Anonymous hacks BART website, steals passwords

August 14, 2011 6:20:27 PM PDT
They promised to retaliate: Today, the world-wide hacking organization Anonymous struck a BART website.

The attack was in response to BART shutting down the cell phone network for its riders last week, and Anonymous says it won't stop with today's disruption -- it plans more havoc for tomorrow.

The group threatened to wage cyber war on BART beginning at noon on Sunday. By 12:30 p.m., the agency's main website at BART.gov was up and running as usual, but its promotional website, MyBART.org, bore the distinct markings of the hacker group.

Additionally, MyBart usernames, email addresses and, in some cases, phone numbers were posted online for the world to see.

"We're doing everything we can to defend against attacks on BART websites," said BART spokesperson Jim Allison.

In a web posting on Sunday, a spokesperson for Anonymous said "any eight-year-old with an internet connection could have done" what they did. Anonymous also wrote that none of the information, including the passwords, was encrypted.

The breach has affected around 2,000 people. BART has since emailed those whose information was leaked. Some of the information posted online included email addresses, phone numbers, home addresses and account passwords.

"I understand the reason why they're protesting, but they're hurting the wrong people," said MyBART user Owen Rubin. "They're hurting the commuters, and they're hurting the consumers like me who have nothing to do with BART other than having to ride it as a way to get to and from work."

The group says the hacking, as well as a planned protest scheduled for 5 p.m. on Monday at the Civic Center station, is in direct response to BART's decision to switch off its underground cell phone network in Downtown San Francisco last week. The protest BART had hoped to stop never materialized.

CNET editor Declan McCullagh says the attack by Anonymous was a way to draw attention to their cause.

"This is kind of a thumb in the eye to the folks who run BART, and it's a way, too, that Anonymous feels to draw attention to what they view as an abuse of authority," McCallugh said.

A person associated with Anonymous spoke with ABC7 Sunday afternoon.

"It was a global attack," the unidentified associate said. "They were able to gain access to an admin account for the BART website. Once in, they were able to export the MySQL database."

The associate added that a person in Austria posted the MyBART data to their website.

Attempts to hack the actual BART.gov website have failed so far because of the expansive network of servers, the associate said.

Meanwhile, the deafening cell phone silence has sparked outrage, including from one of BART's directors.

"We're setting the wrong precedent for other agencies," said BART board member Lynette Sweet. "What if everybody took every veiled threat as a reason to shut off communication chains?"

Sweet says the idea to shut down cell phone networks came from the Department of Homeland Security, but Sweet adds that it was meant to be a tool in response to terrorism and that the tool was gravely misused.

"Authoritarian control tactics" is the way State Senator and San Francisco mayoral candidate Leland Yee described it. Yee is now urging the FCC to investigate BART.

"When you have an agency that has absolute control of your modes of communication, it becomes rather scary when, with the flip of a switch, you can disable any and every individual cell phone," Yee said.

BART has not said whether or not it intends to shut down cell phone service on Monday.

As for the hackers, a message posted on a Twitter account seems to sum up their thoughts: "We're just getting warmed up."

BART says it is still trying to shut down its MyBART website and is reaching out to account holders who had their information leaked. BART also says it is in communication with federal authorities.


Load Comments