TechSpot

San Francisco Muni hacker has his email accounts hacked

By midian182
Nov 30, 2016 at 12:45 PM
Post New Reply
  1. In what could be actual evidence that karma does exist, the individual responsible for infecting the San Francisco Municipal Transportation Agency (SFMTA) with ransomware has been hacked.

    Krebs on Security reports that someone was able to breach the email account of the Muni hacker, who calls himself Andy Saolis, using the address left in his ransom note.

    Following the Friday’s attack, computer screens at stations were disabled and displayed the message: "You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 , Enter." Saolis demanded 100 Bitcoins (around $73,000) in exchange for the decryption key.

    An anonymous security researcher contacted Krebs on Monday to say he had hacked Saolis' Yandex mailbox after reading about the incident in an article.

    The avenging hacker managed to guess Saolis’ security question protecting his account, before resetting the password and locking it down. He also locked down a secondary address, cryptom2016@yandex.com, which was protected with the same security question and answer.

    While the SFMTA never paid the ransom, it seems Saolis has extorted plenty of money in the past. His emails revealed that a US manufacturing firm paid him 63 bitcoins (approximately $45,000) to unlock its encrypted files. And a review of more than a dozen Bitcoin wallets indicated victims have handed over $140,000 worth of Bitcoins since August.

    It was also discovered that the hacker used internet addresses based almost exclusively in Iran, and he wrote notes in Farsi, the primary language spoken in the country.

    Whether the Muni hackers continues to extort money from various organizations remains to be seen. At the very least, he’ll probably start picking better answers to his security questions.

    Permalink to story.

     
  2. lipe123

    lipe123 TS Evangelist Posts: 658   +174

    With all that info available why isn't he on trial or something yet?

    Unless of course he actually is from Iran, then we know why.
     
  3. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 332   +130

    A relatively anon email address, a bit coin wallet address, and an obviously fake name, isn't a whole lot of info.
     
  4. RzmmDX

    RzmmDX TS Guru Posts: 304   +59

    Can we stop calling a password reset a hack?

    Might as well call winning the lottery a hack.

    A Life. Hack.
     
  5. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,506   +498

    It is an extremely basic hack if you can get it right, but it's still a hack. It's like to stop calling social engineering hacks... hacks, because it doesn't involve any tech savvyness.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...