A leak of sensitive documents from the Houston Astros baseball team’s front office may be the first known case of cyber-espionage between professional sports teams.
An embarrassing leak of sensitive information from the Houston Astros baseball team last year may have been the result of hacking by its National League rival, the St. Louis Cardinals, according to a New York Times article published on June 16.
The FBI is currently investigating whether front-office employees of the Cardinals used password guessing to gain access to Astros’ computer systems and steal team and operations information, according to the report. If true, the incident would be the first known case of cyber-espionage between professional sports teams.
The Cardinals have not confirmed the reports, but did not deny the existence of the investigation either.
“These are serious allegations that don’t reflect who we are as an organization,” William O. DeWitt Jr., St. Louis Cardinals’ chairman and CEO, said in a statement published on June 16. “We are committed to getting to the bottom of this matter as soon as possible, and if anyone within our organization is determined to be involved in anything inappropriate, they will be held accountable.”

In June 2014, unknown attackers leaked communications and statistics from an Astros database regarding baseball players and potential trades. The Astros created the data-analysis application, known as Ground Control, two years prior to collect and make searchable, team statistics and their discussions on team operations.

The Astros created the system after signing former Cardinal executive Jeff Luhnow as general manager for the Astros baseball team. Luhnow is credited with helping turn around the Astros’ fortunes. The Astros currently lead the American League West by two-and-a-half games.
While the baseball team did not describe the data that had been accessed, they acknowledged that their system required better security.
“It was an illegal activity and we’re going to pursue it and try and find out who did it and prosecute them because it’s not something that should be happening,” Luhnow told the Houston Chronicle last year. “We’re doing everything we can to upgrade our security so it doesn’t happen again.”
Attackers reportedly accessed the database by guessing the passwords based on passwords used by Luhnow and others while they worked at the Cardinals, the New York Times reported.
Normally a concern for international companies and technology firms, corporate espionage has become much more prevalent as businesses have become more connected over the Internet, Steve Hultquist, chief evangelist at security-analytics firm RedSeal, said in a statement provided to eWEEK.
“While the details of the FBI investigation continue to emerge, and although this appears to be a relatively unsophisticated attack using guessed passwords on one or more database applications that were accessible over the Internet, it underscores the reality of today’s business environment: competitors and enemies will use any means they can to steal information and to damage organizations using information systems,” he said.
Major League Baseball acknowledged the allegations, but said it is too early to judge the veracity of the reports. However, the organization stressed that each team had to secure its own systems.
“At the end of the day (for) each club, it’s an individual, local undertaking, as to what the security measures are,” Major League Baseball Commissioner Rob Manfred said June 16 during a visit to Boston’s Fenway Park.

Leave a Reply