back to article Cardinal sin: Ex St Louis baseball exec cops to 'hacking' rival team's db

The former scouting director of the St Louis Cardinals baseball club has admitted he illegally poked around in the player database of a Major League Baseball rival. Chris Correa pleaded guilty on Friday at a Houston federal court to five counts of unauthorized access to a computer stemming from a 2013 infiltration of the email …

Silver badge
Childcatcher

Gate open, horse bolts

"Whether it's preserving the sanctity of America's pastime or protecting trade secrets, those that unlawfully gain proprietary information by accessing computers without authorization must be held accountable for their illegal actions."

I suggest that the gaping hole created by the practice of not enforcing effective password related policies (or any at all) should also be punished in some way or at least highlighted. If America (how can a US Attorney escalate this local fuck up countrywide) wants to preserve the sanctity of their pastime or protect their trade secrets, then they do so and not leave the door off the latch. Note that you can't throw assault rifles at this task, unfortunately you have to use common sense instead.

8
2
Silver badge

Re: Gate open, horse bolts

Ideally, every company would issue a password manager on each computer. This would stop a lot of this type of intrusion. Plus, it would stop employees from using their Facebook password as an example as their login password at work. But.. dollars and profit and all that.

3
3

Re: Gate open, horse bolts

> I suggest that the gaping hole created by the practice of not enforcing effective password related policies (or any at all) should also be punished in some way or at least highlighted.

Absolutely! Who on earth down voted you?

It's like those German girls in the crowds berating the government for not looking after them the way Hitler would for wearing revealing clothes and arm tattoos in the presence of morons from unknown cultures. (I am not blaming anybody I actually think that if you want to walk around totally naked you should be perfectly safe to do so.)

But it shouldn't require a Nazi state mentality to keep anyone safe. If you leave your car door unlocked and the keys in it then your insurance should refuse to pay. Ever since the moneyball era the practice of hiring computer engineers has become widespread in sport generally. If the powers that be never learned to be careful they shoulder most of the blame.

"Exclusion clauses are found in almost all motor insurance policies, although the precise wording and scope of the clause can vary. Insurers include these clauses because they do not intend to cover loss or damage caused by theft when the consumer deliberately or inadvertently leaves the ignition keys in or on the car."

http://www.financial-ombudsman.org.uk/publications/technical_notes/motor-insurance-keys-in-car.html

Either hire an insurance techies next time, or learn the meaning of the term "great game".

I would sentence all parties to watching Money Ball and The Blind Side every day for a couple of years. That should be enough. Maybe make the Cardinals trade a quarter of their fans to a team less stooooopiiiid?

3
4

@ gerdesj Re: Gate open, horse bolts

"how can a US Attorney escalate this local fuck up countrywide"

Maybe you should do a little research on the US legal system because your understanding of it is grossly defective.

1
0
Silver badge
Pint

"Cardinal Sin"

Cardinal Sin = Cardinal Jaime Sin, former Archbishop of Manila.

https://en.wikipedia.org/wiki/Jaime_Sin

5
0
x 7
Silver badge

the real question is, how did he get caught?

methinks he must have told someone, who then blabbed.....

3
0

"Two people can keep a secret if one of them is dead."

2
0
Anonymous Coward

25 years in jail for using someone else's computer?!

He'd have been better off massacring school children with an assault rifle to get his own way.

Only in the US....

3
3
LDS
Silver badge

How did he obtained the former employee password?

The real issues is how he obtained the former employee password. Does the Cardinals store the password in a reversible way? Does they share passwords, or have user communicate them?

Of course the Astros have issues if they don't force password changes, and anyway important data should be protected by better methods than a single password. They spend millions on people hitting balls with a piece of wood, could spend a little more on authentication devices...

1
0
Silver badge

Re: How did he obtained the former employee password?

I have worked with companies that had common passwords for some accounts and with others that mandate periodic password changes with no sharing. First the Cardinals have some serious policy issues about sharing passwords and Astros have equally idiotic policies. However that does not excuse moron's actions.

0
0
Silver badge
Facepalm

Re: How did he obtained the former employee password?

Of course the Astros have issues if they don't force password changes,

Not only that, when they suspected the intrusion they apparently had some but not all users change passwords. Or the guy who came from the Cardinals changed his password back because he was used to using that one (which he probably also used for facetwitcetera).

0
0
x 7
Silver badge

Re: How did he obtained the former employee password?

"Or the guy who came from the Cardinals changed his password back"

lemme think........6ard1nal5

0
0
Silver badge

Re: How did he obtained the former employee password?

As I recall it was on a post-it note on the former scout's PC. For the Astros to force a PW change means nothing if he re-uses the one from the previous employer. There's no way a new employer can guarantee that all passwords have never been used before by an employee. Except with a password manager than randomly generates the password and such that the employee never sees any passwords except the one to use the manager. Convoluted, isn't it?

2
0
Facepalm

Email account of an ex-employee still receiving emails?

" Even when unauthorized access to the database was detected by the Astros and user passwords were changed, Correa simply logged into the staffer's email account and lifted the new credentials."

Seems to imply that when the employee left the Cardinals they did not suspend / delete his email account (assuming it was a corporate account) or remove it from all distribution lists (if it was a personal account)

1
0

Re: Email account of an ex-employee still receiving emails?

...Or it was a shared account.

Worked for a large company that had open, internet-facing test accounts for tech support to use. Passwords weren't changed (ever) on then, one account that everyone used for everything (same name/pass on multiple systems, too).

A pity, really, that I ethically chose to forget the account when I left as nothing would prevent me from using it now, years later, unless something major has changed.

0
0

There is no evidence, none at all, that the intruder's intent or subsequent actions, had -anything- to do with "stealing" data. There is no evidence that he shared any data he accessed with anyone in his organization, or even made -any- use of it. There is no evidence that anyone else in his organization approved or even knew of his intrusion. His stated purpose (and I choose to believe him) was to determine if former Cardinals employees stole proprietary data or proprietary software or proprietary methods and tools from the Cardinals upon moving to another company (team.)

The above is not a defense of his stupid actions, but, IMHO, casts them in a completely different light, No?

1
0

There's a right way and a wrong way

And this employee chose absolutely the wrong way if that is the case. MLB teams have money and can hire lots of legal firepower. He should have raised his suspicion with management and let them send it to legal instead of playing junior PI.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017