The nightmare hacking scenario many have feared has finally happened near the heart of Silicon Valley: a major rapid transit system has been hacked.
SEE ALSO:Hacker jailed for stealing nude celebrity photos from iCloud accountsSan Francisco's Municipal Transportation System, known locally as Muni, was hacked on Friday, with hackers leaving the message 'You Hacked, ALL Data Encrypted,' on Muni computer screens around the city on Saturday, according to the San Francisco Examiner.
The message from the hackers also included a contact email address that Muni officials could supposedly "contact for [the encryption] key." The hacking incident was confirmed by a Muni worker who spoke to the paper, however, the man declined to give his name for fear of "workplace retaliation."
Nevertheless, a Muni official did comment when asked about the incident on Saturday. "We are currently working to resolve the situation," Muni spokesperson Paul Rose told the paper.
All @sfmta_muni #Muni train machines are down. Investing the problem. All rides are free for now! pic.twitter.com/G2hfCZoT2T
— Lisa Amin Gulezian (@LisaAminABC7) November 27, 2016
As a result of the hack, transit fare gates were locked in the "open" position and the transit organization was unable to charge fares. In response, Muni began offering free rides to customers on Saturday as the organization worked to resolve the situation.
Additionally, the organization's ticketing machines displayed a message in large red letters: Out of service. Some ticketing machines were plastered with handwritten notes covering the screen that read "free entry."
Every damn #MUNI #ClipperCard machine isn't working at #MontgomeryStreet. Then again, no one pays the fare anyway. #Irritated pic.twitter.com/jvlG6xqzWU
— Ted Timboy (@TJTimboy) November 27, 2016
On Sunday afternoon, the Muni's official Twitter account publicly responded to a reporter's inquiry about the status of the transit system's ticketing machines, stating, "The fare gates and ticket vending machines in Metro stations are in normal operation."
@Jerold_Chinn The fare gates and ticket vending machines in Metro stations are in normal operation.
— SFMTA (@sfmta_muni) November 27, 2016
The hack, which also affected the organization's email system, is a concern to Muni employees, some of whom, according to the paper's sources, weren't sure if they would be paid this week in the wake of the system hack.
This kind of hack targeting city systems is something that has frequently been depicted in Hollywood films, but is increasingly moving into the public discourse as a legitimate threat alongside other municipal safety challenges related to computer-controlled water and power systems.
Muni officials did not immediately respond to a request for comment from Mashable.
Update:Sunday, Nov. 27, 6:42 p.m. ET: Muni spokesperson Paul Rose confirmed to Mashablethat, "Yes, all fare gates are operational, as of this morning." Rose did not address our other questions regarding how the situation was resolved or the status of the reported hacked email system.
Updated:Tuesday, Nov. 29, 9:52 a.m. ET: A couple days after the hacking attack, Muni spokesperson Paul Rose offered some clarification regarding the incident. "The fare gates and machines were not impacted by the attack," Rose told Mashable. "When we became aware of the incident, we made the decision to open the fare gates and disable the machines as a precaution to minimize any impacts to our customers. Once we had more information, we turned the gates and machines back on."
Additionally, Rose cleared up some of the initial details included in the San Francisco Examiner'sreport. "The malware used encrypted some systems mainly affecting computer workstations, as well as access to various systems," says Rose. "However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."
Rose also confirmed that Muni contacted the Department of Homeland Security during the initial phases of the malware attack. Currently, Muni is working DHS and the FBI to investigate the incident further.
TopicsCybersecurity