San Francisco’s Municipal Transportation System has apparently been targeted by hackers over the Thanksgiving holiday weekend, the agency to shut down its light-rail ticketing machines and point-of-payment systems and allowing passengers to ride for free.
Agency computers displayed the message "You Hacked, ALL Data Encrypted", the San Francisco Examiner reported on Saturday.
According to the BBC, the hackers have made a ransom demand of 100 Bitcoin, which amounts to about $70,000 (£56,000).
Jon Geater, chief technology officer, Thales e-Security, said: “Cyber-security is not and cannot be a choice between ‘black and white’ or on and off – it’s about making an economic decision. This breach didn't directly take the barriers off line: the operator chose to turn them off and forego revenue, or catching fare cheats, in favour of protecting the wider system and possible further data-losses.
“Customers are likely to recognise this commitment and favour a company actively taking steps to protect its wider data eco-system. Indeed, recent Thales e-Security research found only 16 per cent of consumers would continue to use a company’s products or services as usual following a breach – highlighting the profound consequences a cyber-breach can have on a company’s trust.”
Mishcon de Reya cyber security lead Joe Hancock commented: "This attack is intended to extort money from the San Francisco Municipal Railway by denying access to ticket machines, e-mail and personnel systems. The hackers have encrypted over 2000 machines and demanded 100 bitcoin, showing this to be a larger scale attack others we have seen - usually it's limited to just a few machines and 1 or 2 bitcoins per system.”
He said that if the ransom is paid, it was possible that other similar attacks would occur. He believes that regulation around anonymous crypto currencies, like bitcoin, may now become a priority: removing the ability to receive anonymous payments will stop many of these criminal attacks, and should be a focus for government.
San Francisco’s Municipal Transportation System spokesman Paul Rose told the San Francisco Chronicle that there was no indication of any impact to customers and the agency was carrying out a full investigation. The system was said to be restored by Sunday morning, but the agency did not say how the situation was resolved.
Agency computers displayed the message "You Hacked, ALL Data Encrypted", the San Francisco Examiner reported on Saturday.
According to the BBC, the hackers have made a ransom demand of 100 Bitcoin, which amounts to about $70,000 (£56,000).
Jon Geater, chief technology officer, Thales e-Security, said: “Cyber-security is not and cannot be a choice between ‘black and white’ or on and off – it’s about making an economic decision. This breach didn't directly take the barriers off line: the operator chose to turn them off and forego revenue, or catching fare cheats, in favour of protecting the wider system and possible further data-losses.
“Customers are likely to recognise this commitment and favour a company actively taking steps to protect its wider data eco-system. Indeed, recent Thales e-Security research found only 16 per cent of consumers would continue to use a company’s products or services as usual following a breach – highlighting the profound consequences a cyber-breach can have on a company’s trust.”
Mishcon de Reya cyber security lead Joe Hancock commented: "This attack is intended to extort money from the San Francisco Municipal Railway by denying access to ticket machines, e-mail and personnel systems. The hackers have encrypted over 2000 machines and demanded 100 bitcoin, showing this to be a larger scale attack others we have seen - usually it's limited to just a few machines and 1 or 2 bitcoins per system.”
He said that if the ransom is paid, it was possible that other similar attacks would occur. He believes that regulation around anonymous crypto currencies, like bitcoin, may now become a priority: removing the ability to receive anonymous payments will stop many of these criminal attacks, and should be a focus for government.
San Francisco’s Municipal Transportation System spokesman Paul Rose told the San Francisco Chronicle that there was no indication of any impact to customers and the agency was carrying out a full investigation. The system was said to be restored by Sunday morning, but the agency did not say how the situation was resolved.
