Former St Louis Cardinals Scout Gets Four Years for Hacking Rival

Former St Louis Cardinals Scout Gets Four Years for Hacking Rival

A former Major League chief scout has been sentenced to nearly four years in jail after pleading guilty to hacking the computer systems of a rival team to gain a competitive advantage.

As Infosecurity reported at the time, St Louis Cardinals scouting director Chris Correa pleaded guilty to five counts of unauthorized access to a computer from March 2013 until at least March 2014, when he was promoted to director of baseball development.

It’s said that he accessed the “Ground Control” database managed by the Houston Astros which contained highly sensitive information on player trades.

Correa accessed a scouting list of every eligible player for that year's draft, and viewed notes on bonuses, recent performances and injuries, according to AP.

He gained access via the account of former St Louis general manager, Jeff Luhnow, who left to become GM of the Astros but had to turn his work laptop in first.

It’s thought Luhnow used the same or similar password at Houston to the one he used at St Louis, making it child’s play for Correa to access the database. When the Astros tightened security, Correa is said to have hacked Luhnow’s email account to get the new credentials.

The whole incident cost the Astros around $1.7m, with Correa able to use the stolen information to draft players for St Louis. He accessed the database some 60 times, according to Astros general counsel, Giles Kibbe.

Correa has been ordered to pay $279,038 in restitution and will spend 46 months behind bars – although he was originally facing five years for each of the five counts of unauthorized access he was found guilty of.

"I violated my values and it was wrong. I behaved shamefully," he reportedly told the court. "The whole episode represents the worst thing I've done in my life by far."

The St Louis Cardinals – one of the country’s most successful teams after the New York Yankees – now faces potential fines and/or penalties once investigators get hold of the details of the case from the relevant authorities.

Source: Information Security Magazine