Tag Archive for: MTA

Hackers with suspected China ties breached MTA servers in April

/in


Hackers with possible ties to the Chinese government breached three of the MTA’s computer systems earlier this year, transit officials said Wednesday.

The breach occurred on two separate days in the second week of April and continued unchecked until being discovered on April 20, officials said. Hackers did not access systems related to train operations, safety or customer or employee information, the MTA said.

The authority “quickly and aggressively responded to this attack,” MTA Chief Technology Officer Rafail Portnoy said in a statement. An outside audit “found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Portnoy said.

“The MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” he added.

To gain access, the hackers took advantage of vulnerabilities in the remote work tool Pulse Connect Secure to breach three systems used by the MTA’s city transit and commuter rail divisions, according to the New York Times, which first reported the breach.

The hackers reportedly left “web shells” to maintain backdoor access to the MTA’s system, the Times said — and also took steps to erase evidence of their intervention.

MTA officials said the federal Cybersecurity and Infrastructure Security Agency ordered “fixes and patches” that were made within 24 hours of the breach’s discovery. Addressing the breach cost the MTA an estimated $370,000, the Times said.

The MTA has 18 total computer systems. About 5 percent of the MTA’s workforce were instructed to change their passwords as a result of April’s breach, officials said.

The attack is one of several this year that cybersecurity experts suspect are backed by the Chinese government, either directly or indirectly, the Times said.

Dozens of government agencies, contractors and financial institutions were hit by the wave of attacks, which were uncovered in late April.

With Post wires

Source…

The M.T.A. Is Breached by Hackers as Cyberattacks Surge

/in


The M.T.A.’s systems appear to have been attacked on two days in the second week of April, and the access continued at least until the intrusion was identified on April 20, the M.T.A. document shows. The hackers took advantage of a so-called “zero day,” or a previously unknown coding flaw in software for which a patch does not exist.

Hackers gained access specifically to systems used by New York City Transit — which oversees the subway and buses — and by both the Long Island Rail Road and Metro-North Railroad, according to the M.T.A. document outlining the breach. The hackers compromised three of the transit authority’s 18 computer systems, transit officials said.

But, Mr. Portnoy said, there was “no employee or customer information breached, no data loss and no changes to our vital systems.”

“Our response to the attack, coordinated and managed closely with State and Federal agencies, demonstrated that while an attack itself was not preventable, our cybersecurity defense systems stopped it from spreading through M.T.A. systems,” he added.

Once the broad intrusions that included the M.T.A. were identified in late April, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the National Security Agency and the F.B.I. issued an alert about the vulnerability.

The software company that owns Pulse Connect Secure, Ivanti, provided immediate steps to mitigate the damage and released a security update to fix the vulnerabilities. New York transit officials say they implemented the fixes within 24 hours of their release.

After receiving the warning from security officials, the M.T.A. quickly conducted the detailed forensics audit, which found malware in the authority’s Pulse Connect Secure applications, transit officials said. The malware included malicious software known as “web shells,” according to the M.T.A. document, that typically provide hackers a backdoor to remotely access — and in some cases control — certain servers over a long period of time.

Source…