The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, "You are Hacked. ALL Data Encrypted." Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location.
On Monday, KrebsOnSecurity was contacted by a security researcher who said he hacked this very same cryptom27@yandex.com inbox after reading a news article about the SFMTA incident. The researcher, who has asked to remain anonymous, said he compromised the extortionist's inbox by guessing the answer to his secret question, which then allowed him to reset the attacker's email password. A screen shot of the user profile page for cryptom27@yandex.com shows that it was tied to a backup email address, cryptom2016@yandex.com, which also was protected by the same secret question and answer.
Live by the hack, die by the hack.
(Score: 1, Insightful) by Anonymous Coward on Sunday December 04 2016, @07:18AM
Live by the hack, die by the hack.
Seriously? Seriously? You're going to equate exploiting a Java vulnerability... with password guessing? One of these things is not like the other, one of these things is not a legit hack. ♫
(Score: -1, Troll) by Anonymous Coward on Sunday December 04 2016, @07:22AM
lolololololololol mess best die rest crash burn burp derpy derp mod me up cuz hackers is an old movie dude bro like whoa
(Score: -1, Flamebait) by Anonymous Coward on Sunday December 04 2016, @07:48AM
derp derp drop yer firewall sose i can hack ya lol
ping ::1
oh snap i is l3333t
(Score: 0) by Anonymous Coward on Sunday December 04 2016, @06:07PM
Where did TFS say the counterhack used similar methods to the original hack? And where was that made a requirement?