The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.
Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland, and would be published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid.
In the message, the hackers claim that they previously contacted the tram operator about security vulnerabilities and were aggrieved that they received no response.
The hackers were successful in getting Transdev’s attention this time, as proven by an official tweet to commuters this morning warning that they should not visit the affected website.
The defacement message itself appears to have been harmless, but the fact remains that if hackers were able to change the content displayed when web users visited the site’s homepage they could just have easily abused the domain to distribute malicious code or attempt to phish for sensitive information.
The Luas website has since been taken offline, as engineers review its security. There is no indication presently that the public transport operator has any plans to pay the extortionists any money.
And there’s also no public evidence – at this stage at least – that anything untoward has happened other than a defacement of a website.
The good news is that there has been no service impact on Luas. The only inconvenience for travellers is that they may find it trickier to look up information about when a tram leaves – rather than left waiting for a tram that never arrives.
Furthermore, the Luas website, luas.ie, is an informational site which only offers travel advice and (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/hackers-demand-ransom-luas-website-defaced/