

MyBART Hacked By Anonymous - llambda
http://www.djmash.at/release/users.html

======
ajays
Let me get this straight. Anon claims the government doesn't give a fuck about
me. So they come in and punch me in the face, and then say, "see, the
government didn't care about you". This is like walking up to a person who's
getting raped, and kicking them in the head while they're down.

How does further abusing the citizens somehow make the original point that the
government is abusing the citizens?

Here's a pro-tip, Anon. If you are really interested in "fighting abuse" by
the government, then don't further aggravate the situation. Do something that
resembles fighting back, or somehow protects the people getting abused.

~~~
swaits
Why do you think leaving this unpublished would have made the data any more
private?

~~~
aphyr
Privacy is a matter of visibility, not compromisability. Ultimately, almost
_anything_ you do _can_ be observed, shared, and exploited. The reason we lead
any semblance of a private life is a combination of a lack of interest,
goodwill, and a low reward/cost ratio.

Publishing this data like this puts it on google and in the media. That makes
it a.) highly visible and b.) extremely cheap. Therefore, less private.

------
potatolicious
Way to miss the point, Anon. In one of the incidents they talked about the
suspect _did_ have a gun and reportedly _did_ shoot at police. I mean
seriously, do they really think the police are in the habit of shooting people
over fare evasion?

I'm no fan of police, and I support protest groups - but there's a difference
between protesters with a grievance, and hooligans looking for an excuse. From
what I've seen, previous BART protests have been more the latter than the
former.

I am sick and tired of "anarchists" subjugating every legitimate cause under
the sun so they can have an excuse to deface and destroy. Not only is what
they do juvenile and unproductive, but their presence taints what are
otherwise very legitimate and important grievances and seriously compromises
public opinion and support of these causes.

There is not a single group I despise more than your average black bloc
"anarchist protester". I'm disappointed (but unsurprised) that Anon has
confused real protesters with these guys, too.

~~~
true_religion
> I am sick and tired of "anarchists" subjugating every legitimate cause under
> the sun so they can have an excuse to deface and destroy. Not only is what
> they do juvenile and unproductive, but their presence taints what are
> otherwise very legitimate and important grievances and seriously compromises
> public opinion and support of these causes.

If they're actually anarchists---as in those who despise governance in any
form--its absolutely appropriate that they attack all the arms of the
government, even the innocuous ones that do nothing but bring joy and
happiness into the lives of people.

------
phxrsng
Makes absolutely no sense. MyBART isn't even related to BART, its a site to
find activities that you can take the BART to.

Of course, I don't expect much more from Anonymous.

~~~
duskwuff
I believe it's run by BART, but it's basically just a groupon-ish service for
cross-promotions between local businesses and BART.

Incredibly lame, either way.

------
supersillyus
These sort of actions always seem to me like, "See, I was able to enter your
home at night and punch you in the face. Now you know how bad your police are
at defending you. I'm making you aware of this for your own good."

Gee. Thanks.

~~~
j_baker
More like "See, I was able to enter your house. Now I'm going to mail a copy
of the key to thousands if not millions of people. Oh, and since you probably
use the same key for your house, office, and car, they'll also have access to
those. But it's not my fault. It's the government's."

...but I get your point. :-)

~~~
27182818284
They didn't just choose anyplace, though. They specifically chose the mybart
site because of the BART's recent actions. They even say this on the page.
That is very different.

------
chromejs10
This is really pathetic by anon. They are exposing normal people's user names
and passwords that now anyone can use with bad intentions on other sites. This
isn't an "f you" to Bart, it's hurting normal people.

Side note, Bart shouldn't be storing these passwords as plain text...

~~~
swaits
Since the data was relatively unsecured, why do you think that only now, after
being published, it'll be used with bad intentions?

~~~
borski
Because if you hand a burglar the key to a home, he's far more likely to steal
from that home than any other one, even if another had the door left wide
open.

------
Andi
They want to help the people. OK. Then they publish their user data (including
passwords) to demonstrate their childish pride. NOT OK. The hacker children
don't do it right. They don't understand that their own quality of life is
still depending on the very existing government and institutions that are
existing. They don't dare to cherish what exists and it seems that they want
to rush into a new war. But they are trapped in the net that they didn't
create.

------
chimerical
What exactly does it solve to list customer contact info from mybart.gov?

~~~
chrischen
They're hurting BART's (security) reputation at the expense of innocent
bystanders.

------
chao-
Definitely a strange choice, as many people have said. Missed the mark by a
longshot, but if some media outlets get on this you might have a handful of
already angry/frustrated people getting even more angry/frustrated at BART for
exactly what was described here.

Although this is yet another example of golfclap-worthy choices made by those
tasked with implementing the security of a government or government-affiliated
website. Presumably utype_id of 0 has some unique quality, given that there
are only two of them and they both have the only ids under ten thousand:

Name: Partner Partner Email: partner@interactivate.com Password: partner

Name: dev team Email: devteam@interactivate.com Password: admin123

Please excuse the mote of speculation involved in this, as I can't be certain
that anything is indeed special about those accounts. But these days, if there
is anything at all unique or administrative about those accounts, you can't
encounter passwords like that and expect the site to be well-designed or
secure in other areas.

~~~
xyzzyz
_Definitely a strange choice_

I think it was (as it usually is) more of an _opportunity_ than a _choice_.

~~~
chao-
True enough. Much like how LulzSec's government targets were rural police
forces and the like, with little in the way of security considerations.

------
zabraxias
Without going into the ethics or the police action I am guessing that BART
paid a sizable sum to get the website done by a company that can't protect
against SQL injections.

This reminds me of my building's condo board paying 30k for a "community
portal" website that could've been done in one afternoon (and still wasn't
done right).

------
Mithrandir
They also defaced their website: <http://i.imgur.com/whglp.png>

~~~
sorbus
It also seems like they may have replaced some of the questions and answers in
their FAQ - either that or the person who originally wrote the questions was
amazingly snarky, especially with the ones near the bottom of the list (the
last item on the list is a link to Anon's page, which supports this
hypothesis).

------
unkoman
They got your attention, that's all they want.

------
sakopov
Man, I remember 10 years ago SQL injection was a thing for 14-year-old
teenagers to waste time on. I guess they grew up and call themselves hackers
these days. But, to be on topic, i really hope these people enjoy having their
personal information displayed by a gang of internet criminals. Justice
served!

------
markyc
exposing "civilian"'s private data doesn't help their PR

no soup for you!

