Online rail ticket site 'hacked'

   Date:2012-01-30

The difficulty of securing a train ticket online during the Spring Festival has prompted hackers to write computer programs that break into booking sites.

The official e-ticket channel 12306.cn opened for sales over the holiday period on Jan 8 and has received 100 million hits a day. The bombardment has led to thousands of requests being rejected every second.

Now would-be customers are resorting to a hacking tool known as "tag-on" software that disrupts a website's normal operations and allows unauthorized access. For buying train tickets it enables a computer to automatically and repeatedly try to access the site and was born out of the frustration with rejection that many have suffered.

Zhang Yu, 26, stayed up two nights in a row attempting to buy a ticket without success.

"I downloaded three different types of software," he said. "My friend used one of them to get a ticket. However, they all demand personal information and a link to an online banking site. I was worried about privacy so I stopped using them."

Nonetheless, key words such as "train ticket tag-on software" have become the latest hot searches on baidu.com, the country's most popular search engine. The past week has seen the churning out of dozens of such programs.

"This software saves the time and effort of constantly clicking the mouse out of desperation," Yao Wenhao, developer of one such program, told China Daily.

Xiao Yao, 24, worked in Shanghai as a software developer at a gaming company. His desire to visit his parents in Hunan during the holiday prompted him to put his knowledge to use.

Yao's tag-on is called "Go-Home". It is available for free download via major technology forums. Three days after Yao first posted it on Google Code, a sharing site for developer tools and technical resources, the 5-megabyte software had been downloaded more than 80,000 times.

Yao said the program successfully secured him a high-speed train seat after just a three-minute trial.

"The idea of writing a ticket-buying program came to me two months ago," Yao said. "My intention was to help myself but once I bought my ticket, I thought why not help others?"

Yao, who is a self-described geek, wrote a two-page instruction document which he attached to the software.

He said the biggest technical hurdle was to identify random numbers the website generated to strengthen security and automatically link the inquiry page to online payment. It took him 10 days to solve the challenge.

More than 100 variants of such programs have emerged on Taobao.com, a popular e-commerce site, priced from 1 to 5 yuan (79 cents) for each download.

While the likes of Yao claim their intentions were benign, others have been accused of being outright scams.

Wang Zhantao, an Internet security expert with anti-virus software provider Rising, said some malicious programs, in the guise of the tag-on software, unleashed malicious code on to victims' machines that gave hackers access to bank accounts and passwords.

Tag-ons have also been accused of compromising the ticketing system.

"The rocketing traffic generated by such software has in turn loaded an artificial burden on to the already vulnerable website, running the risk of completely jeopardizing the server," said Wang.

'The software fails to create a level playing field for all buyers. It only causes vicious circles."  

2005-2011 www.researchinchina.com All Rights Reserved 京ICP备05069564号-1