San Francisco transit system hacked

News or chat about railroad info that pertains to the entire United States, another state, or country.
User avatar
Garry K
Railroadfan...fan
Posts: 853
Joined: Thu Sep 15, 2005 3:18 pm
Location: Livonia, MI

San Francisco transit system hacked

Unread post by Garry K »

Interesting story at http://www.pcmag.com/news/349874/report ... emands-73k about a hacker who took over the computers of the San Francisco Municipal Transit Agency (SFMTA) and demanded a ransom to give back control of the system.
The deals didn't end on Black Friday for many San Francisco commuters.

A city-wide hack of the San Francisco Municipal Transportation Agency (SFMTA) meant free rides for all on Saturday.

"You hacked, ALL data encrypted," read MTA computer screens across the Bay Area, according to the San Francisco Examiner. The message included an email to contact "for key."

The SFMTA did not immediately respond to PCMag's request for comment, but confirmed the breach to local CBS news affiliate KPIX 5.

As to how the infection occurred, it looks as though an employee of SFMTA is to blame. A PC on the agency's network with "admin level" access was used to download a software keycode generator typically used to create keys to bypass software license fees. The generator carried the malicious code which locked down the network when it was run.

"There's no impact to the transit service, but we have opened the fare gates as a precaution to minimize customer impact," the transit agency said. "Because this is an ongoing investigation it would not be appropriate to provide additional details at this point."

Citing "inside sources," KPIX 5 reported that the system had "been hacked for days," and the outage may affect employees, who are allegedly worried about a missing paycheck for the week.

The cyberattack also impacted the Municipal Transportation Agency's email system, KPIX 5 said.

[...]
Garry K

User avatar
Garry K
Railroadfan...fan
Posts: 853
Joined: Thu Sep 15, 2005 3:18 pm
Location: Livonia, MI

Re: San Francisco transit system hacked

Unread post by Garry K »

It looks like the hacker who hacked the SFMTA got hacked. Read about it at https://krebsonsecurity.com/2016/11/san ... er-hacked/:
The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You are Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.

[...]

On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.

Copies of messages shared with this author from those inboxes indicate that on Friday evening, Nov. 25, the attacker sent a message to SFMTA infrastructure manager Sean Cunningham with the following demand (the entirety of which has been trimmed for space reasons), signed with the pseudonym “Andy Saolis.”

[...]
BTW, everyone should read that Krebs on Security site regularly, as Mr. Krebs posts all sorts of interesting things, including a lot of stuff about ATM skimmers. Keep yourself from getting hacked!

Garry K

Post Reply