back to article Crackpot hackpots pop top of GasPots

Trend Micro researchers Kyle Wilhoit and Stephen Hilt believe they've found attackers actively seeking to hack and shut down petrol stations. The duo from the forward-looking research team find the attacks by establishing simulated petrol station monitoring systems around the world as honeypots. Wilhoit and Hilt had earlier …

  1. Anonymous Coward
    Anonymous Coward

    What is a web clipboard?

    Do you mean a site like pastebin.com?

  2. Paul Crawford Silver badge
    FAIL

    Is there no end to the stupidity of companies?

    You put something of value on the internet and have a system without (a) proper security from the start or swift patching to help out, and (b) allow it by hardware, etc, design to actually do something physically that could either irritate the owner/users or compromise the safety. Guess what, it then gets hacked? Surprised?

    Sadly it looks as if serious fines and/or jail time for company execs is going to be the only thing that might stop the tide of moronicity. Always blaming the "hackers" for a stupid design is not an acceptable excuse.

    1. Destroy All Monsters Silver badge
      Headmaster

      Is the prison-industrial complex posting here?

      I find the permanent call for "jail time for company execs" for weak security awareness (a sort of disciplinary bulverism) in this here venue both obnoxious and moronic. Stop it.

      1. Blitheringeejit
        Coat

        Jerking the knee

        I fundamentally agree, it's unreasonable to hold execs responsible for the criminal activities of those who would do harm to the execs' businesses. Modern blame/litigation culture has left us somewhat fuzzy about who the bad guys actually are.

        But there is a real issue to be tackled around security and IOT, and sales pitches are (as ever) quick to crow about the convenience of IOT while failing to make customers aware of the risks which might accompany this convenience.

        So perhaps we need to instigate a baseline security spec which designers have to sign up to before they are allowed to sell ANYTHING which connects to the internet. Of course there will be problems - for example, putting a firewall in a fridge might adversely the performance of both. But if there is a baseline, then at least users know how far they can pursue the designers/manufacturers on some basis of negligence when they get hacked, and when they should drop their class action and just go after the hackers with a pointy stick. It's all about clarity.

        If anyone's interested, I also have in my coat pocket a similar programme of baseline tests and qualifications which I believe should be a prerequisite for people being allowed to have children.

        1. PNGuinn
          Coat

          Re: @ Blitheringeejit -- Jerking the knee

          "Of course there will be problems - for example, putting a firewall in a fridge might adversely the performance of both"

          I can't speak for firewall but I can quite understand why the fridge might be a tad unhappy.

          Thanks - its the one on the end with the ethernet connection and the burned out pocket.

      2. lukewarmdog

        Re: Is the prison-industrial complex posting here?

        If jail time makes execs think twice before they take that job they can't do, before they appoint someone else who can't do a job, before they stifle the changes required in a company due to ignorance, stupidity, unwillingness to do something.. then bring on the jail time.

        I point to the mess at OPM as a prime example.

        1. Trigonoceps occipitalis

          Re: Is the prison-industrial complex posting here?

          "If jail time makes execs think twice before they take that job they can't do ... "

          Checkout the Peter Principle.

  3. Anonymous Coward
    Anonymous Coward

    I'm pretty sure they aren't trying to shut them down as it would be pointless unless every gas station in a country was connected. More likely they are trying to work out a way to manipulate it to get free fuel.

    1. Anonymous Coward
      Anonymous Coward

      I suspect that the monitoring systems are setup to automatically order more fuel when the fuel station's stock is below a certain level. Or at the least, humans will make ordering decisions based on the reports from the monitoring systems.

      By manipulating the monitoring of a large number of stations, the hackers could trigger large orders of fuel from the supplier at a chosen time.

      Since price is linked to supply and demand, the hackers could potentially cause small fluctuations in the fuel prices. There is a lot of money to be made for investors who can accurately predict these fluctuations.

      1. Mark 85

        Or they could go the other way and show full or reasonably full tanks which would never get refilled. This would create panics as stations ran out of full but no refills coming in. Coordinate the attacks on say a highway system and no fuel and cars/trucks stop running. Could be a massive disruption.

      2. PNGuinn
        Black Helicopters

        Manipulating fuel pricees @AC

        Possibly - but unlikely. Remember this would be in 1 country for 1 company in possibly 1 distribution region. (I assume.) That means breaking into an awful lot of systems to get any significant effect. Which means, I assume, that the scam would be very short term. Probably not worth the effort.

        Getting a full tanker sent out to a known site at roughly a known time for hijack might be worthwhile in certain parts of the world - but I ask myself of the likelihood of those places having this level of automation.

        I would think:

        a. Just for the lulz. There's always some idiot wanting to scratch his ego. Won't explain all the hits but probably some of them.

        b. A relatively low profile and harmless target - relatively unsecured and policed - good practice to find vulnerabilities to use elsewhere.

        c. Once you have got a back door into the system that allows you to monkey about with fuel deliveries there is probably more to be gained by a miscreant in throttling / stopping / misdirecting deliveries than simply ordering more. This would make cracking multiple systems more worthwhile.

        d. Having got in, what else can we break into? Just what else are these systems loosely connected to that no sane person would enable? Eg - at the forecourt - billing systems running on the same box or network - ooh, look at all those lovely transaction details. Or at the other end??

  4. Eclectic Man Silver badge

    Wait until they get on to the pubs

    Quite a few years ago now, I discoverd that my local hostelry's bar rpices were set over the Interpleb by the brewery. they had a 'slight glitch' when the till prices of drinks differed from the (legally mandatory) price list displayed in the bar.

    When hackers get into these systems and start playing around wiht those prices there will be trouble.

    Pint, anyone?

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    Back in 1986

    A mate and I swapped around the large moveable numbers outside a petrol station late one night.

    0.83c per litre became 0.38c per litre.

    We claim the petrol station hacking prize!

  7. Anonymous Coward
    Anonymous Coward

    Radio hams I know

    Used to drive about with high power 2m radios causing havoc with newly installed electronic pumps... and burgler alarms...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like