12:29 PM

BART Braces For More Attacks From Anonymous

The SF Bay area's transit agency expects more website disruptions after an attack over the weekend.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
One of the San Francisco Bay Area's transportation systems is bracing itself for more hack attacks Monday after a data breach by Anonymous over the weekend that affected thousands of Bay Area residents.

The hactivist group infiltrated a Bay Area Rapid Transit (BART) website called MyBart.org and stole personal identification data on thousands of users, which it posted online. Anonymous notified people of the hack on one of the Twitter feeds it uses, @Anonymous IRC. BART provides train service in and around the city of San Francisco.

On Sunday BART officials warned users that the organization's online services--used by nearly 2 million customers a month--may be subject to a disruption of service due to another attack, although BART was doing everything it could to defend its website and keep services up and running.

They also stressed that BART's website infrastructure is separate from any networks running BART transportation services, so train service would not be affected by any further hacks.

Anonymous said the attack was inspired by two recent shootings by BART police and the agency's shutdown of a mobile network available in trains and BART stations to quell a protest last week over one of those shootings, which resulted in the death of a homeless man.

"We do not tolerate oppression from any government agency," Anonymous said in notes on its posting of MyBart.org information. "BART has proved multiple times that they have no problem exploiting and abusing the people."

In its so-called Op BART Action post, Anonymous released information such as the names, home addresses, email addresses, and phone numbers of at least 2,400 Bay Area residents, which were notified by BART after the intrusion, officials said in a post Sunday on its website. They also apologized about the incident and temporarily shut down MyBart.org.

BART has notified law enforcement agencies, including the FBI and the Department of Homeland Security, about the attack.

Meanwhile, Anonymous, which appears to be losing no steam after months of stepped-up attacks in collaboration with AntiSec and the now-defunct LulzSec groups, tweeted that it will be releasing more stolen information later this week.

"We been busy the last 2 days, but: There will be some wild #AntiSec leak crossing your course this week, all (allied) vessels: stay tuned!" according to an @AnonymousIRC tweet.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.