No matter how big the alleged Cardinals-Astros hack was, expect the feds to take it seriously

68 Comments

In the end, if I were a betting man, I’d bet that one or two low-level Cardinals employees take the fall for whatever results from the FBI investigation into them hacking the Astros. And by “take the fall” I don’t mean that they’re made scapegoats. Given what we know thus far about the FBI investigation, it was not a sophisticated thing and may very well have been considered a lark or an impulsive stunt by someone who simply didn’t like Jeff Luhnow back when he was their boss. The odds of it being an organizational-wide conspiracy seem low.

But to diminish the scope of the alleged hacking of the Astros’ system is not to diminish its seriousness. Not from a legal perspective anyway. Because the infiltration of someone else’s computer system, no matter how easily and primitively it was done, is covered by a particularly pernicious federal law: the Computer Fraud and Abuse Act (“CFAA”).

The CFAA is an old law as far as tech laws go. It was developed in 1984, back when Congress was just coming to grips with the fact that computers were the future and that hacking was a potentially serious deal. Of course, as Congress tends to do when it doesn’t fully understand something, it legislated broadly and somewhat sloppily. The CFAA and its many amendments and revisions — some wound up into the Patriot Act — are now vague enough to where it has been used to prosecute people for any computer-related crime. Once it was used in a case where a woman created a fake MySpace page to cyberbully a teenage girl, which resulted in the girl committing suicide. An awful act to be sure, but one which really didn’t fit neatly into the category of Computer Fraud given that no external system was improperly accessed. It’s use in that case showed just how malleable the law is and how eager prosecutors are to use it in a media-heavy case where, well, something must be done.

Getty Images

More infamously, the CFAA was used to prosecute famous hacker Aaron Swartz. Swartz was arrested and charged under the CFAA for surreptitiously installing a computer in order to download academic journal articles from a company which normally charges for the privilege of using them. While his violation, in essence, was one in which terms of service were not followed, Swartz was charged with 11 violations of the CFAA and faced a $1 million fine, 35 years in prison, asset forfeiture, restitution, and supervised release. Ultimately his charges were in the process of being pleaded down, but Swartz killed himself when negotiations with the feds failed to progress.

The upshot: This may have been an impulsive or spiteful action, as opposed to some orchestrated espionage effort. It may have involved one person rather than five or 10 and may have been as simple as looking up old passwords rather than some sophisticated hackery. But, to the feds, it may be considered something highly felonious and may turn into something huge. Especially given that, unlike some CFAA cases, this one actually allegedly involved the fraudulent accessing of a computer network across state lines.

Perhaps federal investigators and prosecutors will show restraint in this instance. After all, knowing that the Astros may have wanted to trade for Ichiro Suzuki is not a big deal in the grand scheme. But when was the last time federal prosecutors showed restraint? Especially when baseball — which the Feds have always used in order to make an example — is involved.

Finally, recall that the reporter who broke this story is Michael S. Schmidt of the New York Times. He’s a good reporter who broke many stories about federal steroids investigations. And he has spent more time on the national security beat in recent years. His sources tend not to be the sorts who are less-than-eager to go full-bore into federal violations.

Which is to say that someone, perhaps someone with the Cardinals, is in for a world of pain.

Brewers have 3 positive COVID tests at alternate site

Jeff Hanisch-USA TODAY Sports
1 Comment

MILWAUKEE — The Brewers had two players and a staff member test positive for the coronavirus at their alternate training site in Appleton, Wisconsin.

Milwaukee president of baseball operations David Stearns confirmed the positive results Saturday and said they shouldn’t impact the major league team. Teams are using alternate training sites this season to keep reserve players sharp because the minor league season was canceled due to the pandemic.

Stearns said the positive tests came Monday and did not name the two players or the staff member. Players must give their permission for their names to be revealed after positive tests.

The entire camp was placed in quarantine.

“We have gone through contact tracing,” Stearns said. “We do not believe it will have any impact at all on our major league team. We’ve been fortunate to get through this season relatively unscathed in this area. Unfortunately, we weren’t able to get all the way there at our alternate site.”

Milwaukee entered Saturday one game behind the Reds and Cardinals for second place in the NL Central, with the top two teams qualifying for the postseason.

The Brewers still will be able to take taxi squad players with them on the team’s trip to Cincinnati and St. Louis in the final week of the season. He said those players have had repeated negative tests and the team is “confident” there would be no possible spread of the virus.

“Because of the nature of who these individuals were, it’s really not going to affect the quarantine group at all,” Stearns said. “We’re very fortunate that the group of players who could potentially be on a postseason roster for us aren’t interacting all that much with the individuals that tested positive.”