San Francisco Transit Hacker Gets Hacked


The hacker claiming responsibility for last week's ransomware attack on the San Francisco Municipal Transportation Agency has been hacked.

According to security researcher Brian Krebs, the criminal—someone calling themselves "Andy Saolis"—was the target of a breach that revealed details about other hacks allegedly carried out by Saolis.

The Friday hack meant free rides for all that night and into Saturday, as payment kiosks were inaccessible. Saolis later claimed responsibility and fielded questions from the media via email. On Monday, a security analyst accessed that email account by guessing the answer to Saolis' secret question and resetting the password, the researcher, who chose to remain anonymous, told Krebs.

Based on messages obtained from the inbox and published by Krebs, Saolis on Friday contacted SFMTA infrastructure manager Sean Cunningham and demanded 100 bitcoin ($73,000) in exchange for re-entry into SFMTA's encrypted servers.

"The SFMTA has never considered paying the ransom," an agency spokesman told PCMag. "We have an information technology team in place that can restore our systems and that is what they are doing."

Saolis, however, has successfully extorted at least $140,000 from victims since August, Krebs reports.

Last week's SFMTA outage—which disrupted about 900 office computers—was not a targeted strike; instead, it appears the infection spread through a SFTMA employee with "admin level" access, whose PC was used to download a software keycode generator carrying the malicious code.

"It's Show to You and Proof of Concept , Company don't pay Attention to Your Safety !" Saolis wrote in a message to PCMag on Monday, apologizing for their broken English. "If some Hacker Try to Hack Your Transportation Infrastructure Target-Based , it's Have More Impact!"

Saolis did not immediately respond to another request for comment.

Despite employee concerns about missing a paycheck, the San Francisco MUNI confirmed that there will be no impact to payroll services. Meanwhile, customer payment systems were not hacked, and no data was accessed during the breach.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Rockstar Games Hosting Sale on Many Titles Via Google Play

    For a limited time, you can pick up six different games from Rockstar on Google Play, all marked down from their original pricing.If you are a big Grand Theft Auto fan, Rockstar has all of the GTA titles marked down, including Vice City for $3, San Andreas for $4, and GTA III for $3.
  • 5300c769af79e

    Eyes On: LG's SmartThinQ Hub With Alexa

    At IFA this week, LG announced Alexa integration for its SmartThinQ Hub, which makes sense considering it looks and works an awful lot like the Amazon Echo.The biggest distinction between the two is the SmartThinQ's pill-shaped 3.
  • 5300c769af79e

    Dropbox Urges Users To Change Old Passwords

    But for those overseeing employees who use Dropbox on a personal basis, there's a chance that bad personal password hygiene could rub off on corporate data.On its website, Dropbox explains that its security team became aware of "an old set of Dropbox user credentials (email addresses plus hashed and salted passwords)" that may have been obtained following a security incident reported in 2012.
  • 5300c769af79e

    BOTS Act Cracks Down on Cyber Scalpers

    The US government is cracking down on cyber scalpers.Congress this week passed federal legislation prohibiting the use of online bots to stockpile event tickets for resale at marked-up prices.