Former STL Cardinals Scouting Director Gets Jail Time For Illegally Accessing Astros Scouting Database
from the the-cardinal-way dept
If you'll recall, early on this year we wrote about the very strange story in which the at-the-time scouting director for the St. Louis Cardinals, Chris Correa, used the old passwords of a former employee who had since taken a job with the Houston Astros to break into the opposing team's scouting database. The actions were fairly brazen, leading many to wonder how in the world Correa thought he was going to get away with this. The government charged him under the CFAA, to which Correa pleaded guilty. At the time, I concluded the post guessing that Correa, given his standing and the fact that he isn't named Aaron Swartz, would get off with minimal if any jail time.
Well, when you're wrong, you're wrong. While Correa didn't get anything like the half-a-century jail time that the feds had threatened Swartz with, he is getting nearly four years worth of jail time, which is much more than I had expected.
Chris Correa, the former St. Louis Cardinals scouting director who illegally accessed the Houston Astros database known as Ground Control, was sentenced to 46 months in prison today in Houston federal court.
Correa, who was fired by the Cardinals in July 2015, pleaded guilty in January to five counts of unauthorized access of a computer. According to prosecutors, Correa used an old password of a former Cardinals employee, who took a job with the Astros, to log into Ground Control and download the Astros’ scouting reports, information on possible MLB draftees, and other notes. Correa has also been assessed a fine of $279,038. Prosecutors valued the damage done to the Astros from his actions at $1.7 million.
Without wanting to dance on another human being's jail sentence, I will say there is something slightly satisfying in seeing this case conclude with real jail time, as opposed to some kind of slap on the wrist. It does nothing to soften the still gaping wounds stemming from the Swartz tragedy, of course. Still, so much of the time we see laws like the CFAA applied in the most haphazard way, whereas this was about as perfect an application for it as I can think of.
Somehow the rest of the Cardinals organization has skated by unscathed. The Cardinal Way and all that, I guess.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cfaa, chris correa, hacking, jailtime, scouting
Companies: houston astros, mlb, st. louis cardinals
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
cruel and unusual punishment
[ link to this | view in thread ]
Re: cruel and unusual punishment
Brock Turner, on the other hand, is a sociopath (and the son of a sociopath) and should be locked up somewhere where he gets violently raped every single day for the next 20 years.
[ link to this | view in thread ]
Re: cruel and unusual punishment
[ link to this | view in thread ]
Now the question I have is: Why would these passwords still work? This is security 101, and not excusing Correa's actions, it would not have been possible had the Astro's had even the most basic opsec in place.
This isn't hacking. It's hardly even social engineering.
[ link to this | view in thread ]
Re:
- Employee leaves Cardinals and is ordered to give his laptop to Correa along with its password.
- Employee joins Astros, and uses a similar (but apparently not identical) password for his account there.
- Correa later gains access to former employee's account by correctly guessing the variation used on the old password.
This has absolutely nothing to do with the competence of the Astros' IT policies.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
(I removed the insightful click from MadAsASnake and I gave it to you).
[ link to this | view in thread ]
the last phrase.
[ link to this | view in thread ]
Re: cruel and unusual punishment
[ link to this | view in thread ]
Re: Re: cruel and unusual punishment
[ link to this | view in thread ]
Cardinals punishment is coming
[ link to this | view in thread ]
Re: Re: Re: cruel and unusual punishment
It's not bug.
[ link to this | view in thread ]
Re: Re: cruel and unusual punishment
[ link to this | view in thread ]