MIFARE Classic is a proprietary contactless smart card technology widely used in public transportation ticketing systems of cities across the world. MIFARE Classic's cryptographic protection to the stored data has been reverse-engineered and broken in a recent series of papers. In this paper, we report our experience attacking a real MIFARE Classic system. Specifically, we have implemented a brute-force search using NVIDIA graphics cards to verify the claims in the literature. Moreover, we have achieved a tremendous improvement over an existing sniffer-based attack that takes advantage of other design and implementation flaws of CRYPTO-1, MIFARE Classic's proprietary cipher. To our best knowledge, this is the first report in the literature of a practical long-range attack. These attacks disarm all cryptographic protection of MIFARE Classic, making it extremely difficult to secure transactions. Lastly, we take up the challenge and present our ideas how to defend against most attacks using practical mechanisms that do not require any hardware changes. Our proposed mechanisms can be easily implemented on a variety of MIFARE Classic readers on the market and only require commodity PCs be used in the backend system with intermittent network connectivity.