Massachusetts transit authority sues Defcon subway hackers

Las Vegas (NV) – Three MIT students probably won’t be giving their scheduled Defcon speech on getting free subway rides. The Massachusetts Bay Transit Authority – the agency in charge of the Boston T subway – sued the trio for computer fraud and requested a temporary restraining order to prevent them from presenting the talk.

Zack Anderson, RJ Ryan and Alessandro Chiesa are researchers and students at MIT under the instruction of the famous professor Ronald Rivest who helped create the RSA security algorithm. Their talk, which was scheduled for Sunday, was supposed to demonstrate how the subway’s “CharlieCard” could be hacked into giving free subway rides. These hacks could conceivably be used on other subways.

According to the talk description, the trio used software radios and FPGAs to circumvent the protection mechanisms and to prove the point, they were going to do a live demo of the hack in action.

We give the nod to Dan Goodin at The Register for getting the scoop on this story. Anderson told Goodin that the team never intended to release tools for hacking into subway systems and had tried to warn the Transit Authority of vulnerabilities in their system.