31478 Industrial Road Suite 200, Livonia, Michigan 48150 sales@xfer.com

XFER Blog

XFER Blog

XFER has been serving the Livonia area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

This Hacker Messed With the Wrong Transportation Agency

This Hacker Messed With the Wrong Transportation Agency

While San Francisco residents might not be happy that they’ll again have to pay fares to ride the city’s rail system, the reason they again have to do so is understandable. Plus, it provides an excellent example of the importance of maintaining a backup and using complex passwords.

A hacker or group of hackers, operating under the moniker Andy Saolis, managed to halt the collection of fares by the San Francisco Municipal Transportation Agency (or Muni) by hacking their station computer system and introducing a strain of ransomware into it. As a result, Muni employees were unable to access their workstations and some of the agency’s systems were disabled.

However, the hacker claimed to have accomplished more, as ticketing kiosks across the city would only display “you hacked. ALL data encrypted.” The ransom demand for the decryption key was approximately $73,000 in Bitcoin. Despite the hacker’s apparent confidence in their accomplishment, Muni elected to not pay the ransom, deciding instead to restore their systems from a backup and allowing cybersecurity experts to strike back against the hacker, not just once, but twice.

Two independent vigilante hackers managed to access the email account of “Andy Saolis” to collect information that helped to stop the attack, both by correctly guessing the answer to the account’s security question. It would seem that the hacker(s) known as Andy Saolis had been active for a while, but had never before targeted anything other than private companies, which very well may have led to their downfall.

Once the attack was thwarted it came to light that seemingly no data, including that from Muni’s customer payment systems, had been accessed, despite the attack affecting 25 percent of Muni’s network. Saolis, unsurprisingly, gave a considerably different account online.

Claiming to have stolen data from the payment kiosks, as well as 30 gigabytes of data from Muni’s system on their employees, customers, and technical matters, Saolis wasn’t shy about casting himself (or themselves) in the light of the vigilante against an unjust system.

According to an email sent through Russian service Yandex.com, “They give Your Money and everyday Rich more! But they don’t Pay for IT Security and using very old system’s !”

Shortly after the attack ended, security experts were also able to establish that the emailer was based in Iran, and had gained access to the hacker’s servers.

Though Muni never had to pay a ransom for their data, this attack wasn’t cheap, costing them the combined total of the free rides they granted to commuters as their systems were compromised. However, this total would certainly be less than the actual cost of the Bitcoin ransom, and so a good general rule to follow is to never give in to a hacker’s possibly insincere demands.

On the topic of the hacker, whose password was guessed by two separate strangers, how weak must this password have been? While nobody should ever complain about a hacker being foiled, it goes to show how a complete stranger could find their way into your accounts if you aren’t being careful..

This case is far from over, as the Federal Bureau of Investigation and the U.S. Department of Homeland Security are still investigating the matter, which provides proof that public systems are still unable to be fully trusted.

There is a lot for SMBs to learn from this story. How confident are you in your IT security? If you feel it’s time for a security audit in order to determine how protected your business is from all kinds of threats, reach out to XFER at 734-927-6666 / 800-GET-XFER.

 

3 Compelling Reasons Why Your Business Should Move...
Tip of the Week: 6 Tips to Avoid Getting Scammed T...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Monday, 23 December 2024

Captcha Image

Customer Login


Cybersecurity Risk Assessment

cybersecurity-audit

Our risk assessment will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Request Yours Today!

Contact Us

Learn more about what XFER can do for your business.

XFER Communications, Inc.
31478 Industrial Road Suite 200
Livonia, Michigan 48150