If it has not yet happened to you, the odds are it will soon. One of your friends or coworkers—probably a Cubs fan—will approach you and make a joke about the St. Louis Cardinals hacking the Houston Astros’ proprietary database. The verbal jab will also color the Cardinals as cheaters. It might even reference the New England Patriots. Not that your Cubs fan friend or work acquaintance cares, but analogizing the Cardinals to the Patriots is off-base. Based on what we know from Tuesday's New York Times bombshell, the Cardinals employees' actions were at once worse and not as bad as what the Patriots have been caught doing during the Bill Belichick era.
This analysis begins from the position that the New York Times is not apt to run with a story that does not have sources whose accounts are based on firsthand knowledge of the investigation and corroborated by one or more other individuals with the same. Moreover, Michael Schmidt is a reporter of repute with a track record of breaking stories based on information from sources within the F.B.I. and U.S. Attorney offices. I believe the reporting is accurate, so I’m assuming that the F.B.I. has information establishing the facts as set forth in Schmidt’s must-read reporting.
First we should recognize the qualification Schmidt gives early in the article:
The [law enforcement] officials did not say which employees were the focus of the investigation or whether the team’s highest-ranking officials were aware of the hacking or authorized it.
Now to the meaty revelations:
The intrusion did not appear to be sophisticated, the law enforcement officials said. When Mr. Luhnow was with the Cardinals, the team built a computer network, called Redbird, to house all of its baseball operations information — including scouting reports and player information. After he left to join the Astros, and took some front-office personnel with him from the Cardinals, Houston created a similar program known as Ground Control.
Investigators believe that Cardinals personnel, concerned that Mr. Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Mr. Luhnow and the other officials when they worked for the Cardinals. The Cardinals employees are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.
Initially, it’s easy to see this alleged theft as a consequence of the front-office evolution in baseball. Whereas MLB used to be run by Baseball Men who would have been more interested in stealing signs than proprietary information from another club’s statisticians and physicist, the Wall Street types who have invaded the game have such a thirst for information that it could result in pilfering data from a competitor. But Schmidt’s reporting suggests this is not what happened when Cardinals employees stole information from the Astros. The motive was apparently not to gain a competitive edge, but to get back at Houston general manager Jeff Luhnow for, well, something. From Schmidt:
Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011.
Thus, it appears that "not sophisticated" might very well be a way of saying ignorant—of the law and of the footprints one leaves when using the internet. This appears to cut against a theory that I’ve already seen articulated in the VEB comments and on Twitter: Cardinals IT personnel. Any IT worker worth his or her salt would have a basic understanding of, for example, how IP addresses can be traced. Heck, I am an internet ignoramus and I have a decent understanding of this.
The F.B.I. tracking down the perpetrators in such elementary fashion also indicates this was not a black op hatched at the upper levels of St. Louis management. I can’t imagine GM John Mozeliak putting in motion a plan as ham-handed as this one, so easily traced back to members of the St. Louis organization. I may very well be giving Mozeliak and his lieutenants too much credit. They are undeniably intelligent men, but they are also likely criminal novices and, as such, prone to rookie mistakes. Nonetheless, I feel comfortable giving Mo and his minions credit for being smart enough to not commit a federal crime; or, if they did engage in such criminality, to execute it more cleverly than the culprits here.
Such a conclusion is buttressed by the anonymous posting of information obtained by the hackers. If the perpetrators were acting in the hopes of giving the Cardinals a competitive edge, it seems most likely that they would have logged in using the former employee’s password, stolen the information, and shared it only with individuals in the St. Louis front office. This would have kept the Astros from learning of the breach and potentially allowed the Cardinals to go back to the hacking well to get more information from Houston at a later time. It would undermine a corporate-espionage mission to announce the hack to the world generally and Astros in particular by posting the stolen information online, as the hackers did.
Moreover, the idea that St. Louis officials might have had an ax to grind with Luhnow rings particularly true given the tumultuous tenure he had with the Cardinals. A man capable of seeing where pro baseball was heading, Cardinals chairman Bill DeWitt Jr. hired Luhnow to work in the St. Louis front office. Then-GM Walt Jocketty did not. The injection of analytics and the shift toward a homegrown talent pipeline populated by players drafted and developed internally created a rift within the front office. Things ultimately grew so strained that DeWitt effectively terminated Jocketty’s employment as GM. One of the reasons—perhaps the primary one—that DeWitt hired Mozeliak to replace Jocketty was that he believed Mozeliak could bridge the gap that had developed between the Baseball Men and the more analytics-based camp, of which Luhnow was a prominent voice. While the number of Jocketty holdovers still in the St. Louis front office has doubtlessly gone down over the years, it's not hard to imagine one of them holding a grudge against Luhnow and acting upon it in this way.
We need not limit the suspects to Jocketty loyalists, however. Luhnow has become as well-known for his lack of people skills as his analytical smarts. It's possible his dealings with current Cardinals officials rubbed them in a wrong enough way that they decided to humiliate him by stealing information from the Houston database and leaking it online.
The ultimate findings of the F.B.I.'s inquiry remain to be seen of course. The fact that sources close to the investigation were willing to share with Schmidt so many details suggests that we may find out in the not-so-distant future the extent of what the F.B.I. uncovered by way of federal indictments. But based on what Schmidt reported in the Times on Tuesday, there is not much reason to believe that the Cardinals perpetrated this online theft with the intent of gaining a competitive edge. Rather, it appears to be the work of rogue personnel acting out of personal spite for Luhnow. That in no way excuses a violation of federal law, but it does make your friends' or coworkers' cheating joke ring hollow.