China-backed Hackers Break into New York's Subway System - What Happened?

When people hear the word "cyberattack," they probably tend to think about transportation systems going haywire, infrastructure collapsing, and regular consumers suffering at the hands of invisible villains like in an action movie. In reality, however, things are a lot more low-key. It is far more likely to find out about a hack after it has already been thwarted. The best example of that is the hacker attack against the Metropolitan Transportation Authority in New York that was carried out in April but did not become public until June two months later.

What Did the Hackers Do?

How is it possible that such hacking attempts do not become well-known almost immediately? Well, that happens because they do not affect actual customers, and those attempts do not cause substantial damage. As far as the attack against the M.T.A. is concerned, reportedly, the hackers did not manage to gain access to systems that have control over actual trains. The fact was that there was an intrusion, as a foreign actor managed to enter the systems. Luckily, comprehensive security messages managed to control the attack. As a result, the hackers could not collect sensitive employment information or compromise M.T.A. accounts.

Nevertheless, this leaves more than one question unanswered. First, the attack was carried out through a backdoor. It means that somehow the hackers managed to plant a malicious program inside one of the M.T.A. systems, and through that program, the criminals gained access to the network. It means that there is always a chance that the same technique could be used again to infiltrate either the M.T.A. or other important infrastructure networks, and organizations cannot let their guard down.

Second, there is clearly a tendency to target important infrastructure entities within the United States. The motivations behind these attacks may differ, but the increasing frequency of such hacking attempts is more than worrying.

The Developing Scope of Cyberwarefare

Just last month, cybercriminals managed to shut down Colonial Pipeline, one of the nation’s largest pipelines, which led to a fuel shortage and the gas price rise across the East Coast. As far as transportation systems are concerned, the M.T.A. is not the first infrastructure hit by hackers. The Southeastern Pennsylvania Transportation Authority was hit by an attack in August 2020, and the San Francisco public transit system was hit by a ransomware attack in 2016. There are also regular reports about hackers targeting healthcare organizations and other infrastructure entities, but here we would like to point out that the hack attacks can be different in their nature.

Let’s say the Colonial attack, as an example. The operations of the group behind the attack, DarkSide, are based purely on profit. Thus, even though the group is said to be based in Eastern Europe, it has vehemently denied any involvement of the Russian government in their operations. The attack on the M.T.A., however, seems to have been performed by state-backed hackers from China. If that is really the case, then the M.T.A. attack is a staple example of cyberwarfare that has been rampant for years now. Since we still have not seen great impacts of such activities on the public, the general population, for the most part, is quite oblivious to what is going on.

Researchers agree that it is hard to say what exactly the hackers wanted from the M.T.A. attack. The fact is that the attack did take place, but no further details have been released so far, seeing how the investigation is still ongoing. One of the theories is that the attack is a way for China to display some flexing when it tries to push for dominance in the railcar market. If the attack had been carried out under the orders of the state, it is possible that the hackers could have been looking for information that could have resulted in lucrative contracts for China-owned companies. In a sense, the attack could have been a type of cyberespionage.

It remains clear that the general public is not aware of a great number of cybercrime activities that go down behind the scenes. If we’re lucky and the comprehensive security measures employed by companies do not fail, the public will remain safe and blissfully unaware. However, we can also expect the frequency of cyberattacks against the sensitive infrastructure to continue to increase, looking for access into vulnerable systems. Therefore, public entities and private enterprises should not overlook cybersecurity measures when they set up and maintain their systems. Reportedly, it cost around $370,000 for the M.T.A to respond to the intrusion, but the stakes can always go higher with the malevolent intention involved.