BART website hacked, customer info leaked

[err0r]

SAN FRANCISCO -- The amorphous hacker group known as Anonymous made good Sunday on its threat to strike BART, breaching an agency website and releasing customers' personal information in retaliation for BART's decision to cut cellular phone service to prevent an antipolice protest in San Francisco.

 

The hack attack sent BART scrambling to protect its websites, and it infuriated some riders whose information was leaked. It came as the hackers also called for a 5 p.m. protest today at BART's Civic Center Station, where a police officer fatally shot a knife-wielding man on July 3.

 

BART, which ignited a debate about technology and free expression when it shut down cell phone service last Thursday, has not ruled out blocking it again tonight, agency spokesman Jim Allison said.

 

"We're going to take steps to make sure our customers are safe," Allison said. "The interruption of cell phone service was done Thursday to prevent what could have been a dangerous situation. It's one of the tactics we have at our disposal. We may use it; we may not. And I'm not sure we would necessarily let anyone know in advance either way."

 

The hackers took information from myBART.org, a site run by an outside vendor, then published it on another website. The leak contained 2,001 names of people - along with their passwords - who use the myBART service, which notifies riders of contests, discounts and events. In many cases, addresses and phone numbers were published as well.

 

"We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency," the hackers wrote in an online posting. "BART has proved multiple times that they have no problem exploiting and abusing the people."

 

BART "stored their members' information with virtually no security," the hackers wrote. "Any 8-year-old with an Internet connection could have done what we did to find it. On top of that, none of the info, including the passwords, was encrypted."

 

BART said such websites were separate from the computer network used to operate the transit system.

 

"We regret the inconvenience and stress that it's created for customers. We're disappointed that they would do this," Allison said. He said myBART.org is "meant to be a service to our customers. We're doing everything we can to protect bart.gov, which is used by nearly 2 million people a month as an important tool."

 

As of late Sunday, bart.gov was functioning normally. Allison said the agency planned to notify everyone whose information was posted online.

 

Anonymous, which surfaced in 2003, stepped up its activity in 2008 with a series of protests in the name of Internet freedom and free speech. Notably, the group targeted the Church of Scientology, which it accused of suppressing an unflattering video of Tom Cruise that had been posted online.

 

Subsequent protests have involved cyber attacks on PayPal, Sony and various foreign governments accused of suppressing free expression.

 

Thursday's planned protest, which never materialized, was organized in response to the July 3 police shooting. Activists also remain upset about the fatal shooting of unarmed BART rider Oscar Grant on New Year's Day 2009 by a former officer who was convicted of involuntary manslaughter.

 

Marsha-Ann Sebay, a Vallejo woman whose personal information was released, said she was furious with the hackers.

 

"To be honest with you, I'd like to kick their ass," said Sebay, 61, who works in the UC Davis registrar's office. "If you have a problem with someone, you resolve it with that person. You don't punish other people because you don't agree with something.

 

"There's other ways to protest," she said. "In my day, you bombarded them with letters."

 

Source: Casey Newton