On June 16, 2015, the New York Times reported on what is being referred to as “the first known case of corporate espionage” involving hacking and cybersecurity. The article states that the FBI and Justice Department are investigating allegations that front-office personnel for the St. Louis Cardinals hacked the Houston Astros’ computer network to access information related to players, trades, statistics and scouting reports.
While the employees under investigation have not been identified, officials are gathering evidence that “the hacking was executed by vengeful front office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager,” who had previously been with the Cardinals. Other sources indicate the hack may have been used to embarrass the Astros rather than steal confidential information.
The Astros contacted the FBI when confidential information stored on their networks was posted online last year. Investigators found information indicating the origin of the hack was the home of Cardinals’ employee.
Luhnow used statistics to provide insight on player development and training. This statistical method being used in baseball has been referred to as “Moneyball.” While at St. Louis, Luhnow developed a software program called “Redbird” to store information concerning St. Louis’ operations. He created a similar program for the Astros called “Ground Control” which stored the Astros’ “collective baseball knowledge.” Beyond merely storing the data, the program also “took a series of variables and weighted them according to the values determined by the team’s statisticians, physicist, doctors, scouts and coaches.”
It appears the cyber attack/theft was unsophisticated and accomplished by guessing the passwords for the Astros’ network. Investigators are looking into allegations that Cardinals personnel, concerned the Astros may have used the program developed for the Cardinals, used passwords used by Luhnow while he was at St. Louis to gain access to the Astros’ network. There are reports that this information was taken with the intention of embarrassing the Astros and Luhnow.
Based on the allegations against the Cardinals, corporate espionage is now added to the list of cybersecurity concerns. Further, hacks by competitors may cause more damage to the extent it may take longer to discover the hack. The large data breaches at Target or the federal government required people stealing information and selling it to other criminals that would use the information. In that case, a number of red flags are raised when hackers need to find buyers for the information they have taken. It is alleged that the Cardinals took the information for their own use and the breach was not discovered until the Astros saw its confidential information posted online. The information had value for the Cardinals without buyers and there is a chance the Astros would not have known about the hack had the information not ended up on the internet.