A hacker is being sought by Homeland Security after an attack on the Sacramento regional transit system that many riders most likely were unaware of at the time. The hacker managed to force RT to halt its operating systems which are responsible for taking payment via credit cards as well as assigning routes to buses and trains in the Regional Transit system.
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Hacker Takes Over Sacramento Transit And Demands Ransom<a href="https://t.co/PtbCoIGFEd">https://t.co/PtbCoIGFEd</a><br> <a href="https://t.co/TVyOWY9OUI">https://t.co/TVyOWY9OUI</a></p>— The Goldwater (@TheGoldWaterUS) <a href="https://twitter.com/TheGoldWaterUS/status/932815634382987264?ref_src=twsrc%5Etfw">November 21, 2017</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
“We actually had the hackers get into our system, and systematically start erasing programs and data,” Deputy General Manager Mark Lonergan explained. Some 30 million files were destroyed, luckily there are backups and Sacramento RT claim that no employee or passenger identities were compromised. The hacker demanded 1 Bitcoin ransom. Considering BTC has been hitting an all-time high this month, that would be around $8,000.
November 18, <a href="https://thegoldwater.com/news/12354-Hacker-Takes-Over-Sacramento-Transit-And-Demands-Ransom">the homepage for SacRT</a> was also hacked:
<quote>"I’m sorry to modify the home page, i’m good hacker, i I just want to help you fix these vulnerabilities. This is one of the loopholes, modify the home page…."</quote>
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Sacramento Transit hit by script kiddies, promptly loses all customer data. It's never reassuring when government is "securing" our data. <a href="https://t.co/qsMeyWDtLb">https://t.co/qsMeyWDtLb</a> <a href="https://twitter.com/hashtag/Ransomware?src=hash&ref_src=twsrc%5Etfw">#Ransomware</a></p>— The Beef Baron (@lebeefbaron) <a href="https://twitter.com/lebeefbaron/status/933077450115944448?ref_src=twsrc%5Etfw">November 21, 2017</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
It's theorized that the hackers were most likely young, inexperienced and doing it for bragging rights and the thrill as much as for the potential ransom money. SacRT received the following message: “Hello, I will always attack your website, we are hackers. We can do everything. Pay us now to stop attacking.” One sign that the hacker or hackers are inexperienced and primarily in it "for the lulz" is the size of the demanded ransom. SacRTC has removed all credit card payment options until the situation is resolved and security regained. This could take several days. <a href="https://cointelegraph.com/news/hackers-attack-sacramento-transit-system-for-1-btc-ransom">Other recent ransoms demanded</a> following hacking exploits of HBO, Wipro and Equifax faced up against ransoms ranging from $250,000 to $75 million.
