New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Hacker Group to Get Free Bus Ride Codes

Public Transport Pirate Association: The hacking group “Public Transport Pirate Association,” have managed to steal codes for free rides from a Manchester England bus company. The hackers stated that they were upset with the prices and the way that public transportation worked. The group noticed that when he purchased a ticket on the application, it could be saved and activated offline at another time. The hackers described that he used Titanium Backup to make a copy of the ticketing application the bus company used which allowed him to reverse engineer the application where he then discovered that the entire app was client-side. After reversing the application, they stated that the private RSA keys that are used to sign the QR code tickets were in the PEM files in the APK. Once he had the RSA keys, they was able to make as many tickets as they wanted. The group released the application in a public statement on the Dark-web, trying to make a point to the public transportation about their high prices. the group used the free tickets for over a year before bringing this public but did not want to release it to the company. They felt that it would make a better statement by giving it to everyone. The group released the source code, which they called Buspiraten, that can be adapted and used against any ticketing application that uses the Corethree middleware.

Analyst Notes

It is split whether or not attackers that find these types of workarounds in systems give them over to the company or release them. In this instance, Buspiraten used the free tickets for himself before making it public and because he initially started the attack because he was upset, it came as no surprise that he did not release it to the company.