How did China hack MTA? NY subway targeted in third serious attack on America's largest transit network
China-linked hackers breached MTA and even Martha's Vineyard and Nantucket ferries faced ransomware attacks but New York subway was reportedly safe
Chinese operatives reportedly hacked New York City's transportation system in April. In fact, a ferry business transporting passengers to Martha's Vineyard and Nantucket admitted that they, too, had been targeted by hackers. This was all revealed on Wednesday, June 2.
Citing an internal MTA inquiry, The New York Times said the Metropolitan Transportation Authority (MTA) determined that their computer systems had been hacked, but the Chinese hackers did not get access to systems that control train vehicles. The breach was the third and the most serious intrusion on North America's largest transit network by hackers linked to foreign countries in recent years.
The attack in New York demonstrated once again just how vulnerable the US infrastructure is to hacking. The operator of US' largest fuel pipeline, Colonial Pipeline, fell victim to a cybersecurity attack on Friday, May 7, by Russian hacker DarkSide. An elite army of 7,000 strong North Korean hackers is also growing to be a cause of concern for countries across the world.
How did China hack the MTA?
The hackers leveraged flaws in Pulse Connect Secure — a commonly used VPN connectivity service that helps staff log in from home — to obtain access to the MTA and other systems. According to cybersecurity company FireEye, the cyberespionage campaign involved two groups of China-linked hackers, one of which was likely acting on behalf of the Chinese government. The MTA forced 3,700 employees and contractors, or 5 per cent of its staff, to change passwords as a precautionary step.
According to the MTA document, their systems were hacked on two days in the second week of April, and the access persisted at least until the breach was discovered on April 20, The New York Times reported. The hackers took advantage of a so-called "zero-day", which is a previously unknown software flaw for which there is no patch.
The hackers obtained access to systems used by New York City Transit — which oversees the subway and buses — as well as the Long Island Rail Road and Metro-North Railroad. Three of the transport authority's 18 computer systems were hacked, according to transport officials.
The Steamship Authority, which runs ferries between the mainland of Massachusetts and the popular vacation islands of Martha's Vineyard and Nantucket, was also hacked on Wednesday, June 2. On June 2 night, the website was still down and passengers were warned to expect delays. The companyhad not specified whether they paid a ransom and said they were "unable to release or confirm" any specific details of the attack, the Daily Mail reported.
According to a survey published last year by the Mineta Transportation Institute, only 60 per cent of transit agencies have a cybersecurity plan in place. They seemed oblivious to the dangers: more than 80 per cent said they were prepared to deal with cybersecurity concerns.
Why did China hack the MTA?
There have been several possibilities proposed as to why Beijing would wish to hack into New York's public transportation system. One theory is that China wants to learn more about New York's systems in order to advance in the business that supplies the service with parts and carriages.
Another theory is that China stumbled onto the system while fishing and discovered there was little interest. Others saw the breach as China flexing its muscles and demonstrating its capabilities. "The MTA's existing multilayered security systems worked as designed, preventing spread of the attack," said Rafail Portnoy, the MTA's chief technology officer. "We continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat."