Giant Computer Breach Hits D.C. Metro

( – According to the DC Metro’s Office of the Inspector General, the Metro’s system was breached earlier this year by a computer that was based in Russia, the Washington Post reported.

In the partially-redacted report released on Wednesday, the Metro OIG revealed that in January, the cybersecurity group for the Washington Metropolitan Area Transit Authority had detected unusual network activity “originating in Russia.”

Based on initial findings, a computer in Russia access a sensitive directory using the credentials of a former Metro contractor. While the contractor no longer works for Metro, the high-level access was retained in case the contract was renewed.

The investigation found that the Russian-based computer “was turned on at the direction of the former contractor” who accessed his computer remotely while in Russia.

According to the report, the Inspector General’s office raised concerns about potential vulnerabilities in Metro’s cybersecurity in 2019 when it noted that testing of system components and vulnerability assessments were not being conducted. In response to the OIG’s concerns, the Metro contacted a security company that provided a findings report which the OIG did not receive until February, despite repeated requests.

According to the OIG report, the security company found that vulnerabilities in the Metro systems either do exist or will exist, and if they are not addressed, the Metro will be “susceptible to unacceptable outcomes.”

The Metro’s chief information officer Torri Martin and chief audit and risk officer Elizabeth Sullivan wrote in response to the OIG’s report that the Inspector General failed to recognize the “measurable improvements” the Metro IT department has made in its cybersecurity program since 2019.

After investigating January’s Russian breach, the Microsoft Detection and Response team said that it did not find that the content accessed in the breach was “synchronized” onto the device in Russia and there are “no indications of persistence or ongoing malicious activity.”

Copyright 2023,