If you thought hackers could only wreak havoc in certain areas, think again. Gas stations in the U.S. too are vulnerable to cyberattacks as researchers at Trend Micro show.
Post the hacking of a monitoring system of a gas station earlier in January 2015, where the system's name was changed to "We Are Legion" from "Diesel," Stephen Hilt and Kyle Wilhoit - both researchers at Trend Micro who call themselves the FTR or Forward-Looking Threat Research team - thought of delving deeper into the area.
The researchers created a fake Internet-connected system dubbed GasPots in countries around the world in a bid to track the movements of the hackers. The 10 fraud GasPots or monitoring systems acted as online honeypots and any person (including cybercriminals) who sought them out would think they were the real deal as they resembled the authentic Guardian AST, which are gas monitoring devices. The AST basically controls and keeps a check of the fuel levels in the tanks at a gas station. When the level of fuel decreased the operators are alerted.
During a period of six months, the FRT team saw several attacks on the planted GasPots, most of which were harmless. Interestingly, the U.S.-based honeypots were the ones which were targeted more when compared to other countries.
A bogus gas pump that was set-up in DC suffered from a DoS attack for two days continuously. This attack was traced to an IP address in Syria, which had previously been registered with the Syrian Electronic Army.
The intrusive attacks resulted in the names of the GasPot getting changed from "SEAcannngo" to "H4CK3D by IDC-TEAM" depending on the cyberattackers.
The researchers opine that the gas pumps are easy targets as the ATG systems are easy to access as they are not password protected. Possibly a reason for no heavy protection or security measures is that the systems cannot be manipulated by cyber criminals to do destructive activities such as blowing up a station.
Irrespective, the FTR team alerts that these cyberattacks could result in serious damages as hackers could have the ability to learn when a station is expecting its next delivery of fuel, or even hold the facility hostage and demand ransom. The attackers could also manipulate the level of fuel and knowingly make the same overflow, which could potentially put the people of that area in danger.
The distribution could also be disturbed as hackers could make the tanks seem full when they are indeed empty. Hilt and Wilhoit believe that the system is targeted as "it's easy" and such systems are better off without being connected to the Internet.
"If they really need to be [connected to the Internet] their security should be so strong that access to them is extremely limited and private," per the FTR team.
The researchers have shared [pdf] their findings in a white paper entitled "The GasPot Experiment: Unexamined Perils in Using Gas-Tank Monitoring Systems."
Mike Mozart | Flickr