A U.S federal judge in Massachusetts has ordered three MIT students to cancel a presentation for Sunday (8/11) at the infamous Defcon hackers’ conference in Las Vegas. The students planned to show security flaws in the automated fare system used by Boston’s very own Massachusetts Bay Transit Authority (MBTA) subway system (called the Charlie Card). The MBTA sued the students and MIT in United States District Court in Massachusetts on Friday, claiming that the students violated the Computer Fraud and Abuse Act (CFAA) by delivering information to conference attendees that could be used to defraud the MBTA of transit fares. (We will talk about the CFAA more in class)
The temporary restraining order (full text pdf), issued by a Massachusetts U.Sdistrict court judge prevented the college students from demonstrating how to use the vulnerabilities to get free rides.