San Francisco Municipal Transportation Agency hacked
28 November 2016 • Author(s): Katie Sadler, Eurotransport
According to reports, San Francisco Municipal Transportation Agency was hacked on Friday 25 November resulting in customers being able to travel for free on the city’s light-rail system.
The San Francisco Municipal Transport Agency, known as Muni – which operates city trains, trams and buses – was reportedly hacked in the attempt to extort money by denying access to its ticket machines, e-mail and personnel systems. According to BBC News, hackers succeeded in encrypting over 2000 computers and demanded 100 bitcoin (£56,000; €66,000).
Hackers encrypt 2000 San Francisco Municipal Transport Agency computers & demanded 100 bitcoin
According to the Guardian newspaper, the attackers used a variant of the HDDCryptor malware resulting in every computer displaying a black screen with a ransom note. As a result ticketing machines on the network were shut down as a precaution allowing customers to travel for free in order to ensure the smooth running of the rail network.
Commenting on the attack, Mishcon de Reya Cyber Security Lead Joe Hancock said: “The attack has allowed passengers to ride for free in order to keep the railway running, and calls into question security and safety more widely. If the ransom is paid, it’s likely we’ll see other similar attacks with these real world consequences in 2017.”
He continued, “There has been no mention of safety or railway operations being affected, suggesting the Municipal Transportation Agency (Muni) has older, analogue systems. Given that transport systems worldwide are being upgraded to Digital systems, especially for signalling, the next attack of this kind has the potential to stop trains or impact passenger safety.”
City officials have confirmed a full investigation is now underway.