Anonymous leaks BART data - prepares for a Bay of Rageby Steve Ragan - Aug 15 2011, 04:15
Protesting the actions taken by the operators of the Bay Area Rapid Transit (BART) system, Anonymous has kicked off Operation BART. The operation has three phases according to details sent to the press, but when DDoS failed, participants took to raiding databases and leaking the personal information of 2,000 people.
On Thursday, BART switched off access to voice and data services, from all of the major cellular carriers, including AT&T, Verizon, Sprint, and T-Mobile. The shutdown was in response to plans to use mobile devices to coordinate protests during the evening commute.
“[The protest organizers]…stated they would use mobile devices to coordinate their disruptive activities and communicate about the location and number of BART Police….BART temporarily interrupted service at select BART stations as one of many tactics to ensure the safety of everyone on the platform,” a statement from BART said.
“Cell phone service was not interrupted outside BART stations. In addition, numerous BART Police officers and other BART personnel with radios were present during the planned protest, and train intercoms and white courtesy telephones remained available for customers seeking assistance or reporting suspicious activity.”
While that may be true, those outraged by BART’s actions were quick to note that it would have done little during the chaos of a major emergency. Moreover, cutting off carrier access not only prevented commuters from contacting emergency services on their own, but also loved ones, if such a need had been established.
However, to justify their actions, BART authorities noted that gatherings and protests can only to take place in designated areas, otherwise:
“No person shall conduct or participate in assemblies or demonstrations or engage in other expressive activities in the paid areas of BART stations, including BART cars and trains and BART station platforms.”
The protest that had BART concerned centered on the shooting death of 45-year-old Charles Blair Hill. The alleged homeless man is said to have thrown a vodka bottle at BART officers and charged at them with a knife. At this point, according the BART, deadly force was justified.
In 2009, BART also came under fire for the killing of an unarmed passenger. On New Year’s Eve day, BART officer Johannes Mehserle murdered Oscar Grant, after responding to reports of a fight in an Oakland BART station. Grant was being restrained by another officer when Mehserle shot him in the back.
Grant died the following morning. Later, Mehserle was convicted of involuntary manslaughter, sentenced to two years. He was released in July on parole.
“BART has proved multiple times that they have no problem exploiting and abusing the people...Under no circumstance, unless police are shot at, make police killings acceptable.(sic) Non-lethal weapons were available to use during both incidents, providing even that was necessary, but instead they shot to kill,” a statement from Anonymous said.
Anonymous’ Operation BART is protesting both the shootings and the cellular service shutdown. According to details provided to the media, the first phase of the operation includes email bombs and black faxes, in order to “fill every inbox and fax machine at BART with thousands of copies of our message that this outage was unacceptable.”
After that, there was a planned DDoS attack, set to remove BART.gov from the Internet for a period of six hours on Sunday. The third phase of Operation BART is a live protest on Monday, at the Civic Center Bart Station.
At 5:00 p.m. Anonymous supporters are encouraged to wear “blood red” shirts as they protest, “for remembrance to the blood that is on the hands of the BART police.”
However, due to the distributed hosting used by BART, the DDoS part of the operation failed. “You can’t DDoS a Cloud Hosted Network,” one participant in the operation explained.
“Even if you did get [one server] down, it would pop to a new node, and you can continue until they run out. Even if that is the case, they will add more nodes. It’s like trying to drive to the end of the sea, it just won’t happen.”
In response to the failed DDoS, the domain MyBART.org was defaced by Operation BART’s participants, and personal information, including the names, some addresses and phone numbers, email addresses and passwords of 2,003 people, were leaked to the public.
“The data was stored and easily obtainable via basic SQLi. Any 8-year-old with an Internet connection could have done what we did to find it. On top of that none of the info, including the passwords, was encrypted…,” a statement with the released data explained.
“Thus below we are releasing the User Info Database of MyBart.gov, to show that…the people will not allow you to kill us and censor us. This is but the one of many actions to come. We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn't secure with them.”
In addition to the defacement of MyBart.org, a second site, californiaavoid.org, was also defaced.
Operation BART participants who plan to arrive at the Civic Center Bart Station on Monday were told to remember the phone number for the National Lawyers Guild, or write it in permanent marker on their arms.
Those planning to protest are well aware that they could be arrested, and others are split on whether they should wear their Guy Fawkes masks, something that is sure to draw attention. Moreover, they are being reminded to remain peaceful, and not to incite any trouble.
The ACLU weighed in on the BART protest as well, commenting on Friday that shutting down cellular access was a bad decision.
“All over the world people are using mobile devices to organize protests against repressive regimes, and we rightly criticize governments that respond by shutting down cell service, saying it’s anti democratic and a violation of the right to free expression and assembly. Are we really willing to tolerate the same silencing of protest here in the United States?”
Around the same time, the EFF compared BART’s actions to those of Mubarak in Egypt.
“…cutting off cell phone service in response to a planned protest is a shameful attack on free speech. BART officials are showing themselves to be of a mind with the former president of Egypt, Hosni Mubarak, who ordered the shutdown of cell phone service in Tahrir Square in response to peaceful, democratic protests earlier this year.”
“Cell phone service has not always been available in BART stations. The advent of reliable service inside of stations is relatively recent. But once BART made the service available, cutting it off in order to prevent the organization of a protest constitutes prior restrain on the free speech rights of every person in the station, whether they’re a protestor or a commuter. Freedom of expression is a fundamental human right. Censorship is not okay in Tahrir Square or Trafalgar Square, and it’s still not okay in Powell Street Station.”
We'll follow the protests, and update this story with new information as we get it.