From Bits to Bodies: Anonymous Follows BART Hack with Rally
The hacktivist collective is urging people to crowd a San Francisco station at rush hour
As we predicted on Friday, BART has traded in the relatively manageable disruption of an evening's protests for a much larger headache as Anonymous and online activists take aim online and in person. The Bay Area Rapid Transit System is hunkering down for what looks like a protracted fight over its decision last week to shut down cell phone service at stations where demonstrators had planned protests over the May 3 shooting of Charles Hill by BART transit police. On Sunday Anonymous called on protesters to rally at San Francisco's Civic Center Station on Monday to condemn the cell phone service-blocking. The 5 p.m. demonstration corresponds to rush hour, and the call to action encouraged attendees to come drenched in fake blood, "for remembrance to the blood that is on the hands of the BART police."
Anonymous sent emails announcing the protest to the 120,000 addresses on a list it took from BART's site. The transit agency asked the FBI to start an investigation into a cyber attack. The agency said on Monday it was expecting more attacks on its websites after Anonymous took down the site MyBART.org on Sunday and released user emails and passwords. As of Monday afternoon the site still had not been restored. BART has refused to say whether it will block cell signals again on Monday, but on Monday it defended its right to do so, as Anonymous activists prepared a technological workaround to the service outages.
At the center of the activists' complaint with BART is the idea that the publicly funded agency is censoring free speech. "We will not tolerate censorship," Anonymous wrote in a statement. "We will do everything in our power (we are legion) to parallel the actions of censorship that you have chosen to engage in." But BART said through a spokesman on Monday that the First Amendment did not cover train platforms.
"The platform area is deemed a non-public forum," BART spokesman Linton Johnson said. "A public forum area, which is outside the fare gates, you are allowed to exercize your right to free speech as long as you don't interfere with peoples' ability to get from Point A to Point B or interfere with their Constitutional right to safety. Outside the fare gates, that's the public forum area. Inside the fare gates is a non-public forum and by law, by the Constitution, the U.S. Supreme Court, there is no right to free speech there."
Johnson refused to say whether BART would shut down cell service tonight but told local news station KRON that the agency had the right to do so. In case it does, Anonymous is instructing protesters to download an Android app called Auto-BAHN, which "allows for near-field communication, sans cellular network service, using Bluetooth and WiFi," NBC Bay Area reported on its blog Monday. It "allows for phones to create an ad-hoc message passing network during disasters."
As Anonymous advocates on Twitter for its followers to attend the demonstration, or to flood BART fax, phone, and email addresses with messages of protest, the Associated Press reports that its attack on MyBART.com wasn't difficult to pull off.
Computer experts said the hackers appeared to exploit an obvious hole in the site's security. BART pays another company to operate the website that offers subscribers discounted tickets and keeps them apprised of events planned by the transit agency.
"I don't think Anonymous worked very hard," said Josh Shaul, chief technology officer of Application Security Inc., a New York-based data base security company. "This appears to be a low-tech attack. It's really very trivial to find these vulnerabilities."
The agency has stressed that its public sites run on a different set of computers than its trains, so the attacks don't pose a danger to riders. But they could still threaten inconvenience for those who look up schedules and buy tickets online. The agency said no credit card information had been compromised, but it nonetheless included contact information for the three main credit rating agencies in its statement about the MyBART hack.