Trial of Russian hackers who are accused of hacking transport card system “Troika” and other transport cards is postponed from 31 August to September 12. The accused are Denis Kazmin, Yury Putin and Pavel Andryushin.
The group bought the details of the Turnstiles (like in metro) for the creation of malicious software. After studying the working process of Turnstiles, they developed a program in Object Pascal Programming language, namely “Terminal.exe” “ATMega128_BackDoorBootLoader.asm”.
The program allowed them to get information of the carrier, memory dumps and access keys from the Turnstiles located at one of the Moscow station. The information were used for adding money to transport card and sold the card.
The hackers may receive 3 to 4 years of imprisonment
Experts were surprised, according to them, transport card fraud is a rare, because in this way you can not earn big money. The whole damage amounted to 2 million rubles.
It’s interesting to note that in May 2016 another Russian researcher Igor Shevtsov did research and wrote an article(https://habrahabr.ru/post/301832/) about a critical vulnerability of transport card “TROIKA”.
He explained how to fake balance of the card and how travel on public transport for free. It took him 15 days, he used Android smartphone with NFC chip. He also created an android application TroikaDumper to exploit the vulnerability. The Representatives of Moscow metro contacted with the researcher and fixed the vulnerability after few days. The article written by Shevtsov is now removed.