Slashdot Mirror
US Gas Pump Hacked With 'Anonymous' Tagline
An anonymous reader writes Researchers at Trend Micro have uncovered a gas pump in the United States whose ID has been changed from 'DIESEL' to 'WE_ARE_LEGION' — the call-sign of the Anonymous hacking group. Following up recent revelations regarding the vulnerability of gas pump systems to online attackers, the researchers found 1,515 completely unprotected gas pump monitoring devices via the Shodan device-based search engine. The report notes that the exposed devices are capable of being protected via six-digit pins, but this security measure is not being used. The report concludes: "Our investigation shows that the tampering of an Internet-facing device resulted in a name change. But sooner or later, real world implications will occur, causing possible outages or even worse."
Can you change the price?
Power to the people.
please, be a white hat, do some community a service ;~)
Can't wait to have internet connected devices all over my house!
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Anonymous owns your fridge, your eighty thousand pound Tesla, your PACEMAKER.
Take your Internet of Things and stick it up your arse. My shit might be stone age, but I OWN IT.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
What could possibly go wrong?
TFA says that a Gas Pump Monitoring device was hacked, and the pic in TFA shows a screen capture from an inventory system. No mention is made of a Gas Pump being hacked. Thus the headline of TFS stating that a gas pump was hacked is pure click bait.
I am Slashdot. Are you Slashdot as well?
Like setting gas to $0.01 a gallon.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
is this a Christian Bible reference or reverence?
If we could convert EVERYONE to Christianism, they would all have morals and this kind of thing would not happen!
Just think how much more peaceful the world would be if everyone was a true and honest God Fearing Christian?
Why can't people see and realise this? It's so obvious, yet you have Atheists and other religions destroying our world.
THIS, my friends, is why we Christians can seem to pushy at times with our agenda. God has spoken to us and He has told us that this is how things need to be for true peace on earth.
Please, everyone, CONVERT CONVERT CONVERT! Let the Lorde in to your lives!
I don't get why these devices are on the Internet in the first place. If access is needed to read statistics, have an internal server scoop the info from the SCADA servers, hand it to a DMZ server, and the external applications use SSL with client authentication (both sides authenticate to each other using keys), to fetch the data, or if it has to be a person doing this, have a web server on the DMZ that is accessed via 2FA for this info. If the SCADA boxes have to be controlled through the Internet, then there is always a high security VPN that uses smart cards or USB crypto tokens.
One project I had a few years ago was to get data from manufacturing systems (systems which could be on the Internet, but at best, had security strapped on at the last moment... so they were not secure) to remote receivers. I ended up putting the systems on one isolated subnet with a Linux box that would scan them, then shove the data through a serial port with the Rx line cut (so it could only transmit, not receive.) The machine on the other end of the cable would take the data from the serial port and format it into useful reports, which wound up on a decently secure webserver.
No, this system wasn't fast, but it did the job where info could be read but a blackhat couldn't tamper with the isolated network without physical access.
This idea that we need to connect /everything/ _directly_ to the internet is insane.
Device manufacturers have a hard enough time makin devices work, let alone secure them. Even important things like manage switches and home routers have gaping security holes in them, I don't expect a mass sudden outbreak of common sense anytime soon, so we're all doomed, doomed I tell ya!
Are we sure this was anonymous? Maybe this was a message from the Legion guy from the Geth. Clearly, he's leveled up recently in his AI hacking skills.
Global warming and other natural disasters are a direct effect of the shrinking number of pirates - Gospel of the FSM
Dude, you got it wrong. If you talk to god, it's called prayer. If god talks to you, it's called psychosis.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Or, and I'm just spitballing here, people could not commit a crime or go somewhere they're not supposed to be.
You know, personal responsibility, do unto others and all that other crap I keep reading on here about how we're supposed to be caring and understanding of our fellow humans.
If you think it's acceptable for someone to do whatever they want to someone else's property/equipment and not expect to be penalized, then I will be sure to do the same to you and expect the same treatment.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I'm not seeing a claim that they shouldn't be any kind of punishment for misdeeds, but that negligence shouldn't be overlooked. If instead of doubling down on making an example of 'hackers' even when their deeds fit within the range of 'mischief', they threw an ounce of culpability on those tasked with securing this infrastructure, we'd all be better off.
This is my signature. There are many like it, but this one is mine.
Why are gas pumps connected to the internet? Do they have web browsers or a Facebook app?
If you let him speak unto you, you would understand the Truth.
You need to let Him in. Open up your heart to our savoury!
to be frank, "We Are Legion," "Expect Us" and "We Do Not Forget" sound just as appropriate as major oil company slogans as they do a hacking collective.
Good people go to bed earlier.
What if the storage tank levels and their consumption rates were aggregated and reported to distributors or refiners, and these demand indicators helped set local wholesale prices by some kind of automated system?
I'm guessing gas prices are mostly "set" by the price of a barrel of oil (or some regional crude oil price), but even if retail inventory wasn't used for calculating price it may be used to influence regional refinery production which could influence price (ie, demand appears slack, refinery output is cut and stockpiles are drawn down, meanwhile demand is actually high and then price goes up to reflect real lack of inventory).
I dunno, allowing someone to do open heart surgery on me who already once botched a similar operation concerning a rib transplant...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Preposterous! Possible siphoning off fuel free-4-all? Most definitely! 8-)
but that negligence shouldn't be overlooked.
What negligence? You mean someone left their door unlocked and they deserve to have their stuff stolen? You're blaming the victim?
As I said in my initial post, how about people not steal other people's stuff or go places they shouldn't be? Or is personal responsibility being cast to the dustbin of history?
You can try to spin it all you want, but in the end it comes down to one thing: people doing things they shouldn't be doing in the first place. If it were done to them they would be screaming bloody murder, yet when they do it to someone else, "Oh well, they shouldn't have left their door unlocked."
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Target is a good example. Yes, the people that broke into the system and acquired the CC numbers were malicious actors, but Target and their POS providers were negligent in their security practices, and their customers were harmed by said negligence. You want the story to be a dead simple narrative because it allows you to paint every party in a very particular light, but dead simple narratives are almost universally useless. Negligence or incompetence also tends to cause more damage than malice, so they should be a higher priority.
This is my signature. There are many like it, but this one is mine.
Those secret prisoners that we have are likely located in places where the media and general population aren't talking about.
Ah, you must mean the basement restrooms of MSNBC and Fox News. I never hear anyone talking about those places on the air or at the water-cooler, and it makes you wonder what is really happening down there.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...but as you've suspected, we're really just agents provocateur for the energy industry. So bit us.
How do we know someone affilaited with Trend Micro didn't Do what amounted to digital grafiti? No diffrent than some jackass teenager spray painting "Allahu Ackbar" on the bathroom shitter, and then watching dumb fucking cops get scared about terrists.
Sodomy and pegging mainly.
Then let Him in to your Adam-Hole
Like I said, it's the Christian way. Christians know who's responsible for temptation. It's in the Lord's Prayer: "And lead us not into temptation"