Showing posts with label Ground Control. Show all posts
Showing posts with label Ground Control. Show all posts

Tuesday, January 31, 2017

Tuesday Morning Hot Links

*The Astros will receive the Cardinals' bonus pool money for the extra picks in the 2017 draft. The Astros don't get the Cardinals' 1st Round pick, because they had already forfeited that to the Cubs for signing Dexter Fowler. Still, the Astros will now get to spend a little over $8.6m on the draft, an increase of about $1.8m, which is slightly less than the $2m the Cardinals have to pay the Astros.

*I had some thoughts re: Correa's "lone wolf" status

*Bob Nightengale: The real damage was only done to the "Cardinals' pristine reputation." /gets cramp from making jerk-off motion.

*Tom Verducci says the Cardinals got off easy.

*So does Ken Rosenthal, because - as he says - the Cardinals' figured they'd at least lose their 1st Round pick, so they were able to be more aggressive in targeting free agents. The #19 overall pick (which now belongs to the Cubs for the Fowler signing) is slotted at more than the #56 and #75 picks combined.

*Cards GM John Mozeliak thinks the penalty was "stiff:"
I think the organization, even though we didn't do anything wrong, we understand that the commissioner had to make a decision and that that ruling obviously affects us. I think his message is this can't happen again. And, therefore, the penalty did have to be stiff. 

*SI's Ben Reiter notes that just about the only one who is - on the surface - okay with the Cardinals' penalty is the Astros themselves.

*Tim Brown: Nobody in this dumb affair won.

*Phil Garner will spend a week at Spring Training helping A.J. Hinch.

*Colby Rasmus will make $5m in Tampa Bay this year, with up to $2m in incentives.

*The Rangers and Rays have discussed a trade involving Jurickson Profar.

Thursday, October 6, 2016

Thursday Morning Hot Links

*Can you name the Astro who led the team in bWAR (Baseball-Reference's version of WAR) for each season?

*It's official - the Astros have purchased the High-A club in Fayetteville, North Carolina. This new partnership will begin in the 2017 season. Back in August the Astros and the city of Fayetteville were moving forward on plans to build a downtown stadium that would be ready in time for the 2019 season, so they're going to have to find a temporary place to play. There is Fayetteville State University in town, but they don't have a baseball program. And playing at a college isn't necessarily as ideal as it would seem, as the High-A schedule runs from early April to the beginning of September. A team in the Appalachian League, that is only June to September, would be a little different.

*Buck Showalter had a bad night on Tuesday. But maybe no one in baseball - especially a minor-leaguer - had a worse night than Brooks Marlow last night, who tweeted that "no lady" should be talking on ESPN "specially" (sic) Jessica Mendoza. Marlow, the Astros' 29th Round draft pick in 2015 out of UT, hit .205/.302/.329 in Lancaster this season. When the Astros make Deadspin, it's never good. The Astros released a statement saying that Marlow - who has deleted every single tweet from last night, including ones mocking the people who called him out for being a sexist - understood that his tweet was terrible. Marlow has also deleted his account, which is a good call.

*Major League Baseball is apparently nearing a decision on the Cheatin' Ass Cardinals' breach into Ground Control, as they're about to finish up the investigation. The penalty/ies to the Cardinals could come soon after the World Series. Commissioner Rob Manfred:
We are in the process of finishing up our investigation. Candidly, I wish it had gone a little faster. I wish it had gotten a little more help a little sooner from the U.S. attorney's office. But the cards come up how they come up, and we're going to finish our investigation, and there will be a resolution of that during the offseason. 

*Tim Brown: The bigger the game, the bigger Bumgarner's legend grows.

*Vice Sports: How the Giants created baseball's most boring dynasty

*Deadspin: I covered the Braves for a newspaper that didn't exist.


Monday, July 18, 2016

Former Cardinals Scouting Director Gets 46 Months

Former Cardinals Scouting Director Chris Correa was ordered to pay almost $280,000 in restitution and was sentenced to 46 months in prison today.

Astros legal counsel Giles Kibbe said that Correa accessed Ground Control - the Astros internal database - at least 60 times between March 13-June 28, 2014. This is a far higher number of breaches than was previously indicated by prosecutors.

The County Mountie, our InfoSec specialist, wrote up a little something back in January:
Correa is the criminal here. He accessed the Astros database unauthorized. Whether or not he was looking for proprietary data is irrelevant. His timing coincided with both the trade deadline and the draft. This wasn't about what the Astros took, it's what the Cardinals took and gained an advantage from. Whether or not Correa shared the information with GM is irrelevant. He was in a position to gain from the position he accessed.

Not Hank Aaron, our Legal specialist, wrote last July, of Correa's defense that he broke into Ground Control to see if the Astros stole any of the Cardinals' proprietary data:
Now, I don't claim to be an expert in this area of law, but, this is really dumb. Unauthorized access to someone else's computer is a federal crime, under the Computer Fraud and Abuse Act. That's why the FBI is involved in this investigation. You don't get to commit a federal crime just because you think someone has wronged you. I feel like this is important advice.

It's sort of like going into someone else's house to see if they have the tv you think they stole from you. If you get caught, you're the one breaking & entering. 

It's worth noting in David Barron's write-up in the Chronicle that Judge Lynn Hughes got salty with Correa:
But even as Correa admitted his wrongdoing, Hughes interjected his own descriptions of the defendant's actions - "intentionally, over a long period of time, stupidly."

Motherboard has this take:
It's also debatable whether guessing a password - or even sharing a password - to access a database should lead to almost four years in prison. In this case, the sentence was based on the calculation that Correa's unauthorized access to the data cost the Astros $1.7 million. Correa caused this damage by accessing the Astros' "notes on its trade discussions with other teams," as well as their scouting reports. 

Now the matter is turned over to MLB and Rob Manfred, who may or may not do anything to the Cardinals.

Wednesday, January 13, 2016

Wednesday Morning Hot Links

*Six players filed for arbitration yesterday, with projections showing they will account for about $23m. Dallas Keuchel predictably leads the way in MLBTR's arbitration projections. Teams and players exchange figures on Friday. The Astros haven't had an arbitration case go to a hearing since Hunter Pence in 2011.

*In Evan Drellich's bits of tid, we see that Alex Bregman - who is six months older than Carlos Correa - will not be changing positions in Spring Training. We also see that 2009 1st Round pick Jio Mier has signed as a minor-league free agent with Toronto.

*Here's an interesting take on the Ground Control breach from Viva El Birdos.

*David G. Temple: This won't be the last hack in pro sports.

*Hall of Famer Monte Irvin died in Houston yesterday at the age of 96.

*Check out the Hardball Times on lamenting LOBsters.

Tuesday, January 12, 2016

Tuesday Morning Hot Links

On this date in 1999 the Astros signed 19-year old pitcher Eny Cabreja to an amateur free agent contract. Following the 2002 season he would be known as Wandy Rodriguez. Wandy went 80-84 in eight seasons with the Astros, posting a 4.04 ERA/1.34 WHIP.

*First things first on the saddest I've been for a celebrity death since Elliott Smith:

10. Let's Dance
9. Sorrow
8. Drive-In Saturday
7. Space Oddity
6. Diamond Dogs
5. Heroes
4. All The Young Dudes
3. Changes
2. Rebel Rebel
1. Life on Mars?

*Luhnow would like to add more depth to the rotation that currently features Keuchel, McHugh, McCullers, Feldman, and...a host of candidates for SP5.

*Cardinals GM John Mozeliak says that, despite the Cardinals running their own investigation into Chris Correa's "hack" of Ground Control, he only realized the scope of Correa's actions when the indictment was made public.

He also wants you to remember The Cardinal Way:
I certainly am aware of what's been said, or at least mentioned on social media outlets. Some of it is not very flattering. You think about all the different elements that go into this, and your hope is that in the end, you can still be proud of what we do here.

*The Cardinals are looking at a range of punishments from "fines to financial restraints to confiscating draft picks...the Astros also could be awarded damages."

*SB Nation's Mike Bates:
In the wake of Chris Correa's admission that he illegally spied on the Astros, the Commissioner is probably going to do what he seems to always do: Nothing.

*Nathaniel Grow's breakdown of the big ol' lawsuit about MLB broadcasts is a must-read.

*More than 1100 current and former minor-league players have signed on to a class-action lawsuit against MLB and 22 baseball teams for violations of labor laws.

*NY Post's Ken Davidoff: The Hall of Fame/PED topic is the most controversial for the Hall since the Negro Leagues.

*The Diamondbacks signed Wesley Wright.

Friday, January 8, 2016

Friday Late-night Links: Cardinals breach of Astros

I'll have some thoughts on the Cardinals breach of the Astros systems below. Here are some links to get you started.


David Barron is killing it (as usual): Chris Correa has pleaded guilty to five of 12 counts of unauthorized access to a computer owned by the Astros. Sentencing is April 11. Which as Barron notes is the home opener for both the Cardinals and Astros.

MLBTradeRumors is also killing it (as usual), with a well rounded update of the days actions.

Here's the actual indictment of United States of America v. Christopher Correa. It's only a five page read (anyone in information security will get a kick out of it).

Walkthrough and thoughts

Perusing the web, most people seem interested in what the Cardinals punishment will be and/or what the Astros will get out of this. I don't have any insight into what could happen here. This is uncharted territory for MLB. The Astros most likely can't sue the Cardinals and the case will have to be handled in house.

What I can speak to is how this went down and lessons learned.

Per the indictment, Chris Correa got access to the Astros database because of password reuse. Plain and simple. When Victim A turned in his equipment to Correa, he was asked for his password. Victim A gave Correa his password. Why would he do this? I'm not entirely sure, but my inclination would be that Victim A had important information on that laptop that Correa needed. Either way a password change of Victim A's Cardinal account or admin account would have accomplished the same thing.

Then Victim A reused or used something similar when setting up his Astros database and email account. This gave Correa the password or something similar to the password. A few character changes and he gets in. That's it.

Correa is now longing into the Astros system, with a legitimate account, accessing information that give the Cardinals a leg up in trade and draft scenarios. This is something that would be very hard to detect, especially with personnel traveling all over the world.

The Astros then have Ground Control featured in the Houston Chronicle, and whoops the non-public URL for logging into the database is in a photo prominently displayed on the Houston Chronicles website. They decide to reset all passwords. Good move. Except that it gave Correa even more access than he already had.

Passwords for the database were reset for everyone (but not email). An email was sent out with a new default password for everyone. Correa, still having access to email, got that password and was now able to login to any account that didn't change the default password. Which how Correa got into Victim B's account. Which had quite the trove of information.

Correa is the criminal here. He accessed the Astros database unauthorized. Whether or not he was looking for proprietary data is irrelevant. His timing coincided with both the trade deadline and the draft. This wasn't about what the Astros took, it's what the Cardinals took and gained an advantage from. Whether or not Correa shared the information with GM is irrelevant. He was in a position to gain from the position he accessed.

On the other side, this was preventable. Password reuse is a big one. Giving a password to another person is even worse. Even with that two-factor authentication prevents this entirely. The password reset is a good idea for keeping people on the outside from getting in. When someone's already in it's much tougher to defend again.

I'm not sure how the database was setup, but sending the same default password to everyone is a bad idea. So is sending a password in an email in general a bad idea. Forcing a password reset the next time someone logs in is probably the best way. Correa could have changed the password for his account access, but that would have sent up a red flag when that person tried to login and his password didn't work.

My question is who and why was internal data dumped on pastebin. Correa had an inside on the Astros database that he could have maintained for a really long time. The pastebin dump was the big red flag that someone was in the Astros database and likely prompted the organization to call in the FBI to investigate. Correa was using TOR but wasn't likely doing enough to clean up his tracks on the inside the database and outside to keep from getting caught.

There's still plenty to follow in this story, but it looks like it's finally winding down. Sentencing, MLB's investigation results, and punishment (or lack-thereof).

This has been fun. Remember kids, never give your password to strangers or anyone for that matter.



Tuesday, June 16, 2015

Cheatin'-ass Cardinals links

Here's a collection of reads for you regarding the confirmation of what we knew all along: that the Cardinals suck.

Barry Svrluga (Washington Post): Authorities investigating whether Cardinals hacked Astros' network
The security breach - in which Cardinals officials are alleged to have accessed a wide array of proprietary information - alarmed executives throughout baseball, some of whom characterized the case as potentially among the sport's worst scandals. Those officials said teams take extraordinary measures to protect information - including trade discussions, evaluations of players and scouting methods - and a rival team could gain "an extraordinary advantage" by tapping into such a database, one official said.

One baseball executive:
"Oh my God. This is so much bigger than 'SpyGate.' If you have access to another team's full data mix, it's literally unlimited the advantage you could gain."

Derrick Goold (St. Louis Post-Dispatch): Cardinals say they were aware of FBI hacking investigation
The Cardinals have been cooperating with the investigation for at least the previous four months, though some employees said they were unaware of the team's alleged involvement until Tuesday morning. In Boston, commissioner Rob Manfred said that Major League Baseball did not intend to pursue it's own investigation.

Jerry Crasnick (ESPN): Sign-stealing goes high-tech
Corporate espionage is corporate espionage, whether it's Coke vs. Pepsi, McDonald's vs. Burger King, or two MLB teams that haven't had much of a rivalry since Albert Pujols took Brad Lidge deep in the 2005 National League Championship Series. Baseball is a $9 billion business, and if the Cardinals or any other team can gain an advantage over the Astros (or any other team), there's going to be a temptation to try.

Jeff Gordon (St. Louis Post-Dispatch): No reason for Cardinals to act like Patriots
Industrial espionage would be conduct unbecoming America's Model Baseball Franchise. If the FBI finds merit in these allegations, the Cardinal's previously pristine image would be soiled. You know what that means: Folks will wonder what other transgression the Cardinals have committed while trying to gain advantages. Do the Cardinals keep winning because they run a better operation than most franchises...or do they keep winning because they cheat? No franchise wants to deal with such nonsense.

Nathaniel Grow (FanGraphs): The legal implications of the Cardinals' alleged hacking
While some are understandably comparing Tuesday's news to the NFL's recent "SpyGate" scandal...if true, the Cardinals' alleged hacking would, of course, be much more serious. Beyond just league-imposed penalties, the hacking allegations carry the possibility of criminal prosecution, not just for the Cardinals employees involved in the breach, but potentially for the organization as a whole.

(Read that article for the actual legal issues the Cardinals may be facing)

Tom Ley (Deadspin): What the Cardinals learned from hacking the Astros

Maury Brown (Forbes): Just how high up in the front office could the Houston Astros hack go?
Should (GM John Mozeliak), assistant GMs, or key persons in the analytics department of the Cardinals be hit, it could erode the way the club has performed with respects to not only play at the Major League level but their ability to always have prospects in the pipeline.

Craig Calcaterra (Hardball Talk): No matter how big the alleged Cardinals-Astros hack was, expect the Feds to take it seriously
Perhaps federal investigators and prosecutors will show restraint in this instance. After all, knowing that the Astros may have wanted to trade for Ichiro Suzuki is not a big deal in the grand scheme. But when was the last time federal prosecutors showed restraint? Especially when baseball - which the Feds have always used in order to make an example - is involved.

Dejan Kovacevic (DK On Sports): Are Cardinals cheaters?
It's a sensational story on the surface, no question. It's got all the fodder of Patriots-sized headlines, public outrage, Today show, Oprah, the whole deal. But sorry, upon digging past that surface, there just isn't much there...If you're going to hack into someone's system for a competitive edge, why the Astros, who aren't even in the same league, much less the same division, anymore?

Monday, June 30, 2014

"Ground Control" Leaks: Astros County Official Position Statement

Here at Astros County, we feel that it is important to issue a Position Statement on the Ground Control leaks.  The process of agreeing to a position has been made more difficult with the Constable off the grid, but we have toiled away since the news broke, and come to the following:

Meh.

Stay tuned for more in-depth analysis of all important things Astros.