The MTA document outlining the breach reckoned that in April a hacker organization having links to the Chinese government breached the computer systems of the Metropolitan transport authority, highlighting vulnerabilities in a large transit network that carries millions of people every day.
Transit officials also said that the hackers did not have access to systems that do not jeopardize the operation of train cars and driver safety, stressing that there was minimal harm if any to the intruder.
Transit authorities said that a forensic assessment of the attack has so far not uncovered any proof either and that attackers have not affected the personal information of consumers. The agency reported the incident to the police and other governmental authorities but has not announced it publicly.
The intrusion was the third – and perhaps the most major – cyber attack by hackers, according to transit authorities, on North America's largest transit network in recent times.
According to FireEye, a private cyber-security company working with the federal government to recognize the offense said that the attack did not involve financial demands and instead appears to form part of a recent wide range of intrusions by sophisticated hackers supported by the Chinese government.
The wider hacking campaign affected hundreds and was found at the end of April by federal organizations, defense contractors, banking institutions, etc. These Routine hacking activities are denied by the Chinese government.
Researchers have different theories as to why the M.T.A was chosen to be the campaign's objective, however, the actual reason remains unknown. One of the main objectives is the attempt by China to control the multibillion-dollar railway market—an effort to get insight into the inner workings of a transport system that awards profitable contracts.
Another view is that attackers wrongly have accessed the M.T.A. system and have found that it was not exceptional, as cybersecurity specialists say.
However, hacking companies have made no adjustments to the operational activities of the company and have not collected any employees or customer data, such as credit card information. Notably, they did not compromise any M.T.A. accounts, transit authorities stated, referring to a forensic audit of the agency's attack by a leading cybersecurity firm, IBM and Mandiant.
“The M.T.A.’s existing multi-layered security systems worked as designed, preventing the spread of the attack,” said Rafail Portnoy, the M.T.A.’s chief technology officer. “We continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat.”
The attacks against the M.T.A. also came into play because of increasing concerns about China Railway Rolling Stock Corporation, which is the world's largest producer of train cars.
As the threat from cyber strikes has increased and trade disputes between the US and China have also increased, the dominance by the state-owned company has raised concerns among legislators, defense officials, and industry experts that crucial US transport infrastructures have been left vulnerable to cyber-attacks.
In the second week of April, it seems that the M.T.A. systems were targeted on two days, and access persisted at least until the breach was reported on April 20. The hackers used the so-called "Zero-day," or an unknown code defect in software that was found unpatched.
Thus according to the M.T.A. document describing the violation, hackers got special access to the system being used by New York City Transit, which monitors both the metro and the buses.
Mr. Portnoy said, there was “no employee or customer information breached, no data loss, and no changes to our vital systems.”
“Our response to the attack, coordinated and managed closely with State and Federal agencies, demonstrated that while an attack itself was not preventable, our cybersecurity defense systems stopped it from spreading through M.T.A. systems,” he added.