Hacker of San Francisco’s Muni metro hacked, finally restores systems
29 Nov 2016
A hacker who had hacked into the systems of Sa Franciso's Muni metro was himself hacked and forced to restore the locked system.
Passengers on San Francisco's Muni Metro on Friday night and Saturday were totally unaware that the system was under attack from a hacker seeking $73,000 in ransom payment to unlock the agency's computer systems.
The San Francisco Municipal Transportation Agency (SFMTA) refused to pay up and officials shut down the system's ticket machines, threw open the fare gates and as a precautionary step, contacted the Department of Homeland Security and their own technology division to contain the attack, the agency said,
''Considering paying that ransom was never an option,'' said Paul Rose, an MTA spokesman.
Rose added that by Sunday morning, the fare gates and ticket machines were up and running, and by Monday most systems were working again.
He added that, in a ransomware attack the anonymous hacker, locked up employee computers at 900 workstations, shut down Muni's email system and knocked out the time-tracking portion of its payroll system.
The hacker notified ''You hacked,'' on the dark computer screens and asked for 100 bitcoins, a digital currency, or about $73,000. Muni chose not to communicate or negotiate with the hacker, and relied on advice from federal officials and a backup system to restore the network.
Meanwhile, krebsonsecurity.com reported that, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims. He also left telltale clues about his identity and location.
The computer terminals at all Muni locations carried the ''hacked'' message: ''Contact for key (cryptom27@yandex.com),'' the message read.
Yesterday, a security researcher contacted Muni and claimed to have hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident.
According to the researcher, who asked to remain anonymous, he compromised the extortionist's inbox by guessing the answer to his secret question, which then enabled him to reset the attacker's email password.
A screen shot of the user profile page for cryptom27@yandex.com showed that it was linked to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer. While 100 bitcoins might seem like a lot of money, it appeared to be around the normal sum for the attacker. Hacked emails showed that he successful extorted 63 bitcoins, around $45,000 from a US-based manufacturing firm.
