MIT Students Barred from Revealing Hacker Tactics

Ok, here’s the backgrounder: three MIT students hacked into the Massachusetts Bay Transit Authority’s (MBTA) system and found a way to change the value of fare cards, called the CharlieCard and CharlieTicket, from $2 to $653. The students – Zack Anderson, RJ Ryan, and Alessandro Chiesa – were supposed to discuss what they did at the DEFCON security conference in Las Vegas; however, a district judge stopped them last Saturday from doing that.

Of course, the students are not taking this sitting down, with their lawyer calling the move “an illegal prior restraint on legitimate academic research in violation of the First Amendment.”

Although the ruling was meant to prevent other people (bad people!) from knowing what the students did so that they can’t hack into MBTA themselves and cause fraud, the ruling doesn’t really have much punch because the students’ conference presentation materials are online anyway. Just a click away from anyone who wants to view them.

The lawsuit was filed by MBTA last Friday after it had received word of some of the marketing copy used for the DEFCON conference (e.g., ““Want free subway rides for life?” ). Others say it is these announcement copies that may have actually swayed the judge to issue the gag order. And although the marketing copy has been reworded to be “less provocative”, MBTA still cited the older version in their complaint.

At the moment, the students are fighting the gag order. The MBTA, on the other hand, wants the gag order to stay… at least, till they fix the security problems at hand.

News Source: InformationWeek

Presentation Material Hosted at MIT Newspaper: Anatomy of a Subway Attack