Keeshin Charter Service - [1980 -1997] |
The Red Jacket software enabled us to tightly control the amount of fuel that went into our motor coaches and service trucks, preventing theft by drivers who also owned diesel powered trucks. It also tied back into the Versys Charter trip scheduling software, and, based on the
Red Jacket Fueling Systems |
As early as 1989, our computer systems, at all four of our locations, were interconnected.
Versys Charter Management Software |
As part of the software interface, I worked diligently to ensure strong passwords were used: both at an Administrative and user level. I took a bit of heat, from both my co-workers, from the software vendor, and from other users of the software over the fact that I voiced my concerns about security and "back doors". They balked at my insistence on higher than, what were then considered, normal security measures, but we never had an incidence of hacking or inappropriate information access.
Anonymous Takes Credit for Hacking Gas Pumps |
Now, because of the fact that so much tech support is being centralized, remotely accessible software security has fallen by the wayside.
Standardized, and default passwords, which make it easier for support personnel to remotely access fueling systems, to troubleshoot or update the software, also allow software allow hackers easy access.
Many of the fueling software systems are easy to get into, because they're still protected by "default" passwords. In other cases, a "standard" password has been established so that any one of up to several hundred techs can remote access software.
Hackers Can Attack US Gas Pumps |
Gas monitoring systems or automated tank gauges (ATG) keep an eye on fuel levels, volume and temperature, among other stats.
When not properly secured, and left unprotected, fuel system software can be manipulated to do something extremely destructive -- like blow up a gas station.
Trend Micro learned about this security breech and decided to do some investigating, and this is what they found out: "After a gas station monitoring system was hacked earlier this year, Trend Micro researchers Kyle Wilhoit and Stephen Hilt decided to take a closer look. They set up fake internet-connected systems called "GasPots" -- honeypots that mimic the real ones -- in several countries to track hackers' movements. Turns out gas monitors are never safe: the researchers observed a number of attacks on their GasPots within a period of six months, with US-based ones being the most targeted."
Hilt and Wilhoit discovered more than 1,515 vulnerable gas pump monitoring devices worldwide, less than a third of the figure logged by HD Moore last month. That would be reason for cautious optimism – except that the duo also uncovered evidence of tampered Guardian AST devices. The US-located system, left wide open on the net, had been hacked, apparently by mischief-makers, referencing one of ragtag hacker group Anonymous’s favorite catch phrases.
"An attacker had modified one of these pump-monitoring systems in the US. This pump system was found to be internet facing with no implemented security measures. The pump name was changed from “DIESEL” to 'WE_ARE_LEGION.' The group Anonymous often uses the slogan 'We Are Legion,' which might shed light on possible attributions of this attack. But given the nebulous nature of Anonymous, we can’t necessarily attribute this directly to the group.
An outage of these pump monitoring systems, while not catastrophic, could cause serious data loss and supply chain problems. For instance, should a volume value be misrepresented as low, a gasoline truck could be dispatched to investigate low tank values. Empty tank values could also be shown full, resulting in gas stations having no fuel."The insecure gas pump monitoring system issue is part of the wider problem of insecure SCADA (industrial control) devices.
Start a Ticket |
SmarterTech from ChicagoNetTech |
Whether you require assistance securing your fuel dispensing systems, patient data, financial data, or your computer network, give me a call (773-365-0105), or open a ticket at https://portal.chicagonettech.com/Main/frmNewTicket.aspx (registration required).
With more than 35 years of experience, we'll help vet any hidden issues and secure your data - before it becomes an explosive situation.
Copyright © ChicagoNetTech Inc, 2015. All rights reserved.
No comments:
Post a Comment
Please keep all comments on topic and respect the poster of the original message.
Messages which attack a poster, contain profain language, are off topic, or are otherwise defamatory will be deleted from the blog.