Of the many unanswered questions that promise to make the hacking of the Houston Astros’ “Ground Control” database an extended, spectacular scandal, the most obvious one is also the least explicable: why would someone with illegal access to secret, proprietary information go and leak it?


On June 28, 2014, our tips line received an email from an anonymous remailing service. It was actually sent three times (good thing, because it ended up in our spam folder, and we did not notice it until the next day). With the subject line “Lucas Harrel for Lucas Giolito?!”, the body read:

...was actually proposed? Any way to confirm this http://www.anonbin.com/753432515


The link led to a document on AnonBin, a now-dead service for anonymously uploading and hosting text files. There were actually two separate files, uploaded on June 28, which, when combined, contained the Astros’ internal notes on their trade talks with other teams between June 2013 and March 2014.

The content and format matched what GM Jeff Luhnow had previously said about his Ground Control database, and we were able to confirm, through both public and private sources, some of the specifics of the trade negotiations. We asked an Astros front-office employee for comment, though the team would later claim we never contacted them. On June 30, we published a story containing the entirety of the AnonBin files.

There is reason to believe we, specifically, were leaked the files. AnonBin was never heavily trafficked, especially when compared with its larger competitor, Pastebin. When we viewed the Ground Control files (remember: a full day after they had been uploaded), the publicly posted view counts were in the low double digits—which can be accounted for by having been the most recently uploaded files, and thus prominently displayed on the front page of AnonBin. While it’s possible that someone uploaded the files and that a random user spotted them and anonymously alerted us, the timing and lack of exposure suggest that the uploader and our untraceable tipster were one and the same.


It’s possible to suss out a rough timeline of the hacks. The Astros, upon publication of our story, announced that they had been made aware of the breach a month prior, and tightened up their security. But the Houston Chronicle reports that there were at least two separate breaches, one in 2013 and one in March 2014. Yahoo Sports adds that at least one of the breaches was traced to a house in Jupiter, Fla., where the Cardinals hold spring training, and that the house is used by multiple Cardinals employees. The latest information in the trade-talk file comes March 18, 2014—the Cardinals broke camp and left Jupiter 11 days later. The data wasn’t put online until three months after that.

If we believe Cardinals employees are behind the hacks, there are two competing, not necessarily mutually exclusive theories behind how it went down. The first features low-level employees, former co-workers of Luhnow and users of a similar database he installed for the Cardinals, guessing passwords and toying around inside Ground Control for the fun of it. The second implicates high-level Cards executives in a concerted effort to gain a competitive advantage from the Astros’ internal reports, negotiations, and possibly even scouting metrics. (Yahoo adds that the trade talks we published are not the extent of the breached data).


While the intent and extent of the Cardinals’ involvement may not matter for legal purposes, it would certainly affect potential MLB punishment.


There’s nothing to suggest that the person who uploaded the data is among the hackers. And that is the great unknown here. Government officials confirmed to the New York Times that Cardinals employees are the FBI’s and Justice Department’s chief suspects in the hacking, but there seems to have been absolutely no good reason for the Cardinals to put the Astros’ data online, let alone to tell us about it.

One possibility is that it was a third party. In this scenario, some junior Cardinals employee gains access to the files floating around among his coworkers, shares it with a friend for a laugh, and that friend—or a friend of that friend—eventually uploads it.


A more sinister theory is that the trade talks were leaked out of spite. Recall the Astros claim that they addressed Ground Control’s vulnerability in or around May 2014. Could some Cardinals employee, finally locked out of the system, have maliciously publicized the data just to embarrass the Astros? By all accounts, Luhnow didn’t leave many friends behind in St. Louis. And in conversations with reporters covering the Astros, we were told that there were plenty of people around baseball eager to see Houston end up with egg on its face, thanks to perceived boastfulness over their personnel tactics and much-lauded farm system. It was just four days before the leak that the cover of Sports Illustrated proclaimed the Astros 2017 World Series champs.


As of now, we don’t know who uploaded the trade talks or who alerted us to their existence. We haven’t been contacted by the feds or by Major League Baseball, but we’re very eager to see what their investigations conclude—even if they lead to the knowledge that we were used by the Cardinals to humiliate Jeff Luhnow. Which is a great time to advertise our SecureDrop system. If you’re looking to screw over a rival team (or, for that matter, if you know just how the hell hacked Astros files ended up on an obscure document-hosting service), do it with us: securely, anonymously, and untraceably.