Public Transport Pirate Association: The hacking group “Public Transport Pirate Association,” have managed to steal codes for free rides from a Manchester England bus company. The hackers stated that they were upset with the prices and the way that public transportation worked. The group noticed that when he purchased a ticket on the application, it could be saved and activated offline at another time. The hackers described that he used Titanium Backup to make a copy of the ticketing application the bus company used which allowed him to reverse engineer the application where he then discovered that the entire app was client-side. After reversing the application, they stated that the private RSA keys that are used to sign the QR code tickets were in the PEM files in the APK. Once he had the RSA keys, they was able to make as many tickets as they wanted. The group released the application in a public statement on the Dark-web, trying to make a point to the public transportation about their high prices. the group used the free tickets for over a year before bringing this public but did not want to release it to the company. They felt that it would make a better statement by giving it to everyone. The group released the source code, which they called Buspiraten, that can be adapted and used against any ticketing application that uses the Corethree middleware.
Intro The Binary Defense threat hunting team are experts on today’s threat actor groups. In