Anonymous Sunday fun: BART Hacked, Defaced and User Data Leaked
Another Sunday and another anonymous op apparently successfully in the bag. This time, as they had announced well in advance that they could be expected, some anonymous individuals targeted the Bay Area Rapid Transit department and successfully defaced some of their affiliated sites such as mybart.org and californiaavoid.org with the latter being run by the California Office of Traffic Safety. As of the writing of this article, both sites are still online and defaced several hours after the fact. Although I’m sure it won’t be long now before they restore them to normal. I guess their system administrators don’t work on Sundays? Or maybe they’re just sleeping in, rightfully so, it’s a real pain in the ass to deal with these types of situations especially on a Sunday.
The anonymous individuals also then proceeded to leak some of the user table data found in the mybart.org database containing some of the usual information you would expect. First and last names, the odd telephone number and postal address, email addresses, and some plain text passwords. Yes that’s right, plain text passwords!
BART described themselves in a recent press release saying “BART’s online services including web, mobile web, email and SMS are used by nearly 2 million customers every month.” If that’s the case, and there are really that many people actually using their sites on a monthly basis, then based off of the amount of users listed in the database leak it would appear most of those users were lucky enough not have registered any of their details on the mybart.org website. With 2 million users though they likely have a far richer database somewhere else. As far as I’m aware though that hasn’t been leaked or accessed although let’s wait and see.
Of course this was all in response to BART managers having took the draconian decision to disable cell phone service at some BART transit stations last Thursday night in order to head off a planned peaceful protest.
Both defaced websites seem to have been run from different servers than the main bart.gov which still seems to be up and running and untouched from external view. A DDoS attack rallied by anonymous was supposed to have been pointed in its direction starting around noon pacific time, however it hasn’t seemed to have done much. Either way, the bart.gov site seems more professional than the others and is hosted by the also slightly more professional hosting company Rackspace, so presumably they have sufficient bandwidth and infrastructure to scale and minimize disruptions if need be. Let’s wait and see though.
In response to all this BART posted on their Twitter and on their main .gov site presumably trying to reassure or warn their users, apparently too late. Oh the Sunday fun on Internets.
@myBART: The myBART site has been compromised. We’re working to secure the site, but advise you that passwords & phone #s have been published online.
We’re doing what we can to defend against any attack on the BART website. BART’s website infrastructure is wholly separate from any computer network involved in the operation of BART service.