Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Hardware Hacking The Courts Transportation Build

Interview With MIT Subway Hacker Zack Anderson 113

longacre writes "In his most extensive interview since the DefCon controversy emerged, MIT subway hacker Zack Anderson talks with Popular Mechanics about what's wrong with the Charlie Card, what happened at DefCon, and what it's like to tango with the FBI and the MBTA. The interview comes on the heels of Tuesday's court ruling denying motions by the MBTA to issue a preliminary injunction aimed at keeping the students quiet for a further five months."
This discussion has been archived. No new comments can be posted.

Interview With MIT Subway Hacker Zack Anderson

Comments Filter:
  • Re:The battle (Score:2, Informative)

    by rbf2000 ( 862211 ) on Friday August 22, 2008 @03:26PM (#24710539) Homepage
    Ironically, they made far more information publicly available than the MIT kids ever intended to present by including the security report in their motion. You think they would have sealed the document, or whatever the legal term is for hiding sensitive information like that.
  • by stomv ( 80392 ) on Friday August 22, 2008 @03:35PM (#24710647) Homepage

    The US has tons of limits on free speech, including but not limited to restrictions with respect to
      * perjury
      * profanity
      * sealed courtroom/trial
      * threats
      * slander and libel
      * classified information
      * treason

  • Re:Obligatory IANAL (Score:5, Informative)

    by Ioldanach ( 88584 ) on Friday August 22, 2008 @03:40PM (#24710723)
    Maybe this will help: Congress shall make no law (((respecting an establishment of religion) or (prohibiting the free exercise thereof)) or (abridging (the freedom (of speech) or (of the press)) or ((the right of the people peaceably to assemble) and (to petition the government for a redress of grievances)))). The alleged violation is "abridging (the freedom (of speech) or (of the press))". The assembly subclause is enclosed within a different area of the clause.
  • Re:no, not really (Score:5, Informative)

    by _Sprocket_ ( 42527 ) on Friday August 22, 2008 @03:47PM (#24710835)

    Very interesting. Further reference:
    http://en.wikipedia.org/wiki/Schenck_v._United_States [wikipedia.org]

  • by ParanoiaBOTS ( 903635 ) on Friday August 22, 2008 @03:49PM (#24710891) Homepage

    Did the MBTA learn a lesson here about making a mountain out of a molehill? They essentially took something that would have received almost no attention and turned it into a national news story and then publicly filed all the details in open court such that anyone with the wherewithal to defraud the MBTA now not only knew about the exploit but had the full details on how to do it.

    I doubt they learned anything. If I have noticed one thing about cases like this its that they always seem to make the same mistakes. It's really just a matter (again) of people addressing the symptom, not the problem.

  • MBNA != MBTA (Score:5, Informative)

    by SirGarlon ( 845873 ) on Friday August 22, 2008 @03:53PM (#24710955)
    You seem to be confusing the bank, MBNA, with the Boston transit authority, MBTA. Hacking MBNA would almost certainly be a felony. Hacking the MBTA is not even definitely illegal if you don't actually ride a train without paying. That what all this is about.
  • by russotto ( 537200 ) on Friday August 22, 2008 @04:13PM (#24711199) Journal

    The US has tons of limits on free speech, including but not limited to restrictions with respect to
        * perjury

    But no prior restraint here.

    * profanity

    Most such restrictions get shot down in court; if it's about profanity in particular, they fall afoul not only of freedom of speech but of religion as well.

    * threats
    * slander and libel

    Again, no prior restraint here. And what constitutes a threat is reasonably narrowly defined, though prosecutors are always trying to stretch it

    * classified information

    You have, perhaps, heard of the Pentagon Papers case? Where the Washington Post and the New York Times could not be enjoined from publishing classified information?

    * treason

    It's awfully hard to commit treason with public speech. Laws against sedition, on the other hand, have a long history of violating freedom of speech.

  • What now? (Score:2, Informative)

    by SeeSp0tRun ( 1270464 ) on Friday August 22, 2008 @04:16PM (#24711221) Journal
    The MBTA has the information, but lets look at this for a moment. The fares in Boston went up roughly $.50 last year on the subway alone, with upwards of $2 on the rail system. This was mainly done to pay for the current Charlie Card system, as well as perform some additional maintenance and renovations in various stations. So after basically overhauling their token system, for a hefty price no less, they are going to spend how much extra for new data storage on fares? Not to mention the people that they will have to hire in order to sort through everything, and apprehend violators in the underbellies of Boston, or New York, or anywhere with a subway.

    I just don't see this going past "We sure showed those MIT kids what was what..." in the board room.
    I use the system at least twice a week, and not even the physical securities have changed since the report was originally filed.
  • by kriston ( 7886 ) on Friday August 22, 2008 @05:33PM (#24712285) Homepage Journal

    You may have read my comment already but there is an advisory value stored on the card but it's not the authoritative record of the balance. As with the Oyster Card "hacks" in London the cards can be turned off within one day. The central billing system analyzes trending and riders are accepted into the vehicle based on the balance on the card. If that balance doesn't match with the central database the card is turned off within hours. Same happens with cloned cards which can be detected the same way even more quickly as cards are used in impossible locations at impossible time intervals. The vehicle acceptance systems use store-and-forward wireless systems--remember, all the vehicles have onboard radios which will work several times per hour even on routes with the poorest coverage.

  • by pbaer ( 833011 ) on Friday August 22, 2008 @08:28PM (#24714159)
    You also forgot: *copyright

No extensible language will be universal. -- T. Cheatham