Latest in Gaspump

Image credit:

Hackers are attacking US gas stations

441 Shares
Share
Tweet
Share
Save

Sponsored Links

After a gas station monitoring system was hacked earlier this year, Trend Micro researchers Kyle Wilhoit and Stephen Hilt decided to take a closer look. They set up fake internet-connected systems called "GasPots" -- honeypots that mimic the real ones -- in several countries to track hackers' movements. Turns out gas monitors are never safe: the researchers observed a number of attacks on their GasPots within a period of six months, with US-based ones being the most targeted. Some instances were clearly for reconnaissance purposes as they were merely automated scanners pinging the monitors. Others were more intrusive, with the hackers changing GasPot names to something else. Once, they changed it to "SEAcannngo," presumably to represent the Syrian Electronic Army, which denied any involvement to Motherboard.

In another instance, hackers named a GasPot "H4CK3D by IDC-TEAM," the same message Iranian Dark Coders Team members use when they crack websites. To note, when the real gas station was hacked in February, its name was also switched from "DIESEL" to "WE_ARE_LEGION," which is commonly associated with hacker collective Anonymous. One GasPot in DC also suffered a DDoS attack for two days.

Gas monitoring systems or automated tank gauges (ATG) keep an eye on fuel levels, volume and temperature, among other stats. Many of them are easy to get into, because they're not protected by passwords. Companies are likely not keeping them heavily protected, since they can't really be manipulated to do something extremely destructive -- like blow up a gas station.

However, the Trend Micro researchers warn that ATG cyberattacks could still cause serious issues. Hackers can monitor one to find out when a facility is expecting the next fuel delivery or hold it hostage and ask for ransom. They can also fake fuel levels to induce overflow and put the lives of people in the area in danger. By the end of their experiment, Wilhoit and Hilt concluded that supervisory systems shouldn't be connected to the internet. "If they really need to be," their white paper reads, "their security should be so strong that access to them is extremely limited and private."

[Image credit: shutterstock]

Source: Trend Micro
Coverage: PC Mag, PC Mag
In this article: gaspump, hack, trendmicro
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
441 Shares
Share
Tweet
Share
Save

Popular on Engadget

'Forza Horizon 4' is getting a 72-car battle royale mode

'Forza Horizon 4' is getting a 72-car battle royale mode

View
What's coming to Netflix in January: hello 'Sabrina,' goodbye 'Friends'

What's coming to Netflix in January: hello 'Sabrina,' goodbye 'Friends'

View
The Game Awards will run a 48-hour demo 'festival'

The Game Awards will run a 48-hour demo 'festival'

View
'The Matrix 4' premieres in theaters on May 21st, 2021

'The Matrix 4' premieres in theaters on May 21st, 2021

View
Oculus is rolling out its expanded social VR features

Oculus is rolling out its expanded social VR features

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr