MBTA’s Website Briefly Went Down After Outside Host Experienced Alleged Cyber Attack
The T’s website experienced a minor glitch on Wednesday night, and into Thursday morning, after an apparent cyber attack impacted the company that runs the domain names of millions of websites, including the transit agency’s.
The MBTA.com domain name is managed by Network Solutions, which said that in the process of resolving a Distributed Denial of Service (DDoS) incident on Wednesday night, the websites of a small number of its customer base were disrupted, and appeared inactive or were redirected.
MBTA Spokesman Joe Pesaturo said the T’s site was not hacked. Network Solutions manages millions of domains, and a portion of those were impacted for several hours by the alleged cyber attack incident. Pesaturo would not comment further, and the problem on the T’s site seemed to be resolved by Thursday afternoon.
In a statement, officials from Network Solutions said none of the issues stemming from the attack involved malicious activity. “No confidential data was compromised, including passwords, credit card information, or cookies,” according to a statement.
According to Abine privacy strategist Sarah A. Downey, this sort of “hijacking” refers to some third party, other than the website someone may try and be visiting, forcing users to a different domain. “Often that domain is compromised or conveys some benefit to the attacker. For example, many ISPs use it to forcibly direct you to their homepage every time you open your browser, [which] can be annoying for users. It can happen when a website doesn’t use DNS security, hasn’t updated their web software, or doesn’t use adequate domain and hosting security,” she said.
As stated by Network Solutions, the hijacking can affect several websites when they’re co-owned or hosted, Downey said. Although the company said no information was compromised, Downey recommended running software just to be sure.“To be safe, anyone who tried to access the MBTA website during the compromised period should immediately run antivirus scans. It’s possible they transmitted information to a hacker’s sever when they were redirected.”