Cardinals Investigated for Hacking Into Astros’ Database
By MICHAEL S. SCHMIDTJUNE

WASHINGTON — Front-office personnel for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, are under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of the Houston Astros to steal closely guarded information about players.

Investigators have uncovered evidence that Cardinals employees broke into a network of the Astros that housed special databases the team had built, law enforcement officials said. Internal discussions about trades, proprietary statistics and scouting reports were compromised, said the officials, who were not authorized to discuss a continuing investigation.

The officials did not say which employees were the focus of the investigation or whether the team’s highest-ranking officials were aware of the hacking or authorized it. The investigation is being led by the F.B.I.’s Houston field office and has progressed to the point that subpoenas have been served on the Cardinals and Major League Baseball for electronic correspondence.

Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011.

The attack would represent the first known case of corporate espionage in which a professional sports team hacked the network of another team. Illegal intrusions into companies’ networks have become commonplace, but they are generally conducted by hackers operating in foreign countries, like Russia and China, who steal large amounts of data or trade secrets for military equipment and electronics.

Major League Baseball “has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database,” a spokesman for Commissioner Rob Manfred said in a written statement.

The Cardinals personnel under investigation have not been put on leave, suspended or fired. The commissioner’s office will probably wait until the conclusion of the government’s investigation to determine whether to take disciplinary action against the employees or the team.

“The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros’ database,” the team said in a statement. “The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further.”

The case is a rare mark of ignominy for the Cardinals, one of the sport’s most revered and popular organizations. The team has the best record in the majors this season (43-21), regularly commands outsize television ratings and has reached the National League Championship Series nine times since 2000. The Cardinals, who last won the World Series in 2011, have 11 titles over all, second only to the Yankees.

From 1994 to 2012, the Astros and the Cardinals were division rivals in the N.L. For a part of that time, Mr. Luhnow was a Cardinals executive, primarily handling scouting and player development. One of many innovative thinkers drawn to the sport by the statistics-based “Moneyball” phenomenon, he was credited with building baseball’s best minor league system, and with drafting several players who would become linchpins of that 2011 Cardinals team.

The Astros hired Mr. Luhnow as general manager in December 2011, and he quickly began applying his unconventional approach to running a baseball team. In an exploration of the team’s radical transformation, Bloomberg Business called it “a project unlike anything baseball has seen before.”

Under Mr. Luhnow, the Astros have accomplished a striking turnaround; they are in first place in the American League West division. But in 2013, before their revival at the major league level, their internal deliberations about statistics and players were compromised, the law enforcement officials said.

The intrusion did not appear to be sophisticated, the law enforcement officials said. When Mr. Luhnow was with the Cardinals, the team built a computer network, called Redbird, to house all of its baseball operations information — including scouting reports and player information. After he left to join the Astros, and took some front-office personnel with him from the Cardinals, Houston created a similar program known as Ground Control.

It contained the Astros’ “collective baseball knowledge,” according to a Bloomberg Business article published last year. The program took a series of variables and weighted them “according to the values determined by the team’s statisticians, physicist, doctors, scouts and coaches,” the article said.

Investigators believe that Cardinals personnel, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow and the other officials when they worked for the Cardinals. The Cardinals employees are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.

That tactic is often used by cybercriminals, who sell passwords from one breach on the underground market, where others buy them and test them on other websites, including banking and brokerage services. The breach on the Astros would be one of the first known instances of a corporate competitor using the tactic against a rival. It is also, security experts say, just one more reason people are advised not to use the same passwords across different sites and services.

Last year, some of the information from the Astros’ computers was posted anonymously online, according to an article on the website Deadspin. Among the details that were exposed were trade discussions that the Astros had with other teams. Mr. Luhnow was asked at the time whether the breach would affect how he dealt with other teams. “Today I used a pencil and paper in all my conversations,” he said.

Believing that the Astros’ network had been compromised by a rogue hacker, Major League Baseball notified the F.B.I., and the authorities in Houston opened an investigation. Agents soon found that the Astros’ network had been entered from a computer at a home that some Cardinals employees had lived in. The agents then turned their attention to the team’s front office.

“The F.B.I. aggressively investigates all potential threats to public- and private-sector systems,” an F.B.I. spokeswoman said. “Once our investigations are complete, we pursue all appropriate avenues to hold accountable those who pose a threat in cyberspace.”

紅雀疑駭太空人 FBI介入調查

商業領域偷取資料時有所聞，但在大聯盟似乎是第一次發生。紅雀隊被爆疑似駭進太空人隊的網路竊取資料，引起FBI介入調查。紅雀與太空人都發表聲明，願意全力配合調查，這起事件起源於去年有些機密資料被匿名放上網路。

去年6月時，太空人宣稱自己被駭客入侵，有人進入他們的伺服器，並將一些內部的交易討論放上網路。太空人跟FBI以及大聯盟保安部門合作，想查出誰是駭客。

根據「紐約時報」報導，FBI與美國法務部有證據顯示，紅雀隊官方人士涉嫌駭進太空人隊的資料庫，竊取關於統計數據、球探報告、內部球員討論、交易以及其他獨占資訊。

「大聯盟已經知道並會配合調查這起駭進太空人資料庫的違法行為」，大聯盟發表官方聲明表示，「一旦調查結果出爐，我們會立刻評估下一步該怎麼辦，並儘速做出決定。」

FBI位於休斯頓的辦公室不承認也不否認這起調查，「所有對於公眾或私人安全系統的潛在威脅，FBI都會積極調查。」

太空人及紅雀因目前仍在調查中，不願表示意見。紅雀總教練馬西尼（Mike Matheny）在賽前被訪問時表示，「有些事情在發生。但在得到更多訊息前，我們無法回應。」

「這跟我們過往的調查，像是禁藥案件，狀況太不一樣。」大聯盟主席曼菲德（Rob Manfred）在芬威球場召開記者會表示，「過去我能掌握所有的訊息，但這次卻不是。」曼菲德過去曾指揮大聯盟的調查機構去檢視禁藥醜聞，但這次他選擇服從FBI的調查。

經過去年的駭客事件後，紅雀總經理莫札里亞克（John Mozeliak）現在選擇將交易訊息寫在紙上，放在資料夾儲藏的辦公室中。

原文參照：
http://www.nytimes.com/2015/06/17/sports/baseball/st-louis-cardinals-hack-astros-fbi.html

2015-06-17．聯合晚報．A10．運動．記者蘇志畬