When the Houston Astros were hacked last year—resulting in the publication of internal discussions about potential trades, player performance, and other information that baseball teams prefer to keep secret—people generally imagined the perpetrator as some kind of tech-savvy outsider. Maybe it was a member of Anonymous with an underperforming fantasy team, or a disgruntled fan who had grown tired of the team’s losing ways. “I don’t know what the criminal’s motive was,” the Astros general manager, Jeff Luhnow, said at the time. The Astros went to the authorities, and everyone else largely forgot about it until Tuesday, when the Times reported the stunning news that the F.B.I. and the Justice Department had discovered evidence that tracked the hack to unnamed members of the St. Louis Cardinals front office.

The security breach, law enforcement officials told the Times, “did not appear to be sophisticated.” It targeted a database known as Ground Control, which was created by Luhnow, the Astros G.M. Before being hired by Houston, Luhnow had worked for the Cardinals, where he had created a similar system, called Redbird. According to the report, the Cardinals officials got a hold of a list of passwords that Luhnow and others had used when they worked in St. Louis, some of which evidently could be used to access the Astros system as well. The allegations are a particular blow to the Cardinals organization, whose onfield success is often touted as the product of the so-called Cardinal Way, a mixture of earnest hard work and understated Midwestern good sense. (Cardinal fans, meanwhile, have the earnestness but not the understatement, and as such are generally considered insufferable.)

Yet while baseball’s unwritten code of conduct might need an update to cover the modern crime of computer hacking, the Astros appear to have found themselves on the wrong end, in effect, of one of the oldest tricks in the baseball book: they forgot to switch up their signs, and someone stole them.

While technology like K-Zone and Statcast have changed how we watch and understand baseball, onfield communication has remained largely the same. And, for more than a century, teams have worked to keep that communication safe from spies. When a catcher wants to tell a pitcher what to throw, he uses his fingers, ticking off a secret code; more expansive discussions require a walk to the mound, where players cover their mouths with hands and gloves, wary of lip readers. When the manager wants his player to steal a base, he’ll signal to the base coach, who will then signal to the player, often using an intricate set of movements, most of which are intended to hide the true signal in their midst. Every team uses signs, and every team tries to decipher those of its opponents. Sign stealing, as the baseball writer Tim Kurkjian put it, in 2004, “is a baseball tradition as old as the game itself.”

The most common form of theft happens when an offensive player is on second base, and can see the signs that a catcher is flashing to the pitcher. If he has cracked the code, he can quickly signal the identity of the next pitch back to his teammate at the plate. Fastballs are, at least for professionals, pretty easy to hit when they know they’re coming.

This form of sign stealing is frowned upon, but it’s legal, at least according to official rules, and so players are left to police the practice among themselves. Rather than develop new and more complicated encryption methods, baseball teams rely on more rudimentary forms of information security: intimidation and brute force. If a runner on second is caught studying the catcher—or worse, according to baseball’s inscrutable hierarchy of spycraft forms, peeking into the pitcher’s glove—he may get called out by the other team and told to cut it out, or at least to be more clever about it. If he persists, players may turn to the only form of justice they know, and a pitcher will throw a baseball at a batter, either the thief himself or else an unlucky teammate.

There are others steps that managers can take to protect their signs. Teams often switch them up during a game, or change them from season to season so that traded players and free agents can’t sell out their former employers. But even veterans of the game can leave themselves vulnerable to theft. After the 2013 season, the Dodgers’ manager, Don Mattingly, accused the St. Louis Cardinals of stealing signs during their playoff series earlier that fall. Mattingly said that he suspected that the Cardinals players were looking in from second and that the team’s base coaches were attempting to intercept signals from the dugout. Mattingly admitted that, despite knowing the risks, he didn’t have his team change up its signs. The Dodgers had used the same ones all season and, like familiar passwords, they were comfortable with them.

Baseball espionage can take more organized, audacious forms as well. In 2001, Joshua Prager, writing for the Wall Street Journal, broke the story that the New York Giants had been stealing signs at the Polo Grounds during the final ten weeks of their storied 1951 season. Prager described an intricate operation: a Giants coach sat in a clubhouse overlooking center field, where, from an open window, he watched the opposing catcher through a telescope and communicated the signs with a buzzer to players in the bullpen, who then signalled to the hitters. It all happened fast enough that the Giants hitters knew what was coming next—possibly including Bobby Thomson, who hit perhaps the most famous home run of all time: the ninth-inning, pennant-winning Shot Heard ’Round the World against the Brooklyn Dodgers. Ralph Branca, the losing pitcher, may have been the victim of what amounted to an analog data breach.

The Times said that the Cardinals investigation marks the first case of alleged corporate espionage in professional sports involving the theft of digital information by one team from another. While stealing a team’s intellectual property off the field seems a far cry from stealing its signs during a game, in a way, the alleged hack feels like the perfect crime of the post-“Moneyball” era. When a player’s performance can be evaluated and predicted by statistical information, a team’s spreadsheets become as valuable as what its players are doing on the field. And if games are being won by smart front offices and their computers, that’s where the cheating is going to happen, too.

Both the Cardinals and the Astros released statements on Tuesday saying that they were coöperating with the investigation. Major League Baseball announced that it would wait for the results before pursuing any possible punishment of its own. But this is more than just a baseball matter; as Fangraphs noted, the Justice Department takes these kinds of crimes very seriously, and the potential punishment for the violation of statutes like the Computer Fraud and Abuse Act, which may apply in this case, includes prison time—a fate considerably worse than getting plunked in the back with a fastball. Despite its broader implications, however, the case serves as a reminder of what has always been good advice in baseball: protect your information, mix up your signs, and watch out for the prying eyes of your opponents, wherever they might be.

Sign up for the daily newsletter.Sign up for the daily newsletter: the best of The New Yorker every day.