Top US baseball team accused of hacking rival

The St. Louis Cardinals, one the United States’s top major league baseball teams, is being investigated for allegedly hacking into the computer systems of sporting rivals.

According to claims first made public in a New York Times report, evidence has been uncovered that Cardinals staff broke into a network belonging to the Houston Astros, and accessed a database containing sensitive information.

Information held in the database (known as Ground Control) is said to have included internal conversations about trades, statistics and scouting reports.

To be honest, the news of a hack doesn’t come as a complete shock.

Last year, sports blog Deadspin reported that 10 months’ worth of Astros’ internal chatter about trades had been published on the internet, after an unknown party managed to access Ground Control.

Whether that incident is related to the current investigation is unclear, but it does suggest that security on the Astros’ system was not as strong as it should have been.

St Louis CardinalsIn a statement given to the press, the St. Louis Cardinals said it would co-operate fully with the authorities:

“The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros’ database. The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further.”

Commissioner of Major League Baseball Rob Manfred told a curious press pack that it was too early to say what the outcome of an investigation into the alleged hack would be, but that the MLB would co-operate with the authorities:

“There is an ongoing investigation with respect to an unauthorized entry into Houston’s system. To assume that that investigation is going to produce a particular result with respect to the Cardinals – let alone to jump to the use of the word like cyber-attack – I just think that we don’t know that those are the facts yet.”

“There is an ongoing investigation; we’ve been fully cooperative. Obviously, any allegation like this, no matter how serious it turns out to be, is of great concern to us. But it’s just too early to speculate on what the facts are going to turn out to be and what action, if any, is necessary.”

According to the New York Times, one theory being investigated is that front-office employees for the Cardinals may have been attempting to wreak revenge on current Astros’ general manager Jeff Luhnow, who had held an executive position with the Cardinals until four years ago.

And, of course, it’s important to stress that if a hack did occur, it wasn’t necessarily with the approval or knowledge of the team’s management. Furthermore, it’s possible that any hack would not have required any specialist skills or hacking tools, but might merely have required the unauthorised use of a password that should perhaps have been zapped long ago.

It’s fairly unusual to hear stories of professional sports teams hacking each other, as opposed to rival companies or indeed governments, although it’s clear that spying can and does take place on occasion to boost a team’s chances of success.

For instance, in the world of Formula One Racing, McLaren was punished with a $100 million fine and the loss of all of its points for the season, after it was caught using documents leaked from its rival Ferrari.

Baseball batMy advice? If you run a sports team, drum it into your staff that cheating in any form – including accessing the computer systems of rivals – is unacceptable.

Just because you can do something doesn’t mean you should do something.

And if drumming it into them doesn’t work, try a baseball bat instead.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.