A hacking group believed to have links to the Chinese government penetrated the Metropolitan Transportation Authority’s computer systems in April, exposing vulnerabilities in a vast transportation network that carries millions of people every day, according to an M.T.A. document that outlined the breach. The hackers did not gain access to systems that control train cars and rider safety was not at risk, transit officials said, adding that the intrusion appeared to have done little, if any, damage.
But a week after the agency learned of the attack, officials raised concerns that hackers could have entered those operational systems or that they could continue to penetrate the agency’s computer systems through a back door, the document also shows. Transit officials say a forensic analysis of the attack has not revealed evidence of either and that hackers did not compromise customers’ personal information. The agency reported the attack to law enforcement and other state agencies, but has not disclosed it publicly.
The breach was the third — and most significant — cyberattack on the transit network, North America’s largest, by hackers thought to be connected to foreign governments in recent years, according to transit officials. The M.T.A. is one of a growing number of transit agencies across the country targeted by foreign hackers and the breach comes during a surge in cyberattacks on critical American infrastructure, from fuel pipelines to water supply systems.
In recent months, cyberattacks have also crippled police departments in the District of Columbia and elsewhere, as well as hospitals treating coronavirus patients in intrusions that involved criminal groups holding data hostage and seeking payments to unlock the data.
The attack on the M.T.A. did not involve financial demands and instead appears to be part of a recent series of widespread intrusions by sophisticated hackers believed to be backed by the Chinese government, according to FireEye, a private cybersecurity firm that works with the federal government and helped identify the breach.
It is unclear why the M.T.A. was a target of the campaign, but investigators have several theories. One focuses on China’s push to dominate the multibillion-dollar market for rail cars — an effort that could benefit from knowing more about the inner workings of a transit system that awards lucrative contracts. In recent years, China has used cyberattacks as a way to advance its economy and become the dominant global superpower, according to the Justice Department. Another more benign view is that hackers mistakenly entered the M.T.A. ‘s system and discovered it was of little interest, which cybersecurity experts say is not unusual.