Hackers Like Gas Stations Now

The argument that cybercriminals will hack just about any system they can has gained more fuel.

The security software company Trend Micro has released the results of an experiment — motivated, according to Engadget, by the hacking of a gas station monitoring system earlier in February of this year — to track the activities of cybercriminals as they relate to gas monitors. Turns out there’s a lot of hacking going on in that regard — with the majority of the targeted systems being based in the United States.

As the Engadget story explains, gas monitoring systems or automated tank gauges (ATG), which are connected to the Internet, track stats such as fuel levels, volume and temperature, among other information. Most of the systems are not heavily protected by the gas companies that run them — not even requiring a password for access.

The experiment that Trend Micro researchers Kyle Wilhoit and Stephen Hilt carried out involved the installation of fake ATGs called “GasPots” (as in honeypots) posing as the real thing in various countries to attract hackers. Over a period of six months, the GasPots experienced a number of attacks, ranging from low-level reconnaissance activity (in the form of pings from automated scanners) to more serious intrusions.

In regards to the latter cases, Engadget shares some examples from the study: hackers changing a GasPot’s name to “SEAcannngo” — which the outlet presumes represents the Syrian Electronic Army, although they denied involvement; another group renaming a GasPot “H4CK3D by IDC-TEAM,” which is the same message used by Iranian Dark Coders; and a GasPot in Washington, D.C., suffering a DDoS attack that lasted two days.

In the report, Trend Micro researchers warn of the serious issues that can result from cyberattacks on ATGs — such as the potential for fuel deliveries to be held hostage for ransom or the falsifying of fuel levels to cause an overflow and put at risk the lives of people in the area.

Concluding in their study that gas monitoring systems not be connected to the Internet whenever possible, Wilhoit and Hilt write: “If they really need to be, their security should be so strong that access to them is extremely limited and private.”

[vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][/vc_column][/vc_row][vc_row full_width=”” parallax=”” parallax_image=””][vc_column width=”1/1″][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][vc_single_image image=”148412″ alignment=”center” style=”vc_box_shadow_3d” border_color=”grey” img_link_large=”” img_link_target=”_blank” css_animation=”left-to-right” img_size=”full” link=”http://www.pymnts.com/whats-hot-today/”][vc_column_text css_animation=””]

To check out what else is HOT in the world of payments, click here.

[/vc_column_text][vc_separator color=”grey” align=”align_center” style=”” border_width=”” el_width=””][/vc_column][/vc_row]