Hackers Breached San Francisco Transit System, Held It Hostage All Weekend

Image courtesy of Adam Fagen

San Francisco residents bustling around this weekend to visit friends and knock out some holiday shopping were treated to an unexpected surprise: all rides on MUNI rail were free. It wasn’t due to a gesture of goodwill from the transit operator, though; it was because hackers had managed to lock out the fare system and were holding it hostage.

The San Francisco Municipal Transportation Agency (SFMTA) suffered the breach on Friday afternoon, the San Francisco Chronicle reports.

The buses, trains, and streetcars themselves are fine, but the computers that handle ticket and pass purchases were locked out. The machines all remained offline through Saturday, with agents’ computers displaying the message “You hacked.”

On Friday and Saturday Muni opened all its fare gates and let everyone ride for free, without confirming the hack.

In fact, Muni has not yet officially confirmed the hack at all. However, an employee speaking anonymously to the San Francisco Examiner confirmed the message reading, “You Hacked, ALL Data Encrypted,” with contact information for the hacker.

Those are the hallmarks of a ransomware attack, in which a hacker or group of hackers accesses a system and then holds all data in it hostage until they receive the requested ransom. When the victim pays up, the hacker lets the data or systems go. If the victim refuses to pay up by the given deadline, the data is permanently locked or erased.

The Verge emailed the purported hacker and received a probably machine-translated response saying that, “our software working completely automatically and we don’t have targeted attack to anywhere,” adding that the SFMTA’s network was poorly secured and easily infected. “We are waiting for contact any responsible person in SFMTA but i think they don’t want deal,” the hacker added.

The Examiner also contacted the hacker, and said that they were requesting 100 Bitcoin (approx. $73,000, at the most recent exchange rate) to unlock the machines.

“We are focused now on working to investigate the matter fully to find out all other details,” A Muni spokesman’s told all media on Sunday. “But at this point there is no impact to transit service, to our security systems or to our customers’ private information.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.