Hackers broke the San Francisco MUNI over the weekend

It was taken down on Friday, allowing passengers to ride for free; systems have now been restored

Technology trends and news by Steven Loeb
November 28, 2016
Short URL:

It feels like, for the last few years at least, I've been hearing a lot of experts say that the next attack on the United States would come in the form of cyber warfare. That the physical danger will start to decline, but the inner workings of the country, and all of our institutions, will be threatened. That's really starting to feel true now.

In addition to apparent evidence that Russia was somehow involved with hacking into at least two state election databases, as well as the Democratic National Committee, this year, now comes evidence that our public transportation systems are vulnerable as well.

Over the weekend, riders on the MUNI rail system in San Francisco were greeted with a message saying, "You Hacked, ALL Data Encrypted," according to the San Francisco Examiner.

The attack occurred at some point on Friday and, as a result, Muni was unable to charge customers, so it instead allowed them to ride for free. Fare gates were kept open; there seems to be some dispute over whether or not they were intentionally left open, or if they couldn't be physically closed, but, either way, it was a good time to be passenger.

While some might see that as something of a postive, given that regular people were able to benefit from this attack, the indicent is very troubling. Not only was the system shut down for over a day, showing how vulnerable it is, but it was actually being held hostage, with the hackers telling the Verge in a fairly unintelligible emailed statement on Sunday that they wanted to make some kind of "deal" with the San Francisco Municipal Transportation Agency (SFMTA).

"we don't attention to interview and propagate news ! our software working completely automatically and we don't have targeted attack to anywhere ! SFMTA network was Very Open and 2000 Server/PC infected by software ! so we are waiting for contact any responsible person in SFMTA but i think they don't want deal ! so we close this email tomorrow!" they wrote.

Things seem to have now gone back to normal. In a Tweet, the SFMTA said that, "The fare gates and ticket vending machines in Metro stations are in normal operation."

VatorNews reached out to SFMTA to find out if there was any indication of who was behind the attack, and if the organization made any kind of deal to get service restored. The SFMTA would not provide any additional details.

"There has been no impact to transit service, to our safety systems or to our customer's personal information. The incident remains under investigation, so it wouldn't be appropriate to provide any additional details at this point," Paul Rose, a San Francisco Municipal Transportation Agency spokesperson, told me.

A year of hackings

As I mentioned earlier, this attack takes on even greater significance in the context of other similar incidents that have gone on recently. 

Earlier this year, the Democratic National Committee was infliltrated by Russian hackers, who accessed a database of opposition research on GOP presidential candidate Donald Trump, as well as a plethora of private e-mails. DNC e-mails were distributed on the Internet by WikiLeaks, though founder Julian Assange denied that he had any link to the hacking of the DNC. 

Those emails no doubt had at least some effect on the ultimate outcome of our election, and have spurred people on both sides of the aisle to seek answers about what exactly happened.

Ever since the election, there have also been suggestions of vulnerabilities within voting machines in the U.S., which may also have been targeted, and for good reason. 

Over the summer, the Federal Bureau of Investigations released a bulletin, warning election officials around the country to beef up their own security as a result hackers having already infiltrated two state election databases.

The hackings occurred in July and August. While the bulletin didn't say specifically which states were hit, Yahoo News, which first reported this news on Monday, quotes sources pointing to Arizona and Illinois as the targets. Evidence once again pointed to the Russians: an IP address listed in the FBI alert had surfaced before in Russian criminal underground hacker forums, Rich Barger, chief intelligence officer for ThreatConnect, told Yahoo. 

The FBI was also said to be looking at a “possible link” to the hacking of the DNC, though there has been no evidence yet that the two are connected. 

The bulletin was posted only three days after Homeland Security Secretary Jeh Johnson held a conference call with state election officials on August 15, in which he offered help to to make state voting systems more secure, including providing federal cybersecurity experts to scan for vulnerabilities.

This latest attack is another indication of how insecure our systems are, and the possibility of something much worse happening down the line. 

(Image source:

Related news