Hacked: BART Police personal info (Anonymous #OpBART or not?)

By Richi Jennings (@richi ) - August 18, 2011.

OpBART logo (@exiledsurfer)
The BART Police Officers Association website got hacked yesterday; the perp released the personal details of 100 officers. Some say it was Anonymous, some say it was a n00b mademoiselle wielding a +1 SQL injection. In IT Blogwatch, bloggers blog it for the lulz.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: the exploding Australian backpacker hostel...

Jaikumar Vijayan reports:

The move was in apparent retaliation for BART'...temporarily cut[ting] off underground cell...service...last Thursday in response to a planned protest against the shooting of a...man by BART police.


This is the second time in less than a week that hackers claiming to be...Anonymous have attacked BART. Earlier...[someone] broke into a BART website and released [details] of more than 2,000 BART customers.   

    David Kravets adds:

The hack exposed 100 names, addresses and passwords of union members. ... BART...[recently] became the first government agency in the [U.S.] to disable mobile-internet and phone service to quell a protest.


The union’s president, Jesse Sekhon, said...“These people are criminals and we’re going to forward this information to the FBI.”   

Bonjour! Lauren Smiley's been talking to a French girl:

[I] chatted online with someone who claimed to be the mind behind today's attack. ... Lamaline_5mg...doesn't claim to be part of Anonymous. ... She even took issue with referring to [it] as a hack: "They had zero security," she wrote.


She said she "exploited a gaping hole" in the site's security to find all the BART officers' [details]. ... here was her creation.


Lamaline first told us her motivation came from outrage at BART turning off cellphone reception..."This is exactly like...the tahrir protests." But then she...claim[ed] she did it...for the "lulz."   

Michael Valera scoffs at BART POA:

It's not just the fact that they got hacked, by an amateur. ... It's that the data...was completely unencrypted. ... You'd figure that after the first security breach they would've tried to encrypt all their sensitive info. ... It's not like doing so is complicated or expensive.   

But Robert X. Cringely (that one, not that one) wishes a plague on both their houses:

I'm sure it was all those reports about how the London riots...that inspired BART to make this chowderhead move. But that's...like closing all the paint stores to keep people from making signs. ... Barely Adequate Rapid Transit might be a better acronym.


The response to this move, however, hasn't been a whole lot smarter. Naturally, Anonymous had to get into the act. ... What Anonymous did was arguably worse than what BART did. ... Exposing commuters' personal information isn't going to make them stop taking BART.


BART needs to learn that it's not actually a separate country with its own laws. Anonymous needs to grow up.   

   And Finally...
Backpacking in Australia? Try a hostel that doesn't explode.

[Hat tip: Andy Dawson]

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com. You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2011 IDG Communications, Inc.

Shop Tech Products at Amazon