Luas Hacked

begbysback

So the Luas website has been hacked - message can be seen when you search Luas

Thing is they’ve asked for 1 bitcoin, apparently the hackers were trying to help but were ignored, they didn’t like this so took the site down.

1 measley bitcoin, personally I would ask for 1 million dollars, a helicopter to escape, and demand that busses show up on time.

What would you ask for?

Old Perry

Caviar in the 1st carraige.

s3rtvdbwfj81ch

mickoneill31

begbysback wrote: »

So the Luas website has been hacked - message can be seen when you search Luas

Thing is they’ve asked for 1 bitcoin, apparently the hackers were trying to help but were ignored, they didn’t like this so took the site down.

1 measley bitcoin, personally I would ask for 1 million dollars, a helicopter to escape, and demand that busses show up on time.

What would you ask for?

It depends. Did the hackers really get confidential information or did they just manage to deface the site? They might be bluffing so asking for a large fee just means their bluff would be called. Asking for a small fee means that a company will probably just pay it rather than take the chance.

Or they might not be bluffing.

EdgeCase

1 bitcoin is €3385. That’s not a pittance and if you pay out you’ve no guarantee that your data will be recovered or they they won’t just come back for more.

I don’t think the Luas site does anything interactive anyway so it will probably made more secure and the content restored from backups.

KevinCavan

They have no money for Bitcoin after the court case with the Luas surfer.

vectorvictor

Suppose the main concern here is that the website processes payments for fixed penalty notices.

That one person who's ever paid it must be quaking.

Aside from that what is there to release? A bunch of complaints from the web form?

Franz Von Peppercorn

There’s some intermediate secure server up there now.

If the guy emailed them then shouldn’t be too hard to find them.

RobbingBandit

Stick a 1 and 2 zeros in front of that 1 bitcoin and we have a deal, LUAS ain't got no security now, let's all jump on board.

EdgeCase

Looked at the Wayback Machine archive snapshot of the site and it does have quite a bit of data gathering going on but that doesn't mean any of the databases were accessed.

It has a facility for paying standard fare notices (fines) as well as accessing tax saver and also a log in for subscribing to updates.

These scans can just be spoofing after defacing the site, hoping that some companies pay out.

myshirt

I'd demand every driver to take a 30% paycut. I'd love to say 50% out of emotion given the neck of these people, but mature me knows a reasonable person with financial sense couldn't argue the overpayment in salary is beyond c. 30%.

Still quite a large overpayment in salary nevertheless.

fxotoole

begbysback wrote: »

So the Luas website has been hacked - message can be seen when you search Luas

Thing is they’ve asked for 1 bitcoin, apparently the hackers were trying to help but were ignored, they didn’t like this so took the site down.

1 measley bitcoin, personally I would ask for 1 million dollars, a helicopter to escape, and demand that busses show up on time.

What would you ask for?

Pfffft. Feck that. I’d rather hack the Leap card and get free travel for life

mightyreds

Hope his first email to them wasn't from is personal/work address

vectorvictor

mightyreds wrote: »

Hope his first email to them wasn't from is personal/work address

Probably an @luas.ie one judging by how hard done by they all seem to feel in there

Franz Von Peppercorn

myshirt wrote: »

I'd demand every driver to take a 30% paycut. I'd love to say 50% out of emotion given the neck of these people, but mature me knows a reasonable person with financial sense couldn't argue the overpayment in salary is beyond c. 30%.

Still quite a large overpayment in salary nevertheless.

Mother ireland is rearing them yet. No idea what they are earning but it’s agreed between a private company and it’s workers.

VinLieger

What was the website used for that security becomes an issue? All i was aware it had on it was timetables, announcements and info on how to use the luas etc

s3rtvdbwfj81ch

fine payments

vectorvictor

Wonder if the trams are better protected

Bit of a drought going on so kind of fancy an opportunity to morph into Keanu Reeves and come to a screeching halt in a tender embrace... at Fatima

begbysback

EdgeCase wrote: »

1 bitcoin is €3385. That’s not a pittance and if you pay out you’ve no guarantee that your data will be recovered or they they won’t just come back for more.

I don’t think the Luas site does anything interactive anyway so it will probably made more secure and the content restored from backups.

1 bitcoin is 3385 today, Luas have 5 days to pay, I say hold out for as long as possible, bitcoin could drop to 14c by then

MarkR

I wonder what their disaster recovery procedure is. Or if they have one.

Never mind, seems to be back up. Looks like they were able to scrub the live site and restore from a backup.

seamus

1 BTC isn't very much, I wonder is it a 14 year old looking to get a few grand, or someone misguided but well-meaning trying to "get serious" about the security flaws.

Either way, he has exposed himself to a couple of crimes which aren't worth the risk for 4 grand.

I wouldn't have asked for money at all, I simply would have given the media some anonymised data which proves the breach and information to the Luas operators on how to fix it.

orourkeda1977

begbysback wrote: »

So the Luas website has been hacked - message can be seen when you search Luas

Thing is they’ve asked for 1 bitcoin, apparently the hackers were trying to help but were ignored, they didn’t like this so took the site down.

1 measley bitcoin, personally I would ask for 1 million dollars, a helicopter to escape, and demand that busses show up on time.

What would you ask for?

Perhaps you might want to think about hacking dublin bus' website.

begbysback

orourkeda1977 wrote: »

Perhaps you might want to think about hacking dublin bus' website.

That was a decoy, while the law are checking all the buses for a suspect I’ll be in the helicopter and driving my new car.

razorblunt

I was expecting a carriage to running loose down Stephen's Green. This story is a let down.

oLoonatic

Have we not got to a stage now where people understand that cyber security is massively important!

Hoboo

It's only 3000 odd, but do that to 5000 sites.

Tow

vectorvictor wrote: »

Wonder if the trams are better protected

Running Windows XP!

Badly Drunk Boy

begbysback wrote: »

That was a decoy, while the law are checking all the buses for a suspect I’ll be in the helicopter and driving my new car.

The helicopter sounds like a good idea initially, but it's only a matter of time before the rotors get tangled in the Luas tracks. I've said it before and I'll say it again: Luas helicopters are a bad idea.

Rawr

From the title I thought that someone had hacked into an actual Luas, and was now driving it around Dublin like a little cyber-hooligan.

...I'm a little disappointed....

s4uv3

I'm still sickened that I didn't buy any cheap bitcoins :rolleyes:

900913

MarkR wrote: »

I wonder what their disaster recovery procedure is. Or if they have one.

Never mind, seems to be back up. Looks like they were able to scrub the live site and restore from a backup.

Restoring from a backup would put the original vulnerability back onto the website.

MarkR

900913 wrote: »

Restoring from a backup would put the original vulnerability back onto the website.

Would hope they'd patch in test environment before hand.

Eire Go Brach

Phishing email is how they got hacked.
Backups got encrypted to.
They were Russian hackers and Transdev paid between 30 and 50 thousand.

They kept upping it. Eventually Transdev told them to fook of literally. Turned into a bit of stand off. Nervous wait for Transdev. But the keys arrived a few hours later.

Atlantic Dawn

Sets a bad precident paying them, only encourages it. I suppose lesson learnt and additional security measures will be in place so it doesn't happen again.