CYBERSECURITY: Ransomware attack on S.F.’s transit system

Hack forces transit authority to lift the gates, dole out free rides

November 28, 2016

In an unfortunate scenario over the recent Thanksgiving weekend, hackers apparently breached San Francisco’s mass transit system, forcing the agency to shut down its light-rail ticketing machines and point-of-payment systems and allowing passengers to ride for free.

A message reading “You hacked. ALL data encrypted” appeared on ticket machines Saturday morning, along with a contact email address—suggesting a ransomware attack, in which a hacker can lock out a system from its owners. Ransomware is sometimes, though not exclusively, attached to a demand for some form of payment in lieu of system release, thus the term “ransomware.”

The San Francisco Municipal Transportation System (Muni) immediately shut down its payment system, opening its gates to passengers. The system was restored the following morning, according to Muni. The agency did not disclose how the situation was resolved.

“At this point there are not any indications of any impacts to customers,” Muni spokesman Paul Rose told the San Francisco Chronicle. “We’re doing a full investigation to find out exactly what we are dealing with.”

Among the chief concerns is whether the Clipper smart-card system was also breached. Muni is among 20 Bay Area transit agencies using Clipper cards for transit payments. The cards are used for about 800,000 fare payments per day, according to the Bay Area Metropolitan Transportation Commission, and most cardholders have their credit-card data on file.

The hack also raises disturbing questions about the digital security of America’s infrastructure and public safety, not for least of which reasons, Muni trains are computer-controlled when running in underground tunnels. Officials stated that this attack did not appear to affect that system.

Earlier this year, a Southern California hospital’s computer system was held hostage by ransomware for more than a week, before the hospital paid about $17,000 in bitcoin to the hackers for its release.

The probe into the cause of the attack on Muni is ongoing. Any estimate of dollars lost to free faring has not, as of this writing, been tallied.

expand_less