BOSTON (CN) – Three MIT students who claim they broke the MBTA’s security system are offering “free subway rides for life” over the Internet, and promised to teach others how to breach the transit system’s security system at an Aug. 10 computer hackers convention in Las Vegas, the Massachusetts Bay Transportation Authority claims in Federal Court.
The MBTA sued MIT and three of its undergrads, Zack Anderson, RJ Ryan and Alessandro Chiesa. The transit agency says the students “claim to have circumvented the security features of the MBTA’s computerized CharlieTicket and CharlieCard fare media systems; (ii) publicly offered ‘free subway rides for life’ to interested parties over the Internet; and (iii) plan to allow others to duplicate their claimed ‘breaking’ of the Fare Media’s security systems by presenting a paper, releasing software tools, and giving demonstrations at the DEFCON hackers convention this Sunday, August 10, in Las Vegas. Despite the MBTA’s requests, MIT has been unwilling to set limits on the MIT Undergrads’ activities,” the complaint states.
It continues: “The MIT Undergrads have declined to provide the MBTA or its system vendors with information concerning the claimed security flaws in the system. If what the MIT Undergrads claim in their public announcements is true, public disclosure of the security flaws – before the MBTA and its system vendors have an opportunity to correct the flaws – will cause significant damage to the MBTA’s transit system.”
The MBTA says it is the fifth-largest mass transit system in the country, with average weekday ridership of 1.4 million rides and average weekday revenue of $700,000.
The MBTA says it demanded to meet with the students, and did meet with them, but the students insisted they would carry through their promise, or threat, to reveal how they defeated the MBTA’s security system, and continued “to promise the release of software tools and demonstrations to allow others to duplicate the attacks.”
The MBTA demands damages for conversion, unfair trade, and violations of the federal computer fraud and abuse act – 18 U.S.C. §1030.
The MBTA is represented by Ieuan Mahony with Holland & Knight.