With lawsuit settled, hackers now working with MBTA
Three Massachusetts Institute of Technology students who were sued earlier this year by the Massachusetts Bay Transit Authority (MBTA) said Monday that they are now working to make the Boston transit system more secure.
The announcement brings to a close a high profile case that pitted the rights of security researchers to freely discuss their findings against the concerns of one of the country's largest transit systems, which worried that this type of information could lead to widespread ticket fraud. "I'm really glad to have it behind me. I think this is really what should have happened from the start," said Zack Anderson, one of the students sued by the MBTA.
Anderson, along with Russell "RJ" Ryan and Alessandro Chiesa, was prevented from giving a talk entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon hacker conference last August.
The students had planned to show that they had reverse engineered the MBTA's CharlieTicket magnetic stripe tickets and CharlieCard smartcards. The CharlieCard uses the same Mifare Classic RFID (radio frequency identification) technology that was cracked earlier this year by security researchers.
The MBTA had argued that the presentation could have caused "significant damage" to the transit system, but the students had said that they had no intention of releasing key pieces of information that would have allowed people to hack the system.
On Aug. 19, a judge threw out the MBTA's gag order, but the transit authority could have brought new motions against them, and so the case had been hanging over the MIT researchers.
The settlement ends the matter in an amicable way. "For professional reasons and for public interest reasons, the students wanted to help the MBTA," said Jennifer Granick, a lawyer with the Electronic Frontier Foundation who represents the students.
The case against the three was finally settled on Oct. 7, but this was not publicly announced until Monday, because it took two months for all parties to schedule a public announcement of the settlement, Granick said. The researchers met with MBTA technical staff on Oct. 21 to discuss their findings and are working to improve the transit authority's fare collection system, she added.
The MBTA could not be reached immediately for comment.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
mit
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
