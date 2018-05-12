Hacker Shuts Down Copenhagen's Public City Bikes System (bleepingcomputer.com) 38
An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.
This outfit has an Android tablet physically attached to each bicycle.
I wonder how long one of those is expected to last outside in the wind, rain and diesel exhaust.
Well, it's Denmark, so I if they weren't made to last in rain, they would have have a very short lifespan. Last year was nothing but rain. This year shows promise, crossing fingers.
That's a lot of money there. How about an ESP8266 module and two AA cells? For less than $3, it has CPU, memory, and wifi. Mount it under the seat or wherever convenient. (The ESP12 is small!)
The device could wake up every so often and listen for an open hot spot. Associate with the hot spot and "phone home" with the MAC address of the hot spot. That might be close enough to locate the bike without GPS.
Meanwhile, volunteers could go war-biking with similar devices WITH GPS to make a database linking the MAC
You have some great ideas there, you should apply and help them bring it to the next level. I'm sure you will be able to find alternatives to the other features that the tablet provides, such as:
- credit card processing
- usage time tracking
- motor assistance settings
- navigation
- locking/unlocking from charging/drop stations
- locking for parking
- reservation
- and probably more
Non-functional bikes? (Score:2)
I'm sorry if I don't know anything about Bycyklen, but how are the bikes "non-functional"? A bike is a bike, isn't it?
Robert'); Drop Table Bicycles;-- (Score:4, Funny)
Bycyklen described the hack as "rather primitive,"
...
Obligatory: xkcd [xkcd.com]
Bobby Bicycles? Hey, I know that guy!
Ha. I thought to use that as my Subject, just after hitting Submit. Damn slow brain, fast fingers.
Usual internet of things screwup? (Score:1)
Or, you know, backup your database and practice your restores on a regular basis....
What's the motivation? Anonymity? (Score:3, Insightful)
Mindless vandalism? I'm trying to imagine what could motivate such a crime. What sort of grievance could justify attacking a system that lets people borrow bikes?
Just wants to annoy other people? Maybe he sells cars and he felt the bikes were hurting sales? Maybe he's just a mercenary working for the car salesman? Or maybe the prick did it simply because he could.
There are legitimate uses for anonymity. This is NOT one of them.
What sort of grievance could justify attacking a system that lets people borrow bikes?
Maybe he sells cars and he felt the bikes were hurting sales?
Oh, those questions answers it all easily:
Über did it.
"To summarize the summary of the summary: people are a problem." — Douglas Adams
I'm trying to imagine what could motivate such a crime.
Some people just want to watch the world burn.
The right framework to understand this isn't psychology, it's statistics. The probability of an event occurring as the number of trials approaches infinity is either 0, or 1.
That's the way to understand a lot of what happens in the world, like school shootings. If they can happen, given enough people who are capable of doing them, someone will.
I'm afraid I don't understand what sort of point you are trying to make. Perhaps something like bad things happen, so we should give up?
Do you have any sort of constructive solution to offer? (I do, but I've already presented it out on Slashdot and never detected any interest.)
Blame Russia... (Score:1)
I am waiting for that proverbial "blame Russia" rant. Even with no [credible] evidence whatsoever.
Here's the MO; if investigations end up likely to point else where, put out press releases with words like "we know", "likely" and so on. If that fails, simply discredit the investigation itself.
ZFS (Score:5, Insightful)
Now imagine if this database were to be stored on a ZFS volume with regular snapshots, and those snapshots were sent to other remote machines for backup... The entire database could have been recovered in minutes with just a few simple commands to re-mount the ZFS partition to a given snapshot, restart the database server software, and you're up and running again...
Oh wait, that's right. I'm too old for tech nowadays. There are all these kids fresh out of college using newfangled technology that don't know two shits about information security or data integrity to even give this a thought in the first place. And thus the cycle continues where us old-hats are "over paid" and forced out of work in favor of these new younger generations of "tech wizards"!
Re:ZFS (Score:4, Interesting)
What seems to have happened is that the hack has managed to erase the client side. Either poison data/commands has erased the tablet they attach to the bike, or the tablet still has data but is now out of sync with their restored backup. That will be why they're talking about going round rebooting the tablets on the bikes - it's the client side that's wrong, ZFS-nothing - it simply wouldn't have helped.
Get off my lawn. (Score:2)
If the hack was primitive, where is the backup? (Score:2)
Or was the IT department rather primitive as well. In the worst case, a rather primitive deployment like this should lose 15m-1h of data and perhaps another 1-4h of downtime. There are setups that are better with continuous logs and high tech breach detection which would either prevent this or have virtually no downtime.
Double-edged taunt. (Score:2)
Bycyklen described the hack as "rather primitive,"
What does that say about your security, Bycyklen?
Restore from backup? (Score:1)