Sophos Cloud Optix
Anonymous continued their crusade against governments and organizations this weekend, attacking the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system.
They performed a SQL injection (SQLi) attack against the site and were able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes.
They also defaced the website with Guy Fawkes masks, which BART has yet to remove more than four hours later.
While it is understandable that people are upset with BART after the recent blocking of cell phone communications to prevent protesters from organizing, it is puzzling to me how exposing thousands of innocent people’s personal information hurts BART more than it hurts transit users.
Users of rapid transit are certainly not the problem, and this simply takes a bad situation and makes it worse by creating even more victims.
During my interview about the incident with KCBS radio in San Francisco this afternoon, I was asked what people can do to protect themselves against these types of attacks. What an interesting question…
Personally, I am skeptical of anyone asking for my information for almost any reason. We can’t know how that data will be protected, shared or sold regardless of what the privacy policy may say.
The best approach is to not provide your personal information where it isn’t needed and make sure you always use a unique password for every website, regardless of how unimportant you think the site may be.
If you are a user of myBART.org, I recommend changing your passwords anywhere you might have used the same password. Aside from that, there is little you can do now that your information has been published.
Website admins, if you are still storing passwords in plain text and haven’t examined your web site for SQL injection vulnerabilities, even after the attacks against Sony, I highly recommend doing so. This is not a list you want your site to be added to.
Well, another successful target of Anonymous. As you said, it's true that more people have been affected, even so many people who had nothing to do with the "riot" at first.
At first I thought that this cyber-criminal attacks were going to be a "one-time" or two thing, but It has now become serious.
After many cyber-attacks completed, does this mean that the next "world war" will take place on the cyber space and even more, it cannot be controlled?
What is Anti-Hacker or Ethical Hackers going to do to prepare us for this?
Anonymous are the ethical hackers, douche
What about this makes them ethical?
Mike…If you think Anonymous are the ethical hackers, then that makes you the douche.
I'd bet few members of Anonymous have ever studied ethical decision-making in any depth or even know what the tools of ethics are, nevermind how to use them.
This no more makes you ethical than running LOIC makes you a hacker. They are mere script kiddies in multiple domains.
So you protect the passengers of the transit system, one of which was shot – by hacking the accounts of those same passengers?
Now instead of getting shot, they get shot AND hacked. Brilliant.
Frankly, anyone who codes up a public site susceptible to SQL injection in this day and age is incredibly lazy and/or incompetent and should be sued for every penny they were paid to write it.
Did anyone here actually get anything hacked as a result of Anon's activity?
BART will SELL your info, and we don't seem to mind that at all, but anon lets it be known that they can get access to it, and y'all seem to freak out. Guess what, if someone wants yer identity, their gonna get it. Like the guy above me said, this is laziness on behalf of BART.
Let me know if Anon charges you for pizzas unfairly, cuz I don't think anyone actually got hurt from this display.