Anonymous BART web hack should urge firms to get serious about web app security

In a widely expected move, hacktivist group Anonymous has launched a cyber attack on the web site of the San Francisco Bay Area Rapid Transit (BART) system, after transit police killed a 45 year-old man and mobile transmitters were shut down to thwart public protest.

Anonymous posted a warning on Sunday that it would retaliate against what it saw as censorship and trying to cover up crimes against a "mostly unarmed public".

"In the Bay Area we've seen people gagged, and once more Anonymous will attempt to show those engaging in the censorship what it feels like to be silenced. #OpBART is an operation geared toward balance - toward learning," the group said.

"You do not censor people because they wish to speak out against the wrongful things occurring around them. The Bay Area Rapid Transit has made the conscious decision of ordering various cell phone companies to terminate services for the downtown area inhibiting those in the area from using cell phones - even in the case of an emergency."

As a result of the action the myBART.org site was defaced with Anonymous logos and the group released personal data belonging to more than 2,000 users, including names, addresses and telephone numbers.

BART warned people to be on their guard against phishing or other related scams in the aftermath, and has informed police.

Pretty standard one for Anonymous this, again highlighting that every organisation must have contingency plans in case they are the next to be hit by an attack.

Even more worrying, however, is the ease with which Anonymous hacked the BART site. Many may disagree with their methods, but if nothing else these high-profile attacks should be getting the message across about the need for better web app security.