Last August I wrote a couple posts (Sorry Charlie...Youve Been Hacked and Sorry Charlie...The Cat's Outta the Bag) about the three MIT students that hacked into Boston's subway payment card system. (CharlieCard)
They had planned to present their findings at Defcom, but instead were sued by the Massachusetts Bay Transit Authority. The MBTA took legal action just before the students were scheduled to discuss: "generating fare cards","reverse-engineering magnetic stripes", and "hacking the RFID technology in the cards".
Instead, a judge issued an injunction ordering them to refrain from doing so. Now they've been "hired" by the MBTA. Ironically, yesterday I wrote a post entitled "Who Says Crime Doesn't Pay" and today, I saw this article that the MBTA had "hired" the three hackers who broke into their system.
So apparently it also pays to hack into a system and threaten to publicly share the results in a presentation at a hack convention.
It's a different world out there...the only "Hack" I ever heard of as a kid was "Hack Wilson" who set the record for most RBI's in a season (191) in 1930 for the Chicago Cubs.
Anyway, it's been an interesting turn of events so here's a follow up on the Sorry Charlie series from Yahoo news.
SAN FRANCISCO - A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system's payment cards have agreed to partner with transit officials there to make the system more secure.
The Electronic Frontier Foundation announced the agreement Monday, two months after the Massachusetts Bay Transportation Authority dropped a lawsuit against the students, who were represented for free by the EFF, a civil-liberties group that frequently takes up cases involving security researchers and computer hackers. The transit agency had sued to stop the students from presenting findings at a computer-security conference.
The students — Zack Anderson, R.J. Ryan and Alessandro Chiesa — have argued all along they were trying to help the MBTA by giving it advance notice of their planned talk last summer and keeping specific details of their hack secret. But the MBTA worried of widespread fare fraud if students discussed how they were able to add hundreds of dollars in value to MBTA's two primary payment cards — CharlieCard and CharlieTicket.
Before they could take the stage at the DefCon hacker conference in Las Vegas in August, the students were slapped with a lawsuit and a restraining order preventing them from giving the talk. Everyone found out what they were going to say anyway: All 87 slides of the students' presentation were already online, having been given out to conference attendees on CDs before the lawsuit was filed.
The MBTA argued it needed time to fix the problems, but the issue touched off a legal battle about whether the students' free-speech rights were violated and prompted the EFF to take up the students' case.
The judge eventually lifted the gag order and the transit agency dropped its lawsuit in October. The two sides have been working since then on how they would collaborate to make the fare system more secure and have the students' work taken seriously, said Jennifer Granick, the EFF's civil liberties director.
They had planned to present their findings at Defcom, but instead were sued by the Massachusetts Bay Transit Authority. The MBTA took legal action just before the students were scheduled to discuss: "generating fare cards","reverse-engineering magnetic stripes", and "hacking the RFID technology in the cards".
Instead, a judge issued an injunction ordering them to refrain from doing so. Now they've been "hired" by the MBTA. Ironically, yesterday I wrote a post entitled "Who Says Crime Doesn't Pay" and today, I saw this article that the MBTA had "hired" the three hackers who broke into their system.
So apparently it also pays to hack into a system and threaten to publicly share the results in a presentation at a hack convention.
It's a different world out there...the only "Hack" I ever heard of as a kid was "Hack Wilson" who set the record for most RBI's in a season (191) in 1930 for the Chicago Cubs.
Anyway, it's been an interesting turn of events so here's a follow up on the Sorry Charlie series from Yahoo news.
SAN FRANCISCO - A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system's payment cards have agreed to partner with transit officials there to make the system more secure.
The Electronic Frontier Foundation announced the agreement Monday, two months after the Massachusetts Bay Transportation Authority dropped a lawsuit against the students, who were represented for free by the EFF, a civil-liberties group that frequently takes up cases involving security researchers and computer hackers. The transit agency had sued to stop the students from presenting findings at a computer-security conference.
The students — Zack Anderson, R.J. Ryan and Alessandro Chiesa — have argued all along they were trying to help the MBTA by giving it advance notice of their planned talk last summer and keeping specific details of their hack secret. But the MBTA worried of widespread fare fraud if students discussed how they were able to add hundreds of dollars in value to MBTA's two primary payment cards — CharlieCard and CharlieTicket.
Before they could take the stage at the DefCon hacker conference in Las Vegas in August, the students were slapped with a lawsuit and a restraining order preventing them from giving the talk. Everyone found out what they were going to say anyway: All 87 slides of the students' presentation were already online, having been given out to conference attendees on CDs before the lawsuit was filed.
The MBTA argued it needed time to fix the problems, but the issue touched off a legal battle about whether the students' free-speech rights were violated and prompted the EFF to take up the students' case.
The judge eventually lifted the gag order and the transit agency dropped its lawsuit in October. The two sides have been working since then on how they would collaborate to make the fare system more secure and have the students' work taken seriously, said Jennifer Granick, the EFF's civil liberties director.
0 comments