SF's Muni Transit System Got Hacked to Give Out Free Rides

The message "You Hacked, ALL Data Encrypted" scrolled across systems city wide.

SF Examiner

On Friday, San Francisco’s Municipal Transportation System, more commonly referred to as Muni, was hacked. A cryptic message, “You Hacked, ALL Data Encrypted,” scrolled across Muni computer screens around the city on Saturday. As a result of the hack, riders were able to traverse the city free of charge on Saturday.

The message from the hackers responsible for the shenanigans also left Muni officials a contact email so they could inquire about an encryption key, the San Francisco Examiner reports. A Muni worker, who wished to remain nameless, first confirmed the hack to the paper, which was followed by an official statement from Muni spokesperson Paul Rose, indicating that the company was working to resolve the issue but declined to provide any further details.

The machines where riders typically purchase and replenish their fare cards featured hand-written tags that read “out of service” and “free Muni” on Saturday. Unable to charge its customers, Muni offered free rides on its light-rail vehicles. By Sunday morning, most of the ticket machines and gates were back in business.

The first outages were reported on Friday afternoon, but it wasn’t until Saturday that the bulk of the delays (and free rides) started. The extent of the hack, as well as the hacker’s identity, remain a mystery for now. It is also unclear if any other agencies in the San Francisco area were affected.

The hack resembles a form of “ransomware”, which is where a computer system is basically held hostage, with the owners locked out until they send a specific amount of money to the attacker. This type of malware can easily be downloaded by mistake, as most of the time the afflicting email seems very benign.

An individual going by the name of “Andy Saolis” responded to Examiner reporter Joe Fitzgerald Rodriguez, explaining that the incident was less of a hack and more of a ransomware situation. “Saolis” indicated that he spread the malware to Muni. The Examiner also reports that the city’s transit officials would not confirm the identity of the attacker, and according to “Saolis”, transit officials have not yet contacted him.

“Saolis” also told the Examiner that he and his fellow conspirators wanted 100 Bitcoin — or roughly $73,000 U.S. — by Monday to secure the release of the 2,112 remaining afflicted computers.

One unnamed tech expert speculated to the Examiner that the ransomed machines could remain encrypted permanently if the SFMTA doesn’t hand over the money. Currently, it’s still unclear how many computer systems are still compromised and how many of the 8,656 total portals are up and running

Transit services were never down, only the payment system. So far, Muni officials have failed to comment on how the problem was resolved, or the extent of the damage.

However, on Sunday afternoon, Muni’s official Twitter account announced that the organization was back in business.