Slashdot Mirror

← Back to Stories (view on slashdot.org)

With Lawsuit Settled, Hackers Working With MBTA

Posted by ScuttleMonkey on from the how-it-should-be dept.

narramissic writes "The three MIT students who were sued earlier this year by the Massachusetts Bay Transit Authority for planning to show at Defcon how they had had reverse engineered the magnetic stripe tickets and smartcards said Monday that they are now working to make the Boston transit system more secure. 'I'm really glad to have it behind me. I think this is really what should have happened from the start,' said Zack Anderson, one of the students sued by the MBTA."

12 of 90 comments (clear)

  1. What's this? by fewnorms · · Score: 4, Insightful

    Common sense finally prevailing? Has hell frozen over?
    On one hand I'm surprised that the MBTA has decided to work with these guys to make their system more secure, on the other hand I wish this would happen more often instead of the mindless suing that government organizations and other companies seem so fond of.

    --
    Veni, Vidi, Velcro!
    1. Re:What's this? by kimvette · · Score: 4, Insightful

      Government officials have long since forgotten that they are, according to the Constitution, answerable to us, not vice versa. Having said that I am glad things went the way of the students, and it should ALWAYS be the case. I would not consider those students who pointed out a security issue to be evildoers who need punishment. They are citizens or legal residents who are afforded the right to free speech, which includes alerting folks of poor designs implemented by government agencies.

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    2. Re:What's this? by rbrausse · · Score: 3, Insightful

      > Common sense finally prevailing?

      I don't think so, this sounds more like

      "If you can't beat 'em buy 'em"

  2. Re:nothing new by Ethanol-fueled · · Score: 2, Insightful

    YMMV, but they usually won't offer you a job unless (1) you don't cause trouble and (2) you politely let them know about it and (3, optional) you offer a workaround or a fix.

    More likely, if you're caught hacking then you'll be confined to monitored house arrest and unpaid servitude as an FBI snitch-bitch. And that's after making the deal which will keep you out of prison.

  3. It's hush money by NoKaOi · · Score: 5, Insightful

    Okay, so fundamentally, the MBTA's goal is to prevent the kids from making their knowledge public. The kids' goal is probably to make a name for themselves, and maybe do something cool by defeating the MBTA's security.

    The judge threw out the gag ording, which I assume means the kids can legally make the knowledge public (even if they'll be sued later). By "hiring" the kids to make recommendations on their security, everyone saves a bunch of legal costs, the MBTA keeps the kids' from going public with the exploits, and the kids still get to make a name for themselves, and maybe make a few dollars. Everybody wins. That doesn't mean the MBTA actually cares about anything the kids have to say in their recommendations.

    1. Re:It's hush money by Eil · · Score: 2, Insightful

      The kids' goal is probably to make a name for themselves, and maybe do something cool by defeating the MBTA's security.

      Their goals are unknown, so it's not anyone's place to assume. However, the traditional hacker motive has been to discover how a (often closed) system works, figure out if there are any defects, and share the information gained with other hackers and the public. Hackers of all walks (including and perhaps especially open source developers) have a natural distaste for technology whose details are intentionally hidden from them.

      The judge threw out the gag ording, which I assume means the kids can legally make the knowledge public (even if they'll be sued later). By "hiring" the kids to make recommendations on their security, everyone saves a bunch of legal costs, the MBTA keeps the kids' from going public with the exploits, and the kids still get to make a name for themselves, and maybe make a few dollars. Everybody wins.

      No, everybody doesn't win:

      1. The public still doesn't know that their tax dollars were spent on a shoddy system that can be exploited easily.

      2. Regardless of whether the gag order was lifted later, the MBTA still got what they wanted which was to silence the hackers and chill any other research being performed on the system by others.

      3. Hackers in general will continue to be censored by bogus court orders and injunctions whenever some company doesn't want their horribly-designed product described publicly for what it is.

  4. Hack first, ask later? by CannonballHead · · Score: 3, Insightful

    I haven't been able to find it in my brief perusal of the link... does anyone know offhand if the MIT students asked permission first, or if they just did it, planned the talk, and then got in trouble?

    If the former, MBTA is messed up. If the latter, I would have to honestly say that the MIT students should have thought about what they were doing and asked before they decided to hack something and tell others how to do it.

    If someone asked me if they could do a security audit on my house and I said sure, that'd be cool. If they broke in, were going to give a talk about it to some other dudes and THEN I found out about it, I'd be a bit upset, too. Would I want to fix my security, sure, but I'd be kinda mad they did it without asking. Just because you CAN break in doesn't mean you have a right to do it, it's still MY property, not yours...

    1. Re:Hack first, ask later? by Achromatic1978 · · Score: 2, Insightful

      Right, and the fiber switches that they accessed? They were there for the taking, too, right?

  5. SLAPP by Adrian+Lopez · · Score: 3, Insightful

    The Transit Authority's SLAPP lawsuit has served its purpose: it prevented the students from speaking at Defcon. In the end there was no judgment sought, for no judgment was necessary in order that the Transit Authority's wishes be granted in full. The speakers were silenced without trial, and now we're told this should be interpreted as a kind of "happy ending".

    It's not a happy ending. It's sad. Very sad.

    --
    "In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
  6. they did not have permission at all by SuperBanana · · Score: 3, Insightful

    I know this goes against the Slashdot perception of how these "kids" were sweet, innocent little virgins who did no wrong, but:

    • They went into closets they knew they didn't belong in (that's entering/trespass, look it up; it doesn't matter if the door is locked. If it is locked, then it's BREAKING and entering)
    • They used forged documents (IDs) and lied to security officers and T employees to get into MBTA office space (that would be fraud, forgery and uttering)
    • They plugged into the network in those offices (more specifically, meeting rooms) they knew were private and used them to access the MBTA network (computer/network trespass.)

    Then, they used the modified MiFare cards in gates- they had photos showing them using the cards in gates. That's THEFT and FRAUD, people. You can't walk into a bank, cash a fake check for $500, and then publish a paper and say "the banking system is insecure!", and be shocked and amazed when you're charged with forgery and uttering.

    --
    Please help metamoderate.
  7. Re:should have happened from the start by Anonymous Coward · · Score: 3, Insightful

    Thank you! You have just captured the central hypocritical ideology of Slashdot:

    "Information yearns to be free! Unless, of course, its my information, which must be protected at all costs!"

  8. Re:So get rid of the officials by RyuuzakiTetsuya · · Score: 2, Insightful

    So California's Prop 8 was wisdom?

    --
    Non impediti ratione cogitationus.