Hacker Who Hacked San Francisco Rail System Got Himself Hacked

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Recently the San Francisco Municipal Railway (MUNI) computer systems were hacked and locked by a hacker who ended up demanding 100 bitcoins (USD 73,000) to unlock the whole system again. New update on this news its that the San Francisco Rail System hacker himself has been hacked. Yes- a hacker has infiltrated the cybercriminal’s own email inbox and accessed a trove of emails.

This hack has revealed clues about the culprit’s location, identity and past extortion activities, according to Brian Krebs- a security expert who runs KrebsOnSecurity. On 28 November, Krebs said he was contacted by a security researcher (who remains unnamed) that claimed to have broke into the Yandex email address provided by the hacker.

How Was It Possible?

The security research made this possible just by guessing his (or her) “secret question” and then resetting the password on the account.The hacked email was backed with another email address ([email protected]) which was also protected with the same secret question and answer as the cryptom27 email address.

Upon taking over both emails the researcher shared a number of conversations and logs with Krebs that gives an indication of the hacker’s whereabouts and previous targets. For example, IP address of more than 300 logins shows the hacker was singing in from Iran, the account owner name was mentioned as Ali Reza(a common name in Iran), also a phone number was linked to another account belonging to a hosting company in Russia.

Also the emails appear to show the hacker was previously successful at extorting a range of victims – however they were usually in the manufacturing and construction sector. A scan of their Bitcoin wallets, used to store illicit profits, showed roughly $140,000 in funds.

On deep digging the hacked email also provide insight into what types of vulnerabilities the hacker was using to sneak into networks – primarily by exploiting security flaws in Java applications and gaps in Oracle server products. Plus several open-source tools were also used by the hacker to help find and infect new victims

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Leave a Reply