The FBI is investigating whether the St. Louis Cardinals’ front office hacked the internal network of the Houston Astros to steal information about players.
According to the New York Times, investigators have unearthed evidence that Cardinals employees penetrated the Astros’ network and accessed information such as proprietary statistics, scouting reports and internal discussions about trades.
“The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros’ database,” the team said in a statement. “The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further.”
According to MLB.com, Major League Baseball Commissioner Rob Manfred told reporters Tuesday that the league knew of the investigation in advance of the report.
“To assume that that investigation is going to produce a particular result with respect to the Cardinals — let alone to jump to the use of the word like cyber-attack — I just think that we don’t know that those are the facts yet,” he said.
The same day the league released an official statement explaining that it has cooperated with the investigation and that once it is completed, league officials will evaluate the situation and decide if any further steps need to be taken.
Professional sports teams maintain a treasure trove of highly-sensitive intelligence that can serve as a lynchpin for developing a successful scouting strategy – not only within their own organizations, but also across the league, noted Mohan Koo, co-founder of Dtex Systems.
“The digitization of this data has created new risks that these organizations haven’t fully secured against,” he said. “Because the investigation into the Cardinals’ front office involves the actions of a group of disgruntled employees, this is shown to be especially true when it comes to malicious employee activity.
Hacking isn’t always about stealing credit cards; it can also be about access to information that provides a competitive edge, said Ken Westin, security analyst for Tripwire.
“We have increasingly seen this behavior in business where hackers steal and sell information to competitors or investors to give them an edge,” he said. “A baseball team hacking another team is a logical extension of this type of attack, as it is in the end a business as well with high financial stakes, by accessing information on players their goal is to give themselves a competitive edge.”
“This intrusion illustrates, very clearly, that everyone has data on their network that someone else wants and that could hurt the organization in the event of a malicious intrusion,” added Eric Cowperthwaite, vice president of advanced security and strategy at Core Security. “It could be data about high value employees, like the Astros’ players, or intellectual property…or proprietary mining and drilling technology in the oil and energy sectors.”
Both the Cardinals and the Astros are currently in first place in their respective divisions.
