• Subscribe
  • Advertise
  • Magazine
    1. Transportation Management
    2. Intelligent Transportation Systems ITS

    CYBERSECURITY: Ransomware attack on S.F.’s transit system

    Nov. 28, 2016

    Hack forces transit authority to lift the gates, dole out free rides

    Rail_commuter_train_12

    In an unfortunate scenario over the recent Thanksgiving weekend, hackers apparently breached San Francisco’s mass transit system, forcing the agency to shut down its light-rail ticketing machines and point-of-payment systems and allowing passengers to ride for free.

    A message reading “You hacked. ALL data encrypted” appeared on ticket machines Saturday morning, along with a contact email address—suggesting a ransomware attack, in which a hacker can lock out a system from its owners. Ransomware is sometimes, though not exclusively, attached to a demand for some form of payment in lieu of system release, thus the term “ransomware.”

    The San Francisco Municipal Transportation System (Muni) immediately shut down its payment system, opening its gates to passengers. The system was restored the following morning, according to Muni. The agency did not disclose how the situation was resolved.

    “At this point there are not any indications of any impacts to customers,” Muni spokesman Paul Rose told the San Francisco Chronicle. “We’re doing a full investigation to find out exactly what we are dealing with.”

    Among the chief concerns is whether the Clipper smart-card system was also breached. Muni is among 20 Bay Area transit agencies using Clipper cards for transit payments. The cards are used for about 800,000 fare payments per day, according to the Bay Area Metropolitan Transportation Commission, and most cardholders have their credit-card data on file.

    The hack also raises disturbing questions about the digital security of America’s infrastructure and public safety, not for least of which reasons, Muni trains are computer-controlled when running in underground tunnels. Officials stated that this attack did not appear to affect that system.

    Earlier this year, a Southern California hospital’s computer system was held hostage by ransomware for more than a week, before the hospital paid about $17,000 in bitcoin to the hackers for its release.

    The probe into the cause of the attack on Muni is ongoing. Any estimate of dollars lost to free faring has not, as of this writing, been tallied.

    Continue Reading

    Sponsored Recommendations

    The Science Behind Sustainable Concrete Sealing Solutions

    Extend the lifespan and durability of any concrete. PoreShield is a USDA BioPreferred product and is approved for residential, commercial, and industrial use. It works great above...

    Powerful Concrete Protection For ANY Application

    PoreShield protects concrete surfaces from water, deicing salts, oil and grease stains, and weather extremes. It's just as effective on major interstates as it is on backyard ...

    Concrete Protection That’s Easy on the Environment and Tough to Beat

    PoreShield's concrete penetration capabilities go just as deep as our American roots. PoreShield is a plant-based, eco-friendly alternative to solvent-based concrete sealers.

    Proven Concrete Protection That’s Safe & Sustainable

    Real-life DOT field tests and university researchers have found that PoreShieldTM lasts for 10+ years and extends the life of concrete.