November 30, 2016 by

The San Francisco Transit Hack Could’ve Been Significantly Worse

A 2014 paper sanctioned and published by the American Public Transport Association has shown damning evidence that the San Francisco transit hack could’ve been far more destructive than the temporary disruption caused over the weekend.

“You Hacked. ALL data encrypted,” read the message by the culprit behind the hack of San Francisco’s public transit authority, also known as the Muni. The attacker demanded a ransom of 100 bitcoins (approx. $73,000) and the agency has refused to pay. Trains were running however and passengers were able to board and travel across the city for free after the Muni turned off its payment machines and opened its turnstiles.

Come Monday, all operations, including kiosks were back and operating normally.

However, San Francisco got off lightly, as details from a departmental report reveal the fallout could’ve been far worse.

The American Public Transportation Association warned:

Cyberarattacks can destroy a transit agency’s physical systems, render them inoperable, hand over control of those systems to an outside entity or jeopardize the privacy of employee or customer data.

As reported by WIRED, the APTA also revealed that many public transit systems in American cities are underfunded and weathered, with no money to invest in cybersecurity.

What is clear is the increasing number of cyberattacks that have targeted critical infrastructures and operations such as public transit systems and hospitals, are only likely to get more disruptive.

Michael Assante, director of industrial control systems security at the Sans Institute told the publication:

In a very sophisticated attack, you not only impact control systems, but also impede the ability to restore them.

A notable example of hackers impeding any chance of recovering a targeted system is that of Ukraine’s power grid hack from last year, where the culprits changed the control software’s code to damage it permanently.

Public transit systems are inherently vulnerable due to the “complex and interconnected series of components, subcomponents , and services” that they run on, according to APTA’s research. Fundamentally, even the infrared and WIFI infrastructure used by transit systems to detect trains can be rendered useless by anyone possessing a box cutter and physical access these cables.

Beyond the doom and gloom, how does a transit authority safeguard itself? The APTA recommends a few steps, including redesigning existing hardware and software with multilayered network security. Email scanning, firewalls, software and firmware updates to patch vulnerabilities and should all be the norm, the APTA argues. Further, the paper recommends separating the business-end of the networks that typically manages schedules and costs of trains, from the operational side that actually controls the trains.

An incident response scenario should also be enforced, wherein procedures in responding to a cyberattack should be developed. These procedures should be reviewed and updated regularly, the APTA added.

Image credit: Pexels.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Los Angeles Hospital Targeted by Ransomware Attack

The Pacific Alliance Medical Center in Los Angeles has revealed it is the victim of a ransomware...

Read more arrow_forward

New Digital Forensics Lab Opens in California

A new digital forensics facility opened its doors in San Luis Obispo along the central coast of...

Read more arrow_forward

Ransomware Hackers Strike San Francisco Transit System

San Francisco’s transport agency has been targeted by a cyberattack by hackers who demanded a...

Read more arrow_forward