In an incident that feels like an episode of Mr. Robot, hackers managed to gain access to parts of San Francisco’s MUNI transportation system.
Last Friday, attackers managed to get into 2,112 computers and infect them with a variant of the HDDCryptor malware that encrypted all data. Screens across the system showed the following message:
Though trains still ran, with the ticketing machines out of service, the San Francisco transport agency was forced to open all gates and waive fares for all riders — some of them including a note indicating the scrapped fare.
The extent of the infection didn’t just stop there, however, but also included administrative systems, email and print servers, employee laptops, payroll systems, SQL databases, station kiosk PCs and various other systems, according to the Register.
Through an email address given in the hacked message, The Verge was able to contact the hackers, and received the following reply:
We don’t attention to interview and propagate news ! our software working completely automatically and we don’t have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don’t want deal ! so we close this email tomorrow!”
After getting in touch with the transport agency’s officials, a 100 bitcoin (or roughly $73,000) ransom was asked, after which the hackers would grant access to the system again. As of yet, the bitcoin wallet offered to deposit the money remains empty except for a 0.001 BTC transaction.
In a comment given to Mashable on Sunday at 6:42 ET, Muni spokesperson Paul Rose confirmed that all fare gates are operational again, without explaining how the company dealt with the requested funds.
Normally, attacks like this can take place because someone downloads a dodgy executable file that manages to propagate through a company network, but the agency hasn’t given any comment on what exactly happened.
The hacking of systems in the public space is a scenario that has been repeatedly used in entertainment productions like USA Network’s Mr. Robot and the recently released video game Watch Dogs 2, both in which gaining access to computers that run publicly accessible services play a central role.
The San Francisco public transport might only be a local system, but imagine something like this happening to an air traffic control system or national rail services — the impact would be much larger. Also, the choice to infect Muni’s computers with ransomware was a relatively friendly one, as regaining access to the systems was offered at a price.
In a worse scenario, systems could have completely shut down without notice and trains could have been stopped completely, depending on the level of access attackers would be able to get. The world is running on mostly digital systems, and this incident, once again, shows those aren’t perfectly secure.
Let’s just hope we don’t have to fear a real life hidden social justice hacker’s society.