BART ready for renewed protests after cyber attackAugust 15th, 2011 By PAUL ELIAS and JOHN S. MARSHALL , Associated Press in Technology / Internet
This screen shot taken from californiaavoaid.org, an organization sponsored by Bay Area Rapid Transit (BART), shows a page from the website after it and other BART-related sites were hacked by the hacker's group Anonymous on Sunday, Aug. 14, 2011. BART district officials said they were attempting Sunday to shut down the hacker's group website that lists the names of thousands of San Francisco Bay area residents who are email subscribers of myBART.org, a legitimate BART website. (AP Photo/californiaavoaid.org)
(AP) -- San Francisco's mass transit system prepared for renewed protests Monday, a day after hackers angry over blocked cell phone service at some transit stations broke into a website and posted company contact information for more than 2,000 customers.
The action by a hacker group known as Anonymous was the latest showdown between anarchists angry at perceived attempts to limit free speech and officials trying to control protests that grow out of social networking and have the potential to become violent.
Anonymous posted people's names, phone numbers, and street and email addresses on its own website, while also calling for a disruption of the Bay Area Rapid Transit's evening commute Monday.
BART officials said Sunday that they were working a strategy to try to block any efforts by protesters to try to disrupt the service.
"We have been planning for the protests that are said to be shaping up for tomorrow," BART spokesman Jim Allison said. He did not provide specifics, but said BART police will be staffing stations and trains and that the agency had already contacted San Francisco police.
The transit agency disabled the website, myBART.org, Sunday night after it also had been altered by apparent hackers who posted images of the so-called Guy Fawkes masks that anarchists have previously worn when showing up to physical protests.
The cyber attack came in response to the BART's decision to block wireless service in several of its San Francisco stations Thursday night as the agency aimed to thwart a planned protest over a transit police shooting. Officials said the protest had been designed to disrupt the evening commute.
Computer experts said the hackers appeared to exploit an obvious hole in the site's security. BART pays another company to operate the website that offers subscribers discounted tickets and keeps them apprised of events planned by the transit agency.
"I don't think Anonymous worked very hard," said Josh Shaul, chief technology officer of Application Security Inc., a New York-based data base security company. "This appears to be a low-tech attack. It's really very trivial to find these vulnerabilities."
A BART spokesman didn't immediately return an email message Monday morning.
"We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency," the hackers wrote on their own website. "BART has proved multiple times that they have no problem exploiting and abusing the people."
Allison described myBART.org as a "satellite site" used for marketing purposes. It's operated by an outside company and sends BART alerts and other information to customers, Allison said.
The names and contact info published by Sunday came from a database of 55,000 subscribers, he said. He did not know if the group had obtained information from all the subscribers, he said, adding that no bank account or credit card information was listed.
The BART computer problem was the latest hack the loosely organized group claimed credit for this year. Last month, the FBI and British and Dutch officials made 21 arrests, many of them related to the group's attacks on Internet payment provider PayPal Inc., which has been targeted over its refusal to process donations to WikiLeaks. The group also claims credit for disrupting the websites of Visa and MasterCard in December when the credit card companies stopped processing donations to WikiLeaks and its founder, Julian Assange.
BART's decision to shut down wireless access was criticized by many as heavy handed, and some raised questions about whether the move violated free speech.
The problems began Thursday night when BART officials blocked wireless access to disrupt organization of a demonstration protesting the July 3 shooting death by BART police who said the 45-year-old victim was wielding a knife.
Activists also remain upset by the 2009 death of Oscar Grant, an unarmed black passenger who was shot by a white officer on an Oakland train platform. The officer quit the force and was convicted of involuntary manslaughter after the shooting.
Facing backlash from civil rights advocates and one of its own board members, BART has defended the decision to block cell phone use, with Allison saying the cell phone disruptions were legal because the agency owns the property and infrastructure.
"I'm just shocked that they didn't think about the implications of this. We really don't have the right to be this type of censor," Lynette Sweet, who serves on BART's board of directors, said previously. "In my opinion, we've let the actions of a few people affect everybody. And that's not fair."
Laura Eichman was among those whose email and home phone number were published by the hackers Sunday.
"I think what they (the hackers) did was illegal and wrong. I work in IT myself, and I think that this was not ethical hacking. I think this was completely unjustified," Eichman said.
She said she doesn't blame BART and feels its action earlier in the week of blocking cell phone service was reasonable.
"It doesn't necessarily keep me from taking BART in the future but I will certainly have to review where I set up accounts and what kind of data I'm going to keep online," Eichman said.
Michael Beekman of San Francisco told the AP that he didn't approve of BART's move to cut cell phone service or the Anonymous posting.
"I'm not paranoid but i feel like it was an invasion of privacy," he said. "I thought I would never personally be involved in any of their (Anonymous') shenanigans."
The group Anonymous, according to its website, does "not tolerate oppression from any government agency," and it said it was releasing the User Info Database of MyBart.gov as one of many actions to come.
"We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn't secure with them," the statement said.
©2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
"BART ready for renewed protests after cyber attack." August 15th, 2011. http://phys.org/news/2011-08-bart-ready-renewed-protests-cyber.html