New York subway hacked in computer breach linked to China

New York subway hacked in computer breach linked to China

David Taintor and Danielle Zoellner

·3 min read
<p>The MTA experienced a cyber attack in April </p> (AFP via Getty Images)

The MTA experienced a cyber attack in April

(AFP via Getty Images)

The New York City subway authority was hacked in April, The New York Times reported on Wednesday, as cyberattacks have targeted America’s energy resources, meat supplies and more.

The attack was orchestrated by a hacking group that is believed to have ties to the Chinese government, according to the publication.

Hackers were unable to gain access to the system that controls the train cars, which could impact rider safety if breached.

But there was concern that the attack left behind a back door that would allow hackers to continue to infiltrate the Metropolitan Transit Authority’s (MTA) operational system, according to a document detailing the hack, which was obtained by The New York Times.

The hack has not been disclosed publicly but the MTA did report it to the proper law enforcement agencies.

A forensic analysis of the cyber attack showed no signs of a back door for hackers or that any customers’ personal information was stolen.

In a statement to The Independent, Rafail Portnoy, the MTA’s chief technology officer, confirmed the cyber attack and said the agency responded “quickly and aggressively” by bringing on Mandiant, a cyber security firm, to assist in the hack.

“Forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” Mr Portnoy said.

“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber attacks are a growing global threat,” he added.

Although there was no impact to customers or employees from the cyber attack, the MTA forced 3,700 users (employees and contractors) to change their passwords as a precautionary measure.

Critical infrastructure in the United States has been the target of several cybersecurity hacks in recent months.

In April, Colonial Pipelines, which owns one of the nation’s largest fuel pipelines, experienced a ransomware attack that crippled the company’s operational system for several days. The pipeline runs 5,500 miles between Texas and New Jersey, delivering more than 100 million gallons of fuel to states per day.

Officials were forced to shut down the pipeline for several days in order to restore the system, which caused panic buying among residents and increased gas prices. The company also paid more than $4m in ransom to hacking group DarkSide, a Russia-based criminal organisation.

JBS, the world’s largest meat processing company, experienced a cyber attack this past weekend from ransomware gang REvil, which is believed to operate in Russia, the Associated Press reported. This caused a shutdown, but officials said the “vast majority” of its meat processing plants on Wednesday.

REvil demanded a ransom from JBS, but it was not revealed how much the hackers asked for or if the company paid to restore its operational services.

Hackers in the MTA cyber attack did not request a ransom, according to The New York Times, but experts said they potentially still benefited financially depending on what was acquired during the hack.