TFL cyber attack 2024

[friendofdorothy]

Apparently the TFL and Oyster systems are under attack. Timetable info is sketchy and you can't log in to your Oyster account . Humph!

 

[friendofdorothy]

I've just lost my over sixties Oyster card and can't report it to get it replaced

 

[Pickman's model]

Could you edit the date into the title pls?

 

[Boris Sprinkler]

It’s been going on for 5 days. From the limited info I have read, They are probably trying to find active attackers in the systems, the way the are taking different systems down during this period, indicates ( to me) the attackers may be moving laterally across web facing systems and using web shells to exfiltrate data.

They have managed to get the NCI involved so that probably means it’s easy to solve. Unless they also do reselling of “recommended vendors”.

 

[friendofdorothy]

Could you edit the date into the title pls?

Done

Has this happened before?

 

[two sheds]

yes pickers often asks for the date to clarify

 

[friendofdorothy]

It’s been going on for 5 days. From the limited info I have read, They are probably trying to find active attackers in the systems, the way the are taking different systems down during this period, indicates ( to me) the attackers may be moving laterally across web facing systems and using web shells to exfiltrate data.

They have managed to get the NCI involved so that probably means it’s easy to solve. Unless they also do reselling of “recommended vendors”.

No idea what most of that means. How long do you think it might take for it to be solved?

 

[Boris Sprinkler]

I mean it was purely an educated guess. I’ve worked on intrusion incidents for months.

 

[Pickman's model]

Done

Has this happened before?

Not sure but I ask to make clear whether or not the incident new

 

[Silas Loom]

I mean it was purely an educated guess. I’ve worked on intrusion incidents for months.

I hope they are paying you a lot more than the guys in the Ukraine thread get. Can we all have infinite cash on our Oyster accounts, while you are there?

 

[friendofdorothy]

Not sure but I ask to make clear whether or not the incident new

Has TFL suffered a cyber attack before? I looked for similar thread but couldn't find one.

 

[friendofdorothy]

I mean it was purely an educated guess. I’ve worked on intrusion incidents for months.

Can I have my lost Oyster back please.

 

[Pickman's model]

Has TFL suffered a cyber attack before? I looked for similar thread but could one.

I'm not sure if there's been a previous cyber attack

 

[friendofdorothy]

I'm not sure if there's been a previous cyber attack

Just being picky then. Every thread displays with the date it was started anyway. I'm going to edit the date out, my original title was succinct as it was.

 

[Boris Sprinkler]

I'm not sure if there's been a previous cyber attack

previous attack serious enough to warrant reporting to the media.

 

[friendofdorothy]

Can I have my lost Oyster back please.

The TFL site just tells me to check back later. I'm wondering how often to check

 

[Pickman's model]

Just being picky then. Every thread displays with the date it was started anyway. I'm going to edit the date out.

It's not being picky. I ask the same thing for earthquakes and terrorist attacks. While threads do as you say show the date started, many of us use phones probably in preference to computers and probably in portrait rather than landscape. Where the date started isn't displayed. In addition many times people look at the title and not the start date, I've been taken in by thinking something's new and sure others have too.

 

[friendofdorothy]

It's not being picky. I ask the same thing for earthquakes and terrorist attacks. While threads do as you say show the date started, many of us use phones probably in preference to computers and probably in portrait rather than landscape. Where the date started isn't displayed. In addition many times people look at the title and not the start date, I've been taken in by thinking something's new and sure others have too.

This is new, so what's the problem.

I'm on a phone and I can see the date.

 

[Boris Sprinkler]

The TFL site just tells me to check back later. I'm wondering how often to check

I would give it a few days. They will be wanting to get their systems back up asap. But they will need to be imaged, and investigated, and rolled back to a previously know clean configuration. Which requires full knowledge of the intrustion. And there is a million other considerations to think about to. Which is why I no longer involve myself with such shithousery.

 

[Boris Sprinkler]

Here we go. Found this.

The fingerpointing starts as TfL cyber incident continues

Network admins take a ride on the Fright Bus

www.theregister.com

 

[Pickman's model]

This is new, so what's the problem.

I'm on a phone and I can see the date.

Yeh I said I could see the date if I turn the phone landscape. But it's not worth a derail.

 

[metalguru]

Just last month, I had to go through the extra step of getting my Over 60s oyster card application verified by the Post Office - as I was reluctant to provide a linked credit card in the online application. Possibly a good decision.

 

[Callie]

friendofdorothy the date thing is a bit picky (heh) but it is also useful. Most people do use their phones so if there are significant events it's useful to have a date in the title in case it's ongoing, recurring or similar events happen and someone is trying to search for particular events.

 

[Boris Sprinkler]

It’s not a job I would ever want. The threats is always going to be to the general public and their money.
To be responsible for that many peoples payment methods. Across a wide technology stack. Hopefully they ( Information security ), are divided into large clear teams with set objectives and responsibilities.

 

[Callie]

There was an IT issue back in July at TFL...can't recall exactly what was happening so possibly indicates an ongoing/not fully resolved issue/s??

 

[RubyToogood]

I've just lost my over sixties Oyster card and can't report it to get it replaced

A friend was supposed to be renewing hers and can't, but it worked for her anyway yesterday.

 

[Callie]

^actually that might have been them getting hit by the crowd strike incident

 

[ouirdeaux]

A friend was supposed to be renewing hers and can't, but it worked for her anyway yesterday.

At what point are you supposed to be renewing an over-60 card? In case you're getting younger, and thus lose eligibility?

 

[friendofdorothy]

At what point are you supposed to be renewing an over-60 card? In case you're getting younger, and thus lose eligibility?

You have to pay an annual fee and send proof of address every year

You've now had your 60+ London Oyster photocard for a year, we hope you have enjoyed the benefits.

As per the terms and conditions of the scheme, you must provide proof of your current London borough address. You must also pay the £10 address check fee to keep using your 60+ London Oyster photocard for another year.

Sign in to your account to provide proof of your address.

You must complete this by 21 September 2024 or your 60+ London Oyster photocard will be stopped.

If your photocard is stopped and you are still eligible for a 60+ London Oyster photocard, you can start a new application and pay £20.

Not only have I lost my card, it is soon going to be time to renew it and I'm not sure if I updated my address on their system either
When I tried to log in yesterday it said I had the wrong email / pwd and didn't send me a new code to log in.

 

[ouirdeaux]

But I've had mine for five years, and never renewed it, or been asked to.