it at on good information that it stopped being cool at user ID 535826.
  My first thought is this looks like it's going to be one of those threads where people with progressively lower UIDs start posting.
  My second thought is how sad it is that I'm able to participate with a UID over 500k
  
  --
  I stole this Sig
7. Re:Interesting by Black+Parrot · 2015-06-16 08:40 · Score: 1
  
  Right up until the point you said "baseball." In the title.
  Cue classic xkcd on tests of manhood.
  
  --
  Sheesh, evil *and* a jerk. -- Jade
8. Re:Interesting by sjames · 2015-06-16 08:45 · Score: 5, Funny
  
  Get off my lawn you damned kids!
9. Re:Interesting by halivar · 2015-06-16 08:47 · Score: 3, Funny
  
  What, I have to Google it myself?
10. Re:Interesting by hendrips · 2015-06-16 08:56 · Score: 1
  
  I was going to call you out for reflexively sneering at sports like the average Slashdot elitist. Then I remembered that we're talking about baseball, and I promptly fell asleep out of boredom.
11. Re:Interesting by yzf750 · 2015-06-16 15:31 · Score: 1
  
  Considering the movie from which you quote comes from way before slashdot, well whatever, I forget my point...
12. Re:Interesting by KGIII · 2015-06-16 18:01 · Score: 1
  
  It was not cool or interesting by the time it got to me. I did nothing to help matters. Actually, it was interesting and still is. I do not come for the articles. I come to read the comments - I learn a lot from them. I read a long long time before I joined. I only joined so that I could ask a question. I do not, as a general rule, post as an AC anywhere. I figure my questions and comments are mine and I own them in the sense that I am responsible for having made them. This includes my many errors, this includes any insights and good posts, but it mostly includes my values. I have learned much from reading the comments here (and at many other sites). So long as the SNR remains good enough I do not care who owns the site. There is an increase of pointless comments and abject stupidity but not to the point where it negates the value of the good comments. It just makes finding them a little more interesting. Okay, sometimes it makes finding them frustrating but I get what I pay for.
  
  --
  "So long and thanks for all the fish."
13. Re:Interesting by Isaac-Lew · 2015-06-16 22:24 · Score: 3, Funny
  
  I considered not replying to this, then I thought "Oh, well"...
14. Re:Interesting by Thelasko · 2015-06-17 04:35 · Score: 1
  
  Right up until the point you said "baseball." In the title.
  It's actually more interesting than you might think. The Houston Astro's have been a poor performing team up until very recently. They hired a new manager that uses data driven techniques similar to those used in the book/movie Moneyball. Since they hired him, the team's performance has improved. There is talk of him having some "proprietary information" that has boosted the team's performance.
  
  The game of baseball has evolved more rapidly in the past ten years than it has in the previous 100. It is more data driven than ever. I wouldn't be surprised if teams are building computer models of performance that they then try to optimize.
  
  --
  One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
15. Re:Interesting by sjames · 2015-06-17 10:30 · Score: 1
  
  Nice to see there are still some 3 digit users around.
Somebody explain? by jetkust · 2015-06-16 07:43 · Score: 3, Funny

They used their ex-GM and ex-employee's passwords from their network to access the Astro's network. But why was it so easy to get their passwords in the first place. Isn't this normally not possible?
1. Re:Somebody explain? by The+Grim+Reefer · 2015-06-16 07:55 · Score: 1
  
  But why was it so easy to get their passwords in the first place.
  They forgot to add the "5" after "1234"
2. Re:Somebody explain? by Anonymous Coward · 2015-06-16 08:00 · Score: 4, Informative
  
  They used their ex-GM and ex-employee's passwords from their network to access the Astro's network. But why was it so easy to get their passwords in the first place. Isn't this normally not possible?
  Because this:
  
  When Mr. Luhnow was with the Cardinals, the organization built a computer network, called Redbird, to house all of their baseball operations information — including scouting reports and player personnel information. After leaving to join the Astros, and bringing some front-office personnel with him from the Cardinals, Houston created a similar program known as Ground Control.
  The guy responsible for building a database for the Cardinals then got a job with the Astros (along with other Cardinal employees) basically STOLE the database when he moved. That's why the passwords for him and the other ex Cardinal employees still worked. I'd say the Astros could be in some trouble themselves.
3. Re:Somebody explain? by jimbolauski · 2015-06-16 08:36 · Score: 1
  
  Or maybe Luhnow or one of the employees that followed him to the Astros kept his password the same and the database was just similar. The Cardinals didn't seem to find any evidence that Luhnow stole IP when they accessed the database, which is what the Cardinals claimed they were doing.
  
  --
  Knowledge = Power
  P= W/t
  t=Money
  Money = Work/Knowledge so the less you know the more you make
4. Re:Somebody explain? by jetkust · 2015-06-16 08:45 · Score: 1
  
  If all the passwords and users were the same then why use someone else's account when you have your OWN account? In a normal security situation, he would have the keys but not the actual password unless the passwords were stored in plain text, right? But he would require the password (not the key) to get into the Astro's network.
5. Re:Somebody explain? by CWCheese · 2015-06-16 10:44 · Score: 1
  
  I'd be surprised if it wasn't so simple as the users, Luhnow et al, having written their passwords down on paper. Remember, these are baseball guys, not IT experts like /.ers who would take obvious precautions.
  
  --
  Have a Day!
6. Re:Somebody explain? by sglewis100 · 2015-06-19 07:28 · Score: 1
  
  They probably started by "hacking" into the park's WiFi network.
There's no SPYING in BASEBALL!!!! by Anonymous Coward · 2015-06-16 07:43 · Score: 2, Funny

Said Tom Hanks.
Hmph!!! by Vinegar+Joe · 2015-06-16 08:03 · Score: 2

That's just not cricket!

--
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
Sports! by stoned_ritual · 2015-06-16 08:10 · Score: 1

https://www.youtube.com/watch?...
Re:Learned from the Patriots by Coren22 · 2015-06-16 08:14 · Score: 1

Are you sure about that?
http://www.nytimes.com/2015/04...

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
MLB is little more than a corporation anyway by QuietLagoon · 2015-06-16 08:18 · Score: 1, Insightful

MLB stopped being a sport years ago.
.
So chalk it up to corporate espionage. Inept corporate espionage, but corporate espionage nonetheless.
1. Re:MLB is little more than a corporation anyway by stoned_ritual · 2015-06-16 08:19 · Score: 2
  
  I would postulate that the majority of pro sports organizations are at least as corrupt as the MLB, if not more so.
If it's good enough for the NSA, why not MLB? by WillAffleckUW · 2015-06-16 08:22 · Score: 3, Interesting

Hey, if the NSA gets to violate the Constitution and spy on Americans, why not the MLB?
Sauce for the goose is great for the gander.

--
-- Tigger warning: This post may contain tiggers! --
Smart Sports by jimbolauski · 2015-06-16 08:26 · Score: 4, Insightful

There is science and innovation around all sports, you just have to be bright enough to notice it. Take baseball the batter has to be smart enough to know that the pitcher only throws certain pitches during certain counts and that there are slight differences in the release of different pitches giving the batter a better chance to hit the ball. Same with football you need to have excellent pattern recognition to know what the defense is going to do and what you can do to maximize your teams chance at success. Even something as simple as running has tons of science in it, knowing how hard to train, what type of training, and how fast the person can recover. I didn't even mention the science that goes into clothing and shoes. There are very few dumb jocks that succeed in professional sports, talent alone will not get you to the professional level you need something more.

--
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
1. Re:Smart Sports by thedonger · 2015-06-16 08:42 · Score: 1
  
  I actually find baseball fascinating, and I like most sports as I play several at least well enough to not look like a complete buffoon. Baseball on television can be really boring, but playing it is great. I find it unique in that even though it is a team sport, much of the action is strictly individual. And like you point out, it isn't just throw ball/hit ball/catch ball; a lot goes into just knowing when to swing, seeing as the ball is coming at you so fast that you have to decide moments after release.
  And the application of metrics is interesting, although at some point - if not already - I'm sure there will be a science of counter-metrics.
  
  --
  Help fight poverty: Punch a poor person.
2. Re:Smart Sports by Anonymous Coward · 2015-06-16 08:50 · Score: 1
  
  I'm sure whatever video games and or movies you enjoy don't count as "stupid", do they.
  Unless you're some kind of joyless puritan.
3. Re:Smart Sports by sjames · 2015-06-16 09:24 · Score: 1
  
  As opposed to a program to database the TPS reports and correlate them with the day of the week and sales of rice in China?
4. Re:Smart Sports by aaron4801 · 2015-06-16 09:51 · Score: 2
  
  Newsflash: Unless your profession, hobbies and all other interests are based entirely around basic life sustenance, everything you do is pointless.
5. Re:Smart Sports by paiute · 2015-06-16 10:12 · Score: 1
  
  That's nice and all. But the bottom line is: using all of that intellect to perform an activity that is stupid and pointless is still a waste. That's another one of those things you just have to be bright enough to notice.
  The MIT baseball team always seems to be having fun.
  
  --
  If Slashdot were chemistry it would look like this:Cadaverine
6. Re:Smart Sports by 93+Escort+Wagon · 2015-06-16 11:27 · Score: 2
  
  That's nice and all. But the bottom line is: using all of that intellect to perform an activity that is stupid and pointless is still a waste. That's another one of those things you just have to be bright enough to notice.
  It's rather ironic that you posted this on Slashdot.
  
  --
  #DeleteChrome
This is the National League's version of the DH by salahx · 2015-06-16 08:32 · Score: 2

DH being the Designated Hacker, of course.
I think I know... by babymac · 2015-06-16 08:33 · Score: 1

...who was involved.

--
"War makes me sad." - Me
Competitive Drive Unleashed by Tablizer · 2015-06-16 08:37 · Score: 1, Interesting

St. Louis Cardinals have been one of the better baseball teams over the past several years. The Houston Astros have been one of the worst. Nevertheless, there is evidence that officials for the Cardinals broke into a network maintained by the Astros...

It seems the most competitive teams are often the most likely to cheat. The NFL Patriots also got caught cheating twice.
It seems a competitive drive is a two-edge sword: if you are driven to push the boundaries in sports, it seems you are also driven to push the boundary in other areas.

--
Table-ized A.I.
1. Re:Competitive Drive Unleashed by rogoshen1 · 2015-06-16 09:07 · Score: 1
  
  or maybe cheating works.. just saying.
2. Re:Competitive Drive Unleashed by Tablizer · 2015-06-16 11:42 · Score: 1
  
  That would imply we've only seen a small portion of total cheating, since the known cases provide only slight advantages.
  
  --
  Table-ized A.I.
Radio DJ's Astros joke by Black+Parrot · 2015-06-16 08:44 · Score: 1, Funny

Q: Why are the Astros like Michael Jackson?
A: They run around with a glove on one hand for no useful reason.

--
Sheesh, evil *and* a jerk. -- Jade
1. Re:Radio DJ's Astros joke by 93+Escort+Wagon · 2015-06-16 11:29 · Score: 2
  
  Sadly, this joke would've worked better last season... says this guy here in Seattle.
  
  --
  #DeleteChrome
You dumb bastards... by fuzzyfuzzyfungus · 2015-06-16 08:45 · Score: 1

I find it hard to believe that anyone was dumb enough to break into a system that is virtually certain to count as a 'protected computer' for the purposes of the CFAA, from their home and without doing even a half assed job of covering their tracks.

Even aside from any penalties that may or may not occur because of laws related to trade secrets, tortious somethingsomething, etc. and any MLB-imposed penalties, even merely cracking the system open for a look, and doing absolutely nothing with the data, across state lines gives the feds the option to come down on you like a ton of vengeful bricks. Really, really, dumb. FFS, if your stupid little pissing match was worth breaking a few laws over, you'd probably be better off burglarizing the location housing the database and dumping it in person; at least that keeps the feds away.
Ah baseball by CanadianMacFan · 2015-06-16 08:50 · Score: 2

A sport invented to make cricket look exciting.
(No offense intended. I actually like cricket.)
1. Re:Ah baseball by Alomex · 2015-06-16 09:55 · Score: 1
  
  It doesn't? Every time I try to watch a game it feels like it does: Kick the sand, scratch balls, swing bat in practice three times, step out of the box, adjust the elbow protector and step back in the box. Exciting as this sounds it gets a bit boring after the batter does for the fifth time without a single pitch being thrown.
one of the many things i love about baseball. by MossStan · 2015-06-16 09:00 · Score: 1

if you can finagle yourself to obtain the upper hand so much the better.

--
It is what it is.
The Astros used the same passwords??? by turp182 · 2015-06-16 09:21 · Score: 1

Shoot, it sounds like the Cardinals folk who left took a database copy when they moved to the Astros.
The article says they used the same passwords as when they worked for the Cardinals (and user names I would assume).
That makes absolutely no sense. I can't think of a more idiotic security approach (on both teams parts to be honest). I would bet the Astros system was internet exposed. Otherwise, the article would have mentioned VPN access breach or something, they took the time to point out the access was easily gained.
Full Disclosure: I live in St. Louis but don't pay attention to sports much. I do like attending a game then and again, and we took our twins to their first game earlier this month (the Cards hit a home run on the first received pitch and my kids now think there will always be fireworks...).

--
BlameBillCosby.com
1. Re:The Astros used the same passwords??? by Anonymous Coward · 2015-06-16 09:40 · Score: 1
  
  I live in St. Louis but don't pay attention to sports much.
  You must be new here. Give it time. In a few years, you'll be able to tell the seasons by the color of your blood. Red from April to October, blue from October to May (and hopefully June someday). Any overlap will cause a sickly shade of purple, as if your cardiovascular system had been retrofitted to circulate grape soda through your veins.
  And, yes, we've all pretty much written off the Rams. Any NFL team that wants to stay in St. Louis is going to need to have a non-jackass owner. This fact leads me to believe that St. Louis isn't a long-term football town. The last good football team owner died of old age, then there was a stream of disinterested twits, and now we have this Walmart douchebag. Trust me, Arsenal fans, St. Louis feels your pain.
2. Re:The Astros used the same passwords??? by turp182 · 2015-06-16 10:08 · Score: 1
  
  Born and been here most of my life, living in Soulard is fun. I couldn't care less about the Rams (the almost $1 billion stadium plan with about $400m of public funding has to be against the law without a public vote, thus the lawsuit), but I would like to see the Blues be more successful. And I like MLB playoff games, so I'm usually watching the Cardinals...
  
  --
  BlameBillCosby.com
Re:Learned from the Patriots by paiute · 2015-06-16 10:14 · Score: 3, Informative

Cheating is OK when the reward is championships and the penalty is a wrist slap.
Found the bitter Colts fan.

--
If Slashdot were chemistry it would look like this:Cadaverine
Some thoughts about comments I'm reading... by Anonymous Coward · 2015-06-16 11:37 · Score: 1

I'm a Reds fan, so I do hate both of the teams involved. It's all very sad, since the Cardinals gained very little from this other than creating a week of gasps last year by leaking the Astros database and some internal communications where they said what they really thought about some players. Probably no real competitive advantage at all other than embarrassing a couple of Astros employees.. (Although in a few years maybe) I want to offer some rants about ideas I'm seeing here in this thread.
Houston Stole the Cardinals Database:
Wrong!
First of all, the Houston GM designed the Cardinals proprietary database. When he left and went to Houston with some of his assistants, it should be no shocker to anyone that he used what he learned in the past and made his new database a lot like the old one which worked well. He is NOT taking the database with him. He did NOT steal a database. (It's not like he could walk out with a petabyte of data) He can't be asked to forget the analytical procedures he developed. Baseball teams don't make guys sign NDAs, otherwise no one could ever change teams. Teams often will sign scouts from other teams for intelligence gathering as much as for their skills. That's perfectly legal and legit. It would be like if you changed employers you'd be unable to offer insights you have about how to better your new company. So no, he didn't "steal" the database. The idea that the Cardinals were "just checking" is complete bullshit. You can't commit a crime to check on an intellectual property infringement and claim innocence. The fact that they weren't "just checking" is proven by the fact that they leaked the entire database to the net last year. There is no investigative high ground for the Cardinals to stand on.
Reusing an old password:
Stupid, but not a sign of anything sinister.
For those bitching about reusing an old password. Yeah, that's stupid. It's not a sign that he "stole" the database. Like all of you have never used the same password on multiple sites over multiple years. Stupid, but not a sign of a crime. His login was probably just his e-mail address, which the Cardinals would know, because they have to be able to communicate with all 30 GMs.
Bad access policies:
Certainly. "They were asking for it by not using a VPN" does not excuse the crime like some posters seem to think... (And they probably were using one) According to some folks making comments here, you could drive off in a car if the driver dropped the keys on the ground next to it without fear of arrest. Definitely not stealing there... Bullshit victim blaming.
Yes their database was too easy to access. It has to be used by dozens of scouts, most of whom barely earned their high school diploma, who are constantly traveling around the country and, indeed, the world. The Astros need their scouts in the Dominican to have access to their ideas just as much as the scouts in Texas. By nature, you can't get the sort of data security that we would all like in our companies. They wanted their guys to use it and to find it convenient, not burden them with fingerprint scanners. The team was too trusting. I'm sure they've done a lot to fix it in the past year.
I'm sure the logic is that only other baseball teams would want that data anyway, so there was no real concern about a group of Russian hackers copying a database. Why be fort knox secure when you trust and respect the other 29 teams that you share billions of dollars of revenue with? Naive, yes. Intentional, no. Deserved what they got, no. (No one deserves to be the victim of a crime)
Why Spy on the Astros when they Suck anyway?
Nope, they don't suck. Pretty darn good.
Over the past few years, they sucked on purpose. Their rebuilding approach was cynical in its disregard for winning. They felt perfectly okay with being the worst team in baseball in order to build a championship squad more quickly. A website of engineers should approve of such efficiency not bitch about how the Astros suck! It was all about getting go
1. Re:Some thoughts about comments I'm reading... by sh00z · 2015-06-17 01:02 · Score: 1
  
  I'm sure the logic is that only other baseball teams would want that data anyway, so there was no real concern about a group of Russian hackers copying a database. Why be fort knox secure when you trust and respect the other 29 teams that you share billions of dollars of revenue with? Naive, yes. Intentional, no. Deserved what they got, no. (No one deserves to be the victim of a crime)
  As a resident of Houston who has avoided the sport since they gave the home run title to a cheater, I have to respond to this part of your comment. If THAT was the logic, then while they may not have "deserved" it, implementing security this poor amounts to criminal negligence. There are *plenty* of others who would want the info. You see, there's this little thing called gambling, and small advantages like this is how the pros stay ahead. Strangely enough, these same pros also tend to associate with folks who are part of organized crime.
Re:Parent Poster Proudly Plays Penis Pool by KGIII · 2015-06-16 18:03 · Score: 1

** GayWAD membership kit no longer includes HIV self-test catheter.
I was considering joining up until I read this part.

--
"So long and thanks for all the fish."
Re:Learned from the Patriots by Coren22 · 2015-06-17 02:06 · Score: 1

Um, the Patriots play in Boston, they are just called New England Patriots, doesn't make them representative of all of New England. It isn't like they're going to move to Maine or New York when it is time for a new stadium.

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
"Hacked" by theghost · 2015-06-18 02:52 · Score: 1

Logging in to someone else's account because they didn't change their password when they switched jobs is what passes for hacking here.

--
The only thing necessary for the triumph of evil is that good men do nothing.
Re:Learned from the Patriots by paiute · 2015-06-18 05:23 · Score: 1

https://en.wikipedia.org/?titl...

--
If Slashdot were chemistry it would look like this:Cadaverine