MIT Students Who Hacked Boston Subway Silenced; Report Gets Out Anyway

By Andrew Moseman | August 11, 2008 1:36 pm

SubwayThree MIT undergraduates who found weaknesses in the fare cards for Boston’s subway system had planned to give a talk about their work at a hackers’ conference in Las Vegas this weekend. But on Friday the Massachusetts Bay Transit Authority sued the students and MIT to stop the speech, and on Saturday morning a federal judge slapped the students with a 10-day restraining order to keep their mouths shut.

The MBTA said that they needed time to investigate the student’s claims, and if they were true, to try to correct them before sensitive information got out via the students’ slide show presentation. One slide explains that the presentation would teach attendees how to generate fare cards, reverse engineer magnetic stripes on cards and hack radio frequency identification (RFID) cards. The next slide says: “And this is very illegal! So the following material is for educational use only” [AP].

Zack Anderson, one of the students in question, said he and his colleagues contacted MBTA to talk about their findings so transit officials could figure out how to respond. “We felt like the issue was resolved. That was verbally affirmed in a Monday meeting. Then Friday we find out there’s a federal lawsuit against us” [Boston Herald]. The students also said they planned to leave out key bits of information that would’ve allowed people to steal free subway rides.

The case took a couple more turns over the weekend. An Internet civil liberties organization called the Electronic Frontier Foundation took up the students’ case, saying the judge had erred in allowing a gag order. The students missed their speaking time yesterday thanks to the restraining order, but EFF says it plans to keep fighting the injunction.

In the end, the MBTA likely brought more publicity to their woes than they ever would’ve received if they’d just let the students be. In a declaration to the courts, the MBTA publicly released a “vulnerability assessment” they received from the students on the day of the lawsuit, which seemed to defeat the whole purpose of suing the students to begin with: Ironically, the document reveals more about the vulnerability in the MBTA system than the slides that the restraining order sought to suppress contain [Wired]. (You can read it here [pdf]). And if you were curious about the slide show, The Tech, MIT’s student newspaper, published it online [pdf] for all to see.

Image: flickr/SignalPAD

CATEGORIZED UNDER: Technology
  • Charles

    Ever since the MBTA filed the lawsuit which put the vulnerability assessment into the public domain, I’ve been more interested than ever in how CharlieCards and CharlieTickets work. The MBTA brought far more publicity to their grave vulnerabilities than the talk at DEF CON would have. The MBTA made a poor legal and business decision to stop the talk.

NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

80beats

80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.
ADVERTISEMENT

See More

ADVERTISEMENT
Collapse bottom bar
+

Login to your Account

X
E-mail address:
Password:
Remember me
Forgot your password?
No problem. Click here to have it e-mailed to you.

Not Registered Yet?

Register now for FREE. Registration only takes a few minutes to complete. Register now »