Stealing home? FBI probing St. Louis Cardinals for hacking Houston Astros

Let me guess: their password was StanMusial1920, right? America’s national pastime has become embroiled in America’s national cyberheadache, according to the New York Times’ Michael Schmidt, who seems to be covering a lot of stories these days. The FBI has quietly issued subpoenas to Major League Baseball and St. Louis Cardinals officials over allegations that the Cards hacked into the Houston Astros’ computer systems, and lifted highly proprietary information:

The F.B.I. and Justice Department prosecutors are investigating front-office officials for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, for hacking into the internal networks of a rival team to steal closely guarded information about player personnel.

Investigators have uncovered evidence that Cardinals officials broke into a network of the Houston Astros that housed special databases the team had built, according to law enforcement officials. Internal discussions about trades, proprietary statistics and scouting reports were compromised, the officials said.

The officials did not say which employees were the focus of the investigation or whether the team’s highest-ranking officials were aware of the hacking or authorized it. The investigation is being led by the F.B.I.’s Houston field office and has progressed to the point that subpoenas have been served on the Cardinals and Major League Baseball for electronic correspondence.

Is nothing sacred any more? Say what you will about Bill Belichick, but all he did was show up with a camera during opponents’ practices … while his equipment manager deflated balls for Tom Brady … well, okay, maybe that’s not the best comparison to use. This isn’t about gaining an edge by stealing signals from the catcher (frowned upon) or doctoring balls on the mound (forbidden). If this is true, it’s industrial espionage, and not just the normal cheating and shenanigans that occur on the field in competition.

In fact, Schmidt reports that the investigators believe the motive had nothing to do with on-field performance, but instead was motivated by revenge:

Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager who had been a successful and polarizing executive with the Cardinals until 2011.

How would that work? CBS Sports writer Matt Snyder wonders whether the effort wasn’t used to undermine potential trades. There are all sorts of ways in which this kind of information could have been used to sabotage the Astros, especially on the personnel front where Lunhow would end up responsible for the failure.

Granted, this is nothing in terms of the damage done at OPM with their all-but-nonexistent security on the federal government’s most sensitive personnel data. The US may pay the price of that for decades, not just a couple of baseball seasons, both in money and potentially in lives, if the extent of that hack goes as deeply into intel services as some have reported. Yahoo’s Olivier Knox reports that OPM has begin offering victims of the hack million-dollar insurance policies to cover any losses from identity theft:

But the potential personal impacts on individual government workers are becoming clearer, thanks to an OPM email offering millions of them a range of services including identity theft insurance policies worth up to $1 million.

The offers came in a message from OPM’s chief information officer, Donna Seymour. Yahoo News obtained a copy from a source who received the message shortly after 6 p.m. on June 9, four days after OPM admitted to the disastrous breach.

The source, who requested anonymity, said the agency they work for was also offering counseling services “for anyone who is experiencing stress from the situation.”

Seymour’s chilling notice announces, “You are receiving this notification because we have determined that the data compromised in this incident may have included your personal information, such as your name, Social Security number, date and place of birth, and current or former address.”

The rest of the message conjures up nightmare scenarios for what someone might do with that purloined information — such as committing a crime under a federal worker’s stolen identity. It also emphasizes that “while we are not aware of any misuse of your information,” OPM has partnered with a private-sector identity theft protection firm called CSID to mitigate the damage.

Glenn Reynolds has called the OPM hack the Pearl Harbor of cyberspace, even if few are paying attention. Those of us with SF-86s are paying attention, to be sure. This story isn’t the 1919 Black Sox scandal, but if true, it’ll be an ugly stain on the sport in its own regard.

Somehow I don’t think that the Cards will have to come up with million-dollar insurance policies for these players, which would cover one bad month on the road for those in the majors. If this turns out to be true, though, the Cards had better pay a steep price for this kind of foul ball. Deflated footballs and surreptitious videotape are bad enough for sports, but outright data theft and cyber attacks go far beyond the normal realm of unsportsmanlike behavior. MLB needs to take decisive and massive action against the Cards if the FBI investigation substantiates the allegations, if for no other reason than to give every possible incentive to avoid a repeat.