NYC subway system was secretly hacked by Chinese-backed hackers in April of this year
Hackers with links to the Chinese government targeted New York City's subway system in April, according to documents from the
Metropolitan Transportation Authority (MTA).
According to a
report by the New York Times, the hacking group penetrated the MTAs computer systems, exposing vulnerabilities in a vast transportation network that carries millions of people in the New York City metropolitan area.
Transit officials claimed the hackers did not gain access to systems that control train cars and rider safety was not at risk. They added that the attack appeared to cause little damage, if any.
But officials did raise concerns that the hackers could have entered those operational systems or that they could have installed a back door that would allow them to continue penetrating the MTA's systems.
MTA says no information was compromised
MTA officials said that, on April 20,
a joint alert was issued by the
Federal Bureau of Investigation (FBI),
Cybersecurity Infrastructure Agency (CISA) and the
National Security Agency (NSA) in regard to a zero-day vulnerability – a vulnerability no one was aware of and for which there were no patches.
CISA made recommendations for fixes and patches, which the MTA implemented on the morning of April 21. In addition, the MTA also engaged with IBM and Mandiant to perform a forensic audit.
Of the MTA's 18 systems, only three were impacted according to the agency. No employee information was breached and there was no impact on contractors or customers.
In a statement to
The Hill, MTA chief technology officer Rafail Portnoy said that the agency "quickly and aggressively responded to this attack [by] bringing on Mandiant, a leading cyber security firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems."
"Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat," he added.
MTA officials also stated that the hack was part of a larger breach on multiple organizations and federal agencies that CISA first reported on April 20. Here, hackers breached multiple agencies by exploiting vulnerabilities in products from technology company Invanti's Pulse Connect Secure.
According to CISA, it had been assisting compromised organizations at the time, since March 31. The hack itself was believed to have begun sometime in June 2020, or even earlier.
Breach latest in a string of cyberattacks on US infrastructure
Transit officials state the breach was the third and most significant cyberattack on the MTA's transit network – the largest in North America – by hackers thought to be connected with a foreign government in recent years.
It comes during a surge in cyberattacks on critical American infrastructure, from water supply systems to fuel pipelines.
Last month, a ransomware attack on the Colonial Pipeline, one of America's largest pipelines, led to a shutdown of a network that carries nearly half the gasoline, diesel and jet fuel for the East Coast. The shutdown caused higher prices and long lines at fuel pumps across the U.S. Southeast. (Related:
Colonial Pipeline cyber attack draws attention to serious vulnerabilities in U.S. energy.)
Cyberattacks have also crippled police departments in the District of Columbia and elsewhere. They've also hit hospitals treating Wuhan coronavirus (COVID-19) patients. In these attacks, criminal groups hold data hostage, seeking payments to unlock data.
The hack on the MTA did not involve financial demands. Instead, it appeared to be part of a recent series of widespread intrusions by hackers believed to be backed by the Chinese government. This is according to FireEye, a private cybersecurity firm that works with the federal government and helped identify the breach.
The hacking campaign was discovered in April and compromised dozens of federal agencies, financial institutions and defense contractors. But the Chinese government has denied any involvement with the hacking operations.
Why the MTA was targeted remains unclear. Investigators theorize that it could be part of
China's push to dominate the multibillion-dollar rail car market. This is an effort that could benefit from knowing more about the inner workings of a transit system known to award lucrative contracts.
But another, more benign theory is that the hackers entered the MTA's system by mistake, before discovering that it was of little interest – something cybersecurity experts say is not unusual.
Follow
CyberWar.news for the latest news on cyberattacks on American infrastructure.
Sources include:
NYTimes.com
TheHill.com