»In which LA gets pwn3d

Los Angeles' transit system was hacked, perhaps by disgruntled workers.

http://www.latimes.com/news/local/la-me-trafficlights9jan09,0,7005703.story?coll=la-home-headlines
2 deny hacking into L.A.'s traffic light system
Two accused of hacking into L.A.'s traffic light system plead not guilty. They allegedly chose intersections they knew would cause major jams.
By Sharon Bernstein and Andrew Blankstein
Times Staff Writers

January 9, 2007

Back in August, the union representing the city's traffic engineers vowed that on the day of their work action, "Los Angeles is not going to be a fun place to drive."

City officials took the threat seriously.

Fearful that the strikers could wreak havoc on the surface street system, they temporarily blocked all engineers from access to the computer that controls traffic signals.

But officials now allege that two engineers, Kartik Patel and Gabriel Murillo, figured out how to hack in anyway. With a few clicks on a laptop computer, the pair — one a renowned traffic engineer profiled in the national media, the other a computer whiz who helped build the system — allegedly tied up traffic at four intersections for several days.

Both men pleaded not guilty Monday morning to felony charges stemming from the case, and Murillo's lawyer said his client meant no harm when he signed on to the system that day.

But authorities say the pair picked their targets with care — intersections they knew would cause significant backups because they were close to freeways and major destinations.

They didn't shut the lights off, city transportation sources said. Rather, the engineers allegedly programmed them so that red lights would be extremely long on the most congested approaches to the intersections, causing gridlock for several days starting Aug. 21, they said.

Cars backed up at Los Angeles International Airport, at a key intersection in Studio City, onto the clogged Glendale Freeway and throughout the streets of Little Tokyo and the L.A. Civic Center.

The engineers' arrests last Friday point up the vulnerability of L.A.'s complex traffic control system.

City leaders said Monday they also underscore the delicate balance that employers must strike in a highly technical environment in which workers must be trusted enough to have access to important systems.

Some officials Monday called for an immediate review of ways to tighten security of the computer system, which manages 3,200 of the city's 4,300 traffic signals.

"The issue here was public safety," Councilwoman Wendy Greuel said. "What if there had been a major accident and we were not able to control the lights while the officers were on their way?"

Details of the case emerged Monday in interviews and court documents.

After access to the system was cut off for all but top managers, Murillo signed in as one of them, according to the criminal complaint. Murillo had helped design the nationally recognized system.

By signing in, the engineers allegedly obtained the codes needed to unblock the computers that control traffic lights throughout the city. Soon, the lights at those four intersections were reprogrammed with a code that prevented city officials from fixing them.

"The red signal would be on too long for the critical approach and the green signal would be on too long for the noncritical approach, thus resulting in long backups into the airport and other key intersections around the city," said one source in the traffic department, who spoke on condition of anonymity.

Murillo was charged with two felonies: one count of identity theft and one of unauthorized access to a city computer. Patel was charged with five felonies: one count of unauthorized access to a city computer and four of unauthorized disruption or denial of computer services.

Los Angeles County Superior Court Commissioner Catherine J. Pratt released the men on their own recognizance on the condition that they do not access city computers or set foot on Department of Transportation property without their attorneys.

If convicted on all charges, the pair could face several years in state prison, although authorities said that is unlikely because they have no criminal records.

Murillo's lawyer, James Blatt, said that his client was on paternity leave when the incident took place and did not receive an e-mail indicating that access to the traffic signal control center would be blocked during the strike.

He said Murillo didn't mean to do anything wrong.

"The issue in the case is Mr. Murillo's intent when he logged into the system," Blatt said. "Mr. Murillo has been an engineer there [at the Department of Transportation] for 17 years. He's highly regarded and respected by management and employees. It was not his intent to jeopardize the system or the citizens of Los Angeles."

Alan Eisner, who is representing Patel, said his client "unequivocally denies the charges against him and specifically denies illegally accessing or disrupting the [computerized traffic light] system. Mr. Patel has been an employee of the Department of Transportation for more than 12 years and has an outstanding work history. He and his family are traumatized by the allegations, and he looks forward to responding to the allegations in court."

After the arraignment Monday, city employees filled the hallway outside the courtroom, creating an impromptu receiving line as they filed past the defendants and their families. Officials from their union were not in court and did not return calls seeking comment.

In deciding how to handle security in the future, the city faces a difficult choice: set up systems that could impede the smooth functioning of its crucial traffic control efforts, or do nothing and risk another hacking incident.

Clifford Neuman, a computer security expert and the director of the USC Center for Computer Systems Security, said there are two primary ways to design computers to guard against malicious activity by insiders, but each can interfere with employees' ability to do their tasks and would probably be prohibitively expensive for the city.

salim filed this under shenanigans at 09h07 Tuesday, 09 January 2007 (link) (Yr two bits?)