Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Anonymous Hack Exposes Personal Data of San Francisco-Area Commuters

    By
    Fahmida Y. Rashid
    -
    August 15, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Passengers who ride the San Francisco regional subway system are the latest innocent victims, as hacktivist collective Anonymous stole and released sensitive information belonging to more than 2,000 riders.

      On Aug. 14, the loose-knit group of hackers breached MyBart.org, the Website commuters use to get information from the Bay Area Rapid Transit system. The names, street and email addresses and site passwords for about 2,400 people who’d registered with the Website were dumped on various torrent sites. Some database dumps also included phone numbers for many users. The attackers defaced the Website with Guy Fawkes masks.

      The attack was in protest of two fatal shootings by the transit police and the regional subway authority’s decision to temporarily suspend cell phone service in its stations, Anonymous wrote in a note. BART officials disconnected cellular antennas used at several San Francisco stations on Aug. 11 to disrupt plans for a demonstration protesting a fatal shooting of a passenger accused of throwing a knife at a transit officer July 3. No protest actually took place during the time the cellular link was down.

      “A civil disturbance during commute times at busy downtown San Francisco stations could lead to platform overcrowding and unsafe conditions for BART customers, employees and demonstrators,” BART officials said in an Aug. 12 statement. The suspension was for only a few hours and did not affect cellular service outside the stations, the officials said.

      An earlier protest on July 11 had disrupted BART service in the evening. Organizers planned to use mobile devices to get the word out about the Aug. 11 demonstration and not with a “public announcement beforehand” to maintain the “element of surprise,” thelocal-news site SFist reported.

      The data breach victims had nothing to do with the decision to suspend the services or with the fatal shooting. “It is puzzling to me how exposing thousands of innocent people’s personal information hurts BART more than it hurts transit users,” Chester Wisniewski, a senior security advisor at Sophos, wrote on the Naked Security blog.

      “It’s just common sense that I shouldn’t be the target,” one of the victims whose details were included in the data dump told The Register, adding that he’d received a “creepy” phone call from a person claiming to be a member of Anonymous who uttered “foul language, hushed tones and threats.”

      Attackers exploited a SQL-injection vulnerability on the site, according to the Anonymous note. In this kind of attack, database commands are entered inside a form, such as a forum post, comment box or even log-in box, and if the developers didn’t enter proper error-handling methods in the code, the form would return data from the database server.

      MyBart.org had “virtually no security,” according to the note. Adding that any “8-year-old with a Internet connection” could have breached the site, Anonymous pointed out that none of the information, including passwords, was encrypted.

      “It’s time for organizations that store customer data to step up and take responsibility for the information they have been trusted with,” Josh Shaul, CTO of Application Security, told eWEEK. If the database contains any sensitive information, then organizations “simply must” directly protect the databases and not rely on perimeter defenses such as corporate firewalls and antivirus systems, Shaul said.

      Consumers need to start demanding that businesses they work with have better information security practices. “If the market doesn’t punish those who lose our data with complaints and lost customers, this flood of successful attacks is not going to stop,” Shaul said.

      Anonymous and similar groups of protest-hackers have breached a number of major government-related Websites recently, such as the information from 70 law enforcement agencies around the country.

      Anonymous released some information on follow-up OpBART attacks, including a campaign to bombard email addresses and fax numbers with messages, knocking the site offline, and a “physical protest” at the Civic Center Bart Station.

      BART officials said it was preparing for further attacks from Anonymous but stressed that the Web infrastructure was separate from any networks running BART transportation services, so train service would not be affected by any further incidents.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×