Chris Correa was incisive for a time but ultimately sloppy when he illegally breached the Astros online systems, doing so by his admission for at least a year’s time, from 2013-14.

He hacked into both employee emails and the team’s database of baseball information, nicknamed “Ground Control,” court documents show. Fired over the summer, the former Cardinals employee acted with the intent to mask his identity and location.

His most audacious work likely came on a single day nearly two years ago.

Correa used unauthorized access to the email account of one Astros executive to gain entry to another Astros executive’s “Ground Control” account on March 10, 2014.

Correa did so roughly one day after the Astros tried to change the log-in system to Ground Control to prevent exactly these sorts of intrusions — intrusions which, unbeknownst to the Astros at the time, were commonplace for Correa.

Clutch moments

Correa, the former Cardinals scouting director, started to hack into the Astros no later than March, 24, 2013, and in his plea deal he copped to doing so through at least the following March.

On Friday afternoon in Houston, Correa pleaded guilty to five counts of unauthorized access to Astros computer information. He is to be sentenced April 11.

Correa browsed Ground Control, a private repository containing everything from scouting reports to trade notes, at some of the most crucial days on the baseball calendar.

On the final day of three in the June 2013 amateur draft, Correa looked at Astros notes on players who had yet to be drafted. He also accessed information on players the Cardinals themselves had drafted a day earlier.

Then, at the July 31, 2013 non-waiver trade deadline — the day all teams are looking to wheel and deal and looking for leverage — Correa went into Ground Control and viewed notes of Astros trade talks.

What he did the following spring, however, may take the cake.

Reportage from the ground

Ground Control’s existence was not known publicly until the Chronicle wrote a Sunday feature story explaining the system in March 2014. The story went live online the night of March 8, 2014.

At the time, Ground Control was accessible at a basic online URL — groundcontrol.astros.com — with a user name and password.

As the Chronicle story circulated and the URL was discovered by the public (it was visible in an online photo with the story but was also searchable), the Astros detected attempts to log into their system, general manager Jeff Luhnow said on the morning of March 9.

The Astros started to change their log-in system on March 9, both the URL and passwords. Fearing employees wouldn’t change passwords in time to prevent intrusion, the team reset all passwords to a complex, default password. That password was emailed — as was the new URL — to all Ground Control users, per court documents.

On the evening of March 10, Correa logged into the email account of one Astros exec and found the emails that had Ground Control’s new URL and password. Minutes later, Correa used that information to access another exec’s Ground Control account.

Using that account, Correa viewed 118 webpages, including the then-incomplete 2014 draft board, plus evaluations of international prospects the Astros were considering.

The next morning, March 11, Correa went into the same Ground Control account he did the previous night — as well as a Ground Control account of a third person.

Victims A and B

The executives whose accounts Correa primarily accessed are not identified by name in the court documents other than “Victim A” and “Victim B” — but Correa accessed at least the Ground Control accounts of an unspecified number of others as well, including a Victim C.

Victims A and B are characterized in the documents as executives who were were focused on analytics and were with the Cardinals organization until late 2011 before joining the Astros.

Luhnow was hired away from the Cardinals in December 2011, and Sig Mejdal — another ex-Cards employee — was one of Luhnow’s first hires, reported to have joined the organization on Jan. 3, 2012.

(Mike Elias, now the team’s director of amateur scouting, also joined the Astros in January 2012, but is more accurately described as specializing in scouting than analytics.)

Everything begins with Victim A, who preparing to leave for the Astros in December 2011 and was instructed to turn his laptop over to Correa. Victim A gave the Cardinals the password he used as well.

Victim A then used “a similar (albeit obscure) password,” per court documents, for both his Astros’ email and Ground Control accounts.

No later than March 2013 — with this variant of the Cardinals laptop password still valid — Correa hacked in to both Victim A’s email and Ground Control accounts.

“I absolutely know about password hygiene and best practices,” Luhnow told Sports Illustrated in the summer. “I’m certainly aware of how important passwords are, as well as of the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard.”

Victim A’s password is used in the majority of Correa’s early listed entries.

On March 24, 2013, Correa was on Victim A’s Ground Control portal for one hour, 43 minutes, looking through a swath of Astros draft information. It was Victim A’s account that was accessed on June 8, 2013, the third day of the draft; and again on July 31, 2013, trade deadline day.

When the Astros tried to change their passwords in March 2014, Correa turned to Victim A’s email account to get into Victim B’s Ground Control credentials.

Victim C’s account was breached then as well.

In June, security experts — working with what was known at the time — said neither the Astros nor their then-unknown intruder(s) had the most sophisticated plans.

Charges against ex-Cardinals executive Chris Correa

Chris Correa plea agreement