BART Braces For More Attacks From Anonymous

Strategic Security Survey: Global Threat, LocalPain

One of the San Francisco Bay Area's transportation systems is bracing itself for more hack attacks Monday after a data breach by Anonymous over the weekend that affected thousands of Bay Area residents.

The hactivist group infiltrated a Bay Area Rapid Transit (BART) website called MyBart.org and stole personal identification data on thousands of users, which it posted online. Anonymous notified people of the hack on one of the Twitter feeds it uses, @Anonymous IRC. BART provides train service in and around the city of San Francisco.

On Sunday BART officials warned users that the organization's online services--used by nearly 2 million customers a month--may be subject to a disruption of service due to another attack, although BART was doing everything it could to defend its website and keep services up and running.

They also stressed that BART's website infrastructure is separate from any networks running BART transportation services, so train service would not be affected by any further hacks.

Anonymous said the attack was inspired by two recent shootings by BART police and the agency's shutdown of a mobile network available in trains and BART stations to quell a protest last week over one of those shootings, which resulted in the death of a homeless man.

"We do not tolerate oppression from any government agency," Anonymous said in notes on its posting of MyBart.org information. "BART has proved multiple times that they have no problem exploiting and abusing the people."

In its so-called Op BART Action post, Anonymous released information such as the names, home addresses, email addresses, and phone numbers of at least 2,400 Bay Area residents, which were notified by BART after the intrusion, officials said in a post Sunday on its website. They also apologized about the incident and temporarily shut down MyBart.org.

BART has notified law enforcement agencies, including the FBI and the Department of Homeland Security, about the attack.

Meanwhile, Anonymous, which appears to be losing no steam after months of stepped-up attacks in collaboration with AntiSec and the now-defunct LulzSec groups, tweeted that it will be releasing more stolen information later this week.

"We been busy the last 2 days, but: There will be some wild #AntiSec leak crossing your course this week, all (allied) vessels: stay tuned!" according to an @AnonymousIRC tweet.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.