#Anonymous claims to have hacked BART; posts employee and rider data
On August 11, the Bay Area Rapid Transit (BART) suspended wireless service. According to a statement posted on their web site the next day, their intent was to address an expected protest following an officer-involved shooting on July 3:
Organizers planning to disrupt BART service on August 11, 2011 stated they would use mobile devices to coordinate their disruptive activities and communicate about the location and number of BART Police. A civil disturbance during commute times at busy downtown San Francisco stations could lead to platform overcrowding and unsafe conditions for BART customers, employees and demonstrators. BART temporarily interrupted service at select BART stations as one of many tactics to ensure the safety of everyone on the platform.[…]
Their actions resulted in a lot of criticism, much of it tagged #opbart on Twitter and drawing parallels to Mubarak’s heavy-handed attempts to quash Egyptian protests earlier this year.
Criticism was soon followed by hacktivism, it seems.
Your Website has been hacked and database has been leaked by: ### ### #t0nicwater #Bl4ckAbby #NaDa #Tanko #Anonymous #hackers
Dear Bay Area Rapid Transit, The People and All Government Agencies, We are Anonymous, we are your citizens, we are the people, WE DO NOT TOLERATE OPPRESSION FROM ANY GOVERNMENT AGENCY. BART has proved multiple times that they have no problem exploiting and abusing the people. First they displayed this by the two recent killings by BART police. Under no circumstance, unless police are shot at, make police killings acceptable. Non-lethal weapons were available to use during both incidents, providing even that was necessary, but instead they shot to kill. Next they violated the people’s right to assembly and prevented other bystanders from using emergency services by blocking cell phone signals in order to stop a protest against the BART police murders. Lastly, they set up this website called mybart.gov and they stored their members information with virtually no security. The data was stored and easily obtainable via basic sqli. Any 8 year old with a internet connection could have done what we did to find it. On top of that none of the info, including the passwords, was encrypted. It is obvious BART does no give a fuck about its customers, funders and tax payers,THE PEOPLE. The governments and government agencies of the world are becoming tyrannical and oppressive, and the people are responding and will not take your shit for much longer. The people will fight this oppression with protests, demonstrations, riots, hacking, ddos, online attacks and by any other means. We will not allow ourselves to be killed, exploited, or get shitted on. From the streets of Chile, England, Portland, San Francisco, Oakland, the people are rising up and we will support each other and stand in solidarity against any injustice. Worldwide resistance is happening, we will participate in solidarity against oppression. SOLIDARITY IS OUR WEAPON. Thus below we are releasing the User Info Database of MyBart.gov, to show that BART doesn’t give a shit about it’s customers and riders and to show that the people will not allow you to kill us and censor us. This is but the one of many actions to come. We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn’t secure with them. Also do not worry, probably the only information that will be abused from this database is that of BART employees.
The statement was followed by a listing of what appears to be over 2,450 first and last names, email addresses, phone numbers, street addresses with city/state/zip, and unencrypted user passwords, among other fields.
As of the time of this posting, www.bart.gov is still online, but the mybart.org home page remains defaced.