News

San Francisco Transit Hacker Hacked

Over the weekend, it emerged that the San Francisco Municipal Rail system (SFMTA) had been hacked, with employees greeted by ransomware on their computer terminals. In a delicious twist, an interested party who read about the San Francisco transit ransomware – in an article which listed the attacker’s e-mail address – decided to hack the hacker back. KrebsOnSecurity was contacted yesterday by an anonymous security researcher who had compromised cryptom2016@yandex.com, which sent ransomware demands requesting 100 Bitcoins (approximately $73,000).

“On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident,” the report reads. “The researcher, who has asked to remain anonymous, said he compromised the extortionist’s inbox by guessing the answer to his secret question, which then allowed him to reset the attacker’s email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.”

KrebsOnSecurity enlisted the help of a number of experts to interpret the data purloined from the malicious e-mail account and found that the hacker had been scanning the internet for vulnerabilities they could exploit.

“It appears our attacker has been using a number of tools which enabled the scanning of large portions of the Internet and several specific targets for vulnerabilities,” Alex Holden, chief information security officer at Hold Security Inc., said. “The most common vulnerability used ‘weblogic unserialize exploit’ and especially targeted Oracle Corp. server products, including Primavera project portfolio management software.”

SFMTA was able to restore its systems without ceding to the hacker’s demands, with KrebsOnSecurity applauding the organisation for keeping extensive data backups for its systems. The hackers use of security questions, meanwhile, has been used as an example of what not to do when securing your accounts.

“As the SFMTA’s experience illustrates, having proper and regular backups of your data can save you bundles. But unsecured backups can also be encrypted by ransomware, so it’s important to ensure that backups are not connected to the computers and networks they are backing up,” KrebsOnSecurity says. “Finally, as I hope this story shows, truthfully answering secret questions is a surefire way to get your online account hacked.”

Ashley Allen

Disqus Comments Loading...

Recent Posts

RTX 4090 Prices Skyrocket and Retailers Discontinue Sales Ahead of RTX 5090 Launch

The RTX 4090 graphics card has experienced a significant price increase as the highly anticipated…

11 hours ago

NVIDIA Sued for Abusing Its Monopoly Position in China

NVIDIA holds a dominant position in the graphics card market, with its GeForce RTX series…

12 hours ago

Intel ARC A770 Phantom Gaming OC 16GB GDDR6 PCI-Express Graphics Card

LightingLightingYesLighting ColourRGBColourPrimary ColourBlackSecondary ColourYellow, Grey, Purple, RedDimensionsLength305 mmWidth131 mmHeight56 mmClock SpeedsMax. GPU Clock (Boost)2400 MHzMax.…

13 hours ago

Ducky Keyboard Coiled Cable V2 Phantom Black

Coiled cable with long straight section connected by 5-pin aviation head USB-A to USB-C cable…

13 hours ago

Corsair HS55 WIRELESS Gaming Headset

Headphone SpecificationsHeadphone typeOver-Ear closedMax. Headphone Frequency20000 HzHeadphone DriversDriver Size50 mmDriver TypeNeodymium-MagnetColourPrimary ColourBlackControlsMic mute button /…

13 hours ago

AOC 49″ AG493UCX2 5120×1440 VA 165Hz 1ms HDR400 KVM Ultrawide Gaming Monitor

Double the in-game immersion with the curved AG493UCX2: thanks to the vast screen space of…

13 hours ago