Audit Of The Charlie Ticketing System

0 views

Published on

Published in: Education, Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
0
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Audit Of The Charlie Ticketing System

  1. 1. Audit of the Charlie Ticketing SystemFor the Massachusetts Bay Transportation Authority<br />Team China Auditing<br />Luke, Dylan, Scott, and Craig.<br />
  2. 2. The Incident<br />Three MIT students explored the obvious weaknesses at the MBTA.<br />The MBTA’s fare-collection system named the Charlie Card was “hacked” to show false values.<br />The entire MBTA facility was shown to be lacking security in general.<br />
  3. 3. What Happened?<br />The students got into the building through unlocked doors.<br />Many locks were unlocked on rooms, phone boxes, and networking systems. <br />They also found a key and other physical identification that should not have been laying around.<br />They also eventually hacked the Charlie card’s mag-stripe value and then explored the RFID cards.<br />They documented their entire experience with photos and assembled a slideshow. Link Here<br />
  4. 4. Recommendations<br />Risk Assessment (Internal & Third-party)<br />Improve Physical Security<br />Access Control Hardware & Software<br />Visitor Management System<br />
  5. 5.
  6. 6. Risk Assessment<br />Regularly scheduled (Internal & Third-party)<br />Management, Security and end-user involvement<br />Reports to identify risk areas and levels<br />CounterMeasures® – Risk Analysis Software $14,500 (CounterMeasures®, n.d.)<br />RFP’s to be reviewed for vendor selection<br />
  7. 7. Physical Security<br />Access Control Hardware & Software<br />Increase security by eliminating keys<br />Provide management, audit tracking and incident response<br />Typical installations $1500 - $2500 per door (Access control, n.d.)<br />RFP’s to be reviewed for vendor selection<br />
  8. 8. Physical Security<br />Visitor Management System – Lobby Track™<br />Increased control and security of visitors in MBTA facilities<br />Security desk, on-line or self-registration kiosk check-in available<br />$1800 per location (Edition Comparison, n.d.)<br />
  9. 9.
  10. 10. Questions?<br />
  11. 11. Thank You<br />Team China Auditing<br />Luke, Dylan, Scott, and Craig.<br />
  12. 12. References<br />Access control system pricing. (n.d.). Retrieved May 6, 2010, from BuyerZone: http://www.buyerzone.com/security/access_control/buyers_guide6.html<br />Ahlers, M. M., & Quijano, E. (2009, May 20). National Archives loses hard drive with Clinton era records. Retrieved March 10, 2010, from <br /> CNN Politics:http://www.cnn.com/2009/POLITICS/05/20/lost.hard.drive.clinton/<br /> <br />Baxter, C. (2008, August 12). MIT students' report makes security recommendations to T. Retrieved April 20, 2010, from The Boston <br />Globe:http://www.boston.com/news/local/articles/2008/08/12/mit_students_report_makes_security_recommendations_to_t/<br /> <br />B., B. (2008). CRACKING THE CHARLIE CARD. CSO Magazine, 7(8), 17. Retrieved from Risk Management Reference Center database. <br /> <br />COBIT Student Book. (2004). COBIT in Academia. Rolling Measows, IL: IT Governance Institude.<br />  http://alarcos.inf-cr.uclm.es/doc/Auditoria/Cobit_Student_Book.pdf  <br /> <br />CounterMeasures®Enterprise Platform 8.1. (n.d.). Retrieved May 10, 2010, from CounterMeasures Risk Analysis Software: http://www.countermeasures.com/enterprise_platform_product.htm<br />Edition Comparison. (n.d.). Retrieved May 10, 2010, from Jolly Lobby Track: http://www.jollytech.com/products/lobby_track/systems/edition_comparison.php<br />Lewis, D. (2008, 8 20). MIT CharlieCard Hackers Gag Free. Retrieved April 6, 2010, from LiquidMatrix Security<br />Digest:http://www.liquidmatrix.org/blog/2008/08/20/mit-charliecard-hackers-gag-free/<br /> <br />McGraw-Herdeg, M. (2008, August 14). Public Documents Seem to Show Free T Fare. Retrieved March 10, 2010, from The Tech, Online<br />Edition:http://tech.mit.edu/V128/N30/subwayvulnerabilities.html<br /> <br />
  13. 13. References Cntd.<br />McNamara, P. (2008, 8 11). Exclusive: 'MBTA vs. MIT' lawsuit really about Charlie, not CharlieCard. Retrieved April 6, 2010, from Network<br />World:http://www.networkworld.com/community/node/30940<br /> <br />Mills, E. (2008, Decemer 23). MIT students to help Boston secure subway fare system. Retrieved March 10, 2010, from CNET<br /> News:http://news.cnet.com/8301-1009_3-10128632-83.html?tag=mncol;title<br />National Archives Offers Reward of Up to $50,000 for Return of a Missing Clinton Administration Hard Drive. (2009, May 29). Retrieved March 10, 2010, from The National <br />Archives:http://www.archives.gov/press/press-releases/2009/nr09-89.html <br /> <br />Pesaturo. (2007, 3 05). MBTA Transit Police Charge Retiree with Theft. Retrieved April 6, 2010, from<br />MBTA:http://www.mbta.com/about_the_mbta/news_events/?id=11063&month=&year=<br /> <br />Russell, R., Zack, A., & Alessandro, C. (2008, August 8). Anaomy of a Subway Hack. Retrieved March 10, 2010,<br /> from http://tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf<br /> <br />Szaniszlo, M. (2008, August 10). MIT students barred from exposing MBTA security flaws. Retrieved March 10, 2010, from Boston Herald: http://news.bostonherald.com/news/regional/general/view.bg?articleid=1112081&srvc=home&position=emailed<br /> <br />Szaniszlo, M. (2008, 8 14). Board member demands MBTA audit. Retrieved April 6, 2010,<br /> from http://www.bostonherald.com:http://www.eff.org/files/filenode/MBTA_v_Anderson/Exhibit%207.pdf<br /> <br />Szaniszlo, M. (2008, 8 15). MIT students must turn in CharlieCard data today. Retrieved April 6, 2010, from Boston<br />Herald:http://www.bostonherald.com/news/regional/general/view.bg?articleid=1113095<br /> <br />Vijayan, J. (2008). Flap Over Transit Flaws Exposes Disclosure Divide. (Cover story). Computerworld, 42(33), 10. Retrieved from Academic Search Premier database.<br />

×