Although most attacks against websites only last a few hours, or even days, digital forensics experts mention that other times these incidents can have irreversible consequences. Such is the case of the Southeastern Pennsylvania Transportation Authority (SEPTA), which had to permanently shut down its online store (domain Shop.SEPTA.org) after a massive malware attack. Travel tickets, as well as T-shirts, mugs and other items with the SEPTA logo, could be purchased on the website.
The first hint of the attack occurred last
June, when a user browsing the SEPTA website received an alert from their
anti-malware tool. The user informed the public agency, which started an
internal investigation.
After the website shut down, SEPTA began
notifying all potentially affected users (at least 760 people) of the incident.
The agency’s message, signed by spokesman Andrew Busch, reported that as a
result of the infection personal data was extracted, including:
- Users’
full names - Payment
card numbers - Home
addresses
Finally, the spokesperson added that the
information extracted from the website was put up for sale on some dark web
forums.
Some reports from digital forensics specialists attribute this incident to Magecart, the dangerous hacker group dedicated to the theft of financial information stored in online shopping systems. In addition, SEPTA officials estimate that the information would have been extracted between 21 June and 16 July.
The Pennsylvania government mentions that it is
not yet possible to determine the exact scope of the incident, so more affected
users could receive a notification from SEPTA over the next few days. SEPTA
officials claim that after detecting the infection they followed all
established reporting and damage mitigation protocols to the letter, including
notifying the State Department of Transportation and the Federal Bureau of
Investigation (FBI).
Finally, US federal transportation authorities
announced the permanent closure of the SEPTA online store. According to digital
forensics specialists, it is very likely that this decision was made in order
to prevent other users’ information from being compromised.
So far no further details have been revealed
about the incident, although in his latest statement, the SEPTA spokesman said
no additional incidents have been detected in the agency’s network.
Although not very common, at least three
hacking incidents against some public transport-related systems have recently
been detected, mainly in UK cities. One such case was filed in Manchester,
where digital forensics experts from the International Institute of Cyber
Security (IICS) reported that a group of unidentified hackers managed to
compromise the city’s public transport app. By exploiting a flaw in the QR
codes generated by this application, the attackers managed to generate
electronic tickets to be able to travel by subway, train, among other means of
transport without paying any money.
