Hacker Shuts Down Copenhagen's Public City Bikes System

An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.

Robert'); Drop Table Bicycles;--

[fahrbot-bot]

Bycyklen described the hack as "rather primitive," ...

Obligatory: xkcd

Re:Robert'); Drop Table Bicycles;--

[DontBeAMoran]

Bobby Bicycles? Hey, I know that guy!

What's the motivation? Anonymity?

[shanen]

Mindless vandalism? I'm trying to imagine what could motivate such a crime. What sort of grievance could justify attacking a system that lets people borrow bikes?

Just wants to annoy other people? Maybe he sells cars and he felt the bikes were hurting sales? Maybe he's just a mercenary working for the car salesman? Or maybe the prick did it simply because he could.

There are legitimate uses for anonymity. This is NOT one of them.

Re:Non-functional bikes?

[Zocalo]

There's generally some kind of lock that you need to remove in order to use the bike, not sure about Bycyklen specifically, but usually it's via some sort of bar through the spokes or pedals, or a clamp that achieves the same effect. Alternatively, bikes must be obtained from and returned to specific racks which lock them in place. Either way, unlocking a bike starts your registers your account for usage of a bike, and locking it again ends it. Since Byclyken uses GPS (and lost the GPS data when the DB was wiped, hence the treasure hunt) I'd assume they have the lock on the bike itself.

Re:They have an Android tablet attached to the bik

[ruddk]

Well, it's Denmark, so I if they weren't made to last in rain, they would have have a very short lifespan. Last year was nothing but rain. This year shows promise, crossing fingers.

ZFS

[darkain]

Now imagine if this database were to be stored on a ZFS volume with regular snapshots, and those snapshots were sent to other remote machines for backup... The entire database could have been recovered in minutes with just a few simple commands to re-mount the ZFS partition to a given snapshot, restart the database server software, and you're up and running again...

Oh wait, that's right. I'm too old for tech nowadays. There are all these kids fresh out of college using newfangled technology that don't know two shits about information security or data integrity to even give this a thought in the first place. And thus the cycle continues where us old-hats are "over paid" and forced out of work in favor of these new younger generations of "tech wizards"!

Re:ZFS

[mccalli]

Doesn't seem like they lost anything, the way you're describing it. Here's the initial announcement, and here's the update. Doesn't;'t seem like they lost anything in their database.

What seems to have happened is that the hack has managed to erase the client side. Either poison data/commands has erased the tablet they attach to the bike, or the tablet still has data but is now out of sync with their restored backup. That will be why they're talking about going round rebooting the tablets on the bikes - it's the client side that's wrong, ZFS-nothing - it simply wouldn't have helped.

Re:Usual internet of things screwup?

[apoc.famine]

Or, you know, backup your database and practice your restores on a regular basis....