San Francisco Transit Hacker Hacked

/ 7 years ago

San Francisco Transit Hacker Hacked

Over the weekend, it emerged that the San Francisco Municipal Rail system (SFMTA) had been hacked, with employees greeted by ransomware on their computer terminals. In a delicious twist, an interested party who read about the San Francisco transit ransomware – in an article which listed the attacker’s e-mail address – decided to hack the hacker back. KrebsOnSecurity was contacted yesterday by an anonymous security researcher who had compromised cryptom2016@yandex.com, which sent ransomware demands requesting 100 Bitcoins (approximately $73,000).

“On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident,” the report reads. “The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.”

KrebsOnSecurity enlisted the help of a number of experts to interpret the data purloined from the malicious e-mail account and found that the hacker had been scanning the internet for vulnerabilities they could exploit.

“It appears our attacker has been using a number of tools which enabled the scanning of large portions of the Internet and several specific targets for vulnerabilities,” Alex Holden, chief information security officer at Hold Security Inc., said. “The most common vulnerability used ‘weblogic unserialize exploit’ and especially targeted Oracle Corp. server products, including Primavera project portfolio management software.”

SFMTA was able to restore its systems without ceding to the hacker’s demands, with KrebsOnSecurity applauding the organisation for keeping extensive data backups for its systems. The hackers use of security questions, meanwhile, has been used as an example of what not to do when securing your accounts.

“As the SFMTA’s experience illustrates, having proper and regular backups of your data can save you bundles. But unsecured backups can also be encrypted by ransomware, so it’s important to ensure that backups are not connected to the computers and networks they are backing up,” KrebsOnSecurity says. “Finally, as I hope this story shows, truthfully answering secret questions is a surefire way to get your online account hacked.”
Topics: , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})