eDiscovery Daily Blog

“Stealing Signs” in Baseball Takes on New Meaning in the Information Age: eDiscovery Trends

According to an article in the New York Times, one Major League Baseball team has defined a new way of playing “hardball” with the competition – hacking into the network of another team to capture closely guarded information about players.

Front-office personnel for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, are under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of my hometown team, the Houston Astros, to steal internal discussions about trades, proprietary statistics and scouting reports, among other competitive information.

According to law enforcement officials, investigators have uncovered evidence that Cardinals employees broke into a network of the Astros that housed special databases the team had built. The investigation is being led by the F.B.I.’s Houston field office and has progressed to the point that subpoenas have been served on the Cardinals and Major League Baseball for electronic correspondence.

In June 2014, the Astros claimed to have been victims of hackers who accessed their servers and published months of internal trade talks on the Internet. It was then that the team began working with the FBI and Major League Baseball security in an effort to identify who was responsible for the breach.

Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011, credited with building baseball’s best minor league system, and with drafting several players who would become linchpins of the 2011 world champion Cardinals team.

Investigators believe that Cardinals personnel, concerned that Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Luhnow and the other officials when they worked for the Cardinals. The Cardinals employees are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.

Doesn’t Luhnow know that an insufficient password will leave you exposed? Or that almost thirty percent of data security incidents are due to human error?

That tactic is often used by cybercriminals, who sell passwords from one breach on the underground market, where others buy them and test them on other websites, including banking and brokerage services. The breach on the Astros would be one of the first known instances of a corporate competitor using the tactic against a rival. It is also, security experts say, just one more reason people are advised not to use the same passwords across different sites and services. It would not be a stretch (7th inning or otherwise) to see attacks like this happen among competitors in other industries. Or even between adverse parties in litigation.

Ironically, the Cardinals are accused of stealing the data last year, when the (dis)Astros were coming off three of the worst seasons in major league history. This year, they’re one of the best teams in baseball, at least for now. Hopefully (at least for Astros fans like me), they’ve improved their off-the-field cybersecurity protocols as well as they have improved on the field.

So, what do you think? Do you expect to see more breaches like this between competitors in various industries? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.