Riders of Dublin’s tram system Luas will have to navigate their commute without the aid of the service’s website on Thursday. The site is down following a hack by someone who mostly appears to be worried about calling attention to security holes.
The Independent reports that Dubliners visiting the Luas website earlier this morning were greeted by a simple ransom note that read:
You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the reply button. You must pay one bitcoin in five days. Otherwise I will publish all data and send emails to your users. btc address: 3FsR4CTUmumBJK12Zk8QRwdpPTJEY11aSX
Luas has shut down its website while it deals with the problem and tweeted an advisory asking the public not to visit the site at this time. In a subsequent tweet, Luas confirmed that its site was “compromised” and technicians believe the situation will take the day to resolve.
We’ve reached out to Luas in order to clarify some details about the situation, including whether administrators had received an email warning about security issues. We also asked what kind of data could be published if the hacker follows through on their threat. We’ll update this post when we receive a reply.
As far as ransoms go, demanding a single bitcoin is a relatively modest proposal. The current value of one bitcoin is around $3,900. It’s unclear if the hacker is simply being reasonable to give themselves a better chance of getting paid or if they are truly just trying to get the website’s administrators to pay attention to security flaws.
Luas has urged riders to follow its Twitter account for notices and advisories.