Documentation for Boston T subway system. The file, created in June, 2008 using PowerPoint by Russell Ryan, Zach Anderson, Alessandro Chiesa, demonstrates lax security, failed security, and no security in an area of public transportation that the most people would consider "safe". The 87 page document shows the relative ease one can gain entry to the system and exploit it to gain relatively free access for subway use. Sabotage of the system is, along with exploitation, an easy task due to the poor security. In early August, the authors were prevented from giving a scheduled presentation [1] at DEFCON by a federal judge in a injunction filed by the Massachusetts Bay Transit Authority (MBTA). The Electronic Frontier Foundation (EFF) defended the students who had made an effort to contact the MBTA prior to their scheduled Defcon appearance. The temporary restraining order against the authors did not stop MIT’s student newspaper from posting a copy of the presentation that had been included on a Defcon CD that had been distributed.

The File Details How To:

• Generate stored-value fare cards
• Reverse engineer magstripes
• Hack RFID cards
• Use software radio to sniff
• Use FPGAs to brute force
• Tap into the fare vending network
• Social engineer
• Warcart