Latest in Security

Image credit: Justin Sullivan/Getty Images

San Francisco MUNI hacker was hacked

Evidence suggests that the hacker has made a fortune targeting companies with insecure servers.
487 Shares
Share
Tweet
Share

Sponsored Links

Justin Sullivan/Getty Images

Over the weekend, San Francisco's transit system was hacked by an individual (or group) going by the name Andy Saolis. The attack forced the city to offer Muni rides for free while its staff raced to rectify the breach on its servers. But while Saolis was threatening to expose gigabytes of data if his ransom wasn't paid, they were the subject of a hack themselves. An anonymous individual contacted Krebs on Security, claiming to have breached Saolis' email and found out a few clues as to their identity.

The hacker was able to breach Saolis' Yandex mail account by correctly guessing a security question for password reset. They were then able to access other email addresses and Bitcoin wallets that suggest Saolis has earned anything up to $140,000 from attacking companies. Their key attack vector was to target firms that used Oracle server products as well as its Primavera project-management tool. The servers are especially vulnerable to a software flaw that had been patched in November 2015.

San Francisco's transit agency was something of an outlier, since Saolis mostly targeted businesses that -- allegedly -- quietly paid the ransom rather than public bodies. It appears that construction firms were regularly attacked since Saolis had been in contact with companies like China Construction of America, CDM Smith and Skillman. Other companies that are also mentioned in the list included Irwin & Leighton and the Rudolph Libbe group, a building consultancy.

Despite shifting between multiple Bitcoin wallets and email addresses to avoid detection, the anonymous hacker has left some clues as to their identity. Personal notes were written in a language believed to be Persian or Farsi, suggesting that they're located in the Middle East. There is also a belief that Andy Saolis also uses the pseudonym Ali Reza, a common name in the wider Arab world.

Krebs ends the piece with the usual exhortation for companies and individuals to take better care of their data. Back up files regularly, keep them offline and make sure that your software is kept up to date with the latest patches. In addition, if you're using a web-based email server, make sure that you aren't using easily-guessable answers to your security questions. Otherwise all it takes is for you to say the wrong thing on social media and boom -- all of your secrets are exposed.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
487 Shares
Share
Tweet
Share

Popular on Engadget

Huawei will finally release its $2,400 Mate X phone on November 15th

Huawei will finally release its $2,400 Mate X phone on November 15th

View
Canon M6 Mark II review: Incredible performance from a flawed flagship

Canon M6 Mark II review: Incredible performance from a flawed flagship

View
Amazon adds thousands of Counter pick-up locations in the US

Amazon adds thousands of Counter pick-up locations in the US

View
The 2020 Honda Fit will use the automaker's new hybrid system

The 2020 Honda Fit will use the automaker's new hybrid system

View
The Morning After: Mazda's first EV opens wide with Freestyle doors

The Morning After: Mazda's first EV opens wide with Freestyle doors

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr