The last time we checked in on the St. Louis Cardinals’ hacking scandal was the day after former scouting director Chris Correa pled guilty to crimes associated with the unlawful hacking of Houston Astros information systems in 2013 and 2014.
The entire transcript from those proceedings is now available (Houston Chronicle), and we’ve learned some important new information.
At the hearing, Correa pled guilty to five counts of unauthorized access into the Astros’ system, and, perhaps inadvertently, added another layer of intrigue to the story.
While admitting his guilt, Correa made sure to emphasize that his initial motive was to see if the Astros had stolen anything from the Cardinals when Jeff Luhnow departed to take over Houston’s front office. Although Correa admitted to doing much more, the Judge lingered on his motive. When asked if he found any Cardinals information in the Astros’ system, Correa responded affirmatively.
“Who did you tell?” the judge asked.
“Colleagues,” Correa responded.
That could have implications as MLB takes over the investigation for its own punitive purposes.
I’m not sure whether or not the “lone gunman” defense was ever going to be convincing here, but as it stands, it’s no longer even valid. By his own admission, Chris Correa, the Scouting Director for the St. Louis Cardinals, hacked into the Houston Astros database and then told more than one coworker about his actions. That’s not a good look.
There haven’t been any further indictments based on the allegations that other Cardinal “colleagues” knew about the hack, OR on the insinuation that the Astros had proprietary Cardinals information themselves. Correa’s plea deal includes a maximum of five years in prison, and his sentencing is scheduled for April 11.
Assistant U.S. attorney Michael Chu relayed this information, adding that the password was based on someone “who was scrawny and who would not have been thought of to succeed in the major leagues, but through effort and determination he succeeded anyway.”
From there, the implication in the transcript was that password was as simple as Eckstein123 – which is … less than the most secure or acceptable password. Even Eckstein, himself, agrees on that one:
I guess Eckstein123 was NOT just enough… #thisisnotthepasswordyouarelookingfor
— David Eckstein (@DavidEckstein22) January 23, 2016
[*Brett scrambles to change all site passwords to the more complicated Bryant987*]
Even though a password of such simplicity is inadvisable (and, let’s admit it, a little bit funny), of course, that doesn’t change the seriousness of the activity.
… although, if you read through the transcript, even the judge was making light of the revelation.
Brett Taylor contributed to this post.