Skip to main content

Update: San Francisco MTA hacker allegedly hacked by a security researcher

san francisco mta ransomware attack version 1480301630 airbnb
Wasin Pummarin/123RF
In recent years, ransomware attacks and other forms of malicious hacking have become a common occurrence, with both individuals and organizations falling victim on a regular basis. Over the weekend, the San Francisco Municipal Transport Authority (SFMTA) learned just how real the threat of being targeted has become.

It is thought that ransomware was used to attack the SFMTA’s network of computers. Officials were forced to offer free travel to customers, shutting down ticket kiosks and opening up fare gates, according to a report from Engadget.

Database servers, email, staff training, and payroll systems were all affected by this broad attack — apparently, over 2,000 of the 8,656 computers that are used by the SFMTA were hit. Monitors displayed the message, “you hacked, ALL data encrypted,” and instructed the user to send a ransom of $73,000 worth of bitcoin to a Russian email address.

At present, it is difficult to discern exactly how the attack was carried out. Experts suspect that phishing tactics were used to make an employee unknowingly introduce code to the network of computers, either through a phony website or an email.

Normal service was resumed on Sunday morning, when payment systems were once again activated and rides were no longer free. It’s worth noting that trains weren’t affected at any point — it was just the network of computers used to facilitate the service, and even so the attack managed to cause a major headache for officials, even if it was ultimately a rather brief outage.

In the latest twist in this already bizarre turn of events, the alleged hacker behind the attack has himself been hacked, KrebsOnSecurity reports. As a result, both the hacker’s identity as well as information about victims’ of the initial breach may have been compromised. On Monday, a security researcher reached out to Krebs, claiming to have “compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password.”

If there was ever any doubt, this scenario should demonstrate how ill-equipped a major organization like the SFMTA might be in the face of an attempted hack. This kind of threat is only going to become more common in years to come, and there could be grave consequences if the proper preparations aren’t put in place.

Article originally published on 11-28-2016. Updated on 11-29-2016 by Lulu Chang: Added news that the SFMTA hacker has been hacked by a security researcher. 

Editors' Recommendations