Hackers Stole 600 Gallons of Gas From Detroit Gas Station, Report Says (gizmodo.com)

← Back to Stories (view on slashdot.org)

Hackers Stole 600 Gallons of Gas From Detroit Gas Station, Report Says (gizmodo.com)

Posted by msmash on Sunday July 8, 2018 @10:50AM from the making-a-living dept.

Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. From a report: The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported by Fox 2 Detroit, took place at around 1pm local time on June 23 at a Marathon gas station located about 15 minutes from downtown Detroit. At least 10 cars are believed to have benefitted from the free-flowing gas pump, which still has police befuddled. Here's what is known about the supposed hack: Per Fox 2 Detroit, the thieves used some sort of remote device that allowed them to hijack the pump and take control away from the gas station employee. Police confirmed to the local publication that the device prevented the clerk from using the gas station's system to shut off the individual pump.

38 of 263 comments (clear)

Min score:

Reason:

Sort:

Manual Shut Off? by Drethon · 2018-07-08 10:54 · Score: 4, Interesting

Seriously, I'm not big on the whole let the computer handle everything on important things, particularly something that is potentially safety critical. Manual shut off valves aren't hard.
1. Re:Manual Shut Off? by Darinbob · 2018-07-08 11:37 · Score: 4, Interesting
  
  Or call the police. It shouldn't have taken 90 minutes for police to show up.
2. Re:Manual Shut Off? by Anubis+IV · 2018-07-08 11:45 · Score: 2
  
  Or, how about simply covering the pump with an “Out of Order” sign/bag/covering like they would for any other malfunction? No need to even shut it off when cutting off access to it is sufficient.
3. Re:Manual Shut Off? by gnick · 2018-07-08 11:56 · Score: 5, Insightful
  
  Shut down the full station just to fix one bad pump?
  Yes! If the other option is to let gas free-flow for 90-minutes, then shut down the whole station. Of course! You think the gas station made $1,800 profit on the functioning pumps during that 90-minutes?
  
  --
  He's getting rather old, but he's a good mouse.
4. Re:Manual Shut Off? by Chris+Mattern · 2018-07-08 12:13 · Score: 2, Funny
  
  Or, how about simply covering the pump with an âoeOut of Orderâ sign/bag/covering like they would for any other malfunction? No need to even shut it off when cutting off access to it is sufficient.
  I'm sure the "please don't take the free gas" sign would've solved everything.
5. Re:Manual Shut Off? by Anubis+IV · 2018-07-08 12:16 · Score: 4, Interesting
  
  When you pull up to a gas station and see an out of order placard on a pump, do you bother checking to see if free gas is being dispensed by it, or do you simply go to an open pump? For all I know, this problem is a common one, with none of us any the wiser.
6. Re: Manual Shut Off? by tysonedwards · 2018-07-08 13:16 · Score: 2, Insightful
  
  Iâ(TM)m sure he could have walked out with a plastic bag to cover the nossle or a piece of paper taped to the screen saying âoeout of serviceâ well before 90 minutes lapsed. As one person pulls away, be ready. Surely theyâ(TM)d done this sort of thing in the past when a pump was malfunctioning (like this time).
  
  --
  Thirty four characters live here.
7. Re:Manual Shut Off? by hawguy · 2018-07-08 13:19 · Score: 4, Informative
  
  Shut down the full station just to fix one bad pump? Maybe the clerk did not know how to full reboot
  When I worked at a gas station, I knew where the breaker panel was and we had separate breakers for each pump.
  So, the easy solution would have been to just power off the hacked pump.
8. Re:Manual Shut Off? by Joe_Dragon · 2018-07-08 14:04 · Score: 5, Funny
  
  they tried but systemd just auto restared the pump
9. Re:Manual Shut Off? by brian.stinar · 2018-07-08 14:04 · Score: 2
  
  When living in Santa Fe, New Mexico, I called the police about multiple break-ins at a place I was renting. I had nothing worth stealing, but the guy that lived in the connected apartment from mine did. The shortest time it took the cops to get there was 45 minutes. The longest time I stopped counting after 3 hours. My house was broken into 3+ times, and I didn't really care since the rent was cheap, and if any of the little punks tried it when I was around someone would have been calling a coroner instead of a cop.
  If you seriously believe that the police are going to show up, to help you, quickly, when something bad is going down, you will be sadly surprised. I now live in Albuquerque, New Mexico, and the response time for "someone is going to die" types of police calls is typically in the double-digits of minutes (10-15 minutes.) The police are doing the absolute best that they can, but it seems like everywhere there are simply not enough cops to quickly respond to everything.
  When seconds matter, police are only minutes away.
  It's fine to talk about should and shouldn't, but what it really comes down to is that people need to accept responsibility for their own property. In this case, having the gas station attendants with ANY type of training at all could be a good first step. They might have been able to shutoff the malfunctioning pump.
10. Re: Manual Shut Off? by demonlapin · 2018-07-08 14:20 · Score: 4, Insightful
  
  The master on/off switch for my power to my house isn't there to stop a live wire thrown into a bathtub, but if if I had a toaster in the tub, that's the one I'd be using.
11. Re:Manual Shut Off? by demonlapin · 2018-07-08 14:30 · Score: 3, Insightful
  
  You'd need something like 30-40 cars to get 600 gallons. I have had one truck with a 25-gallon tank, but most passenger cars are around 15. (Metric users, 1 gallon is just under 4 L.)
  
  That said, yeah, inside job. An hour and a half? Plenty of time to shut it down.
12. Re:Manual Shut Off? by Darinbob · 2018-07-08 14:42 · Score: 2
  
  Except this was an ongoing crime. If they police had shown up they could have made easy arrests, boosting their quotas, looking good to the citizens, etc.
13. Re: Manual Shut Off? by brian.stinar · 2018-07-08 15:16 · Score: 2
  
  I also think Canadians are less likely to commit crimes, which (if true) means that smaller/cheaper police forces can serve larger populations.
14. Re:Manual Shut Off? by pslytely+psycho · 2018-07-08 16:58 · Score: 2
  
  He (she? it?) doesn't need to know how to reboot the system.
  
  The yellow out of order bag that goes over the nozzle would of sufficed, with the added benefit as pointed out above of identifying anyone actively involved who bypasses the bag and pumps anyway.
  
  --
  Donald Trump, on a crusade to make Nixon look respectable
15. Re: Manual Shut Off? by jabuzz · 2018-07-08 23:46 · Score: 2, Interesting
  
  Don't know I have had a fire safety officer make people walk past a functioning exit from the building during a drill because it was not a recognized fire exit for the building. It was electrically operated and might fail in the event of a fire. Presumably he would stop someone climbing out the window on the ground floor if there was a fire outside the room they where in.
16. Re: Manual Shut Off? by Drethon · 2018-07-09 01:31 · Score: 2
  
  That's literally 4x the range of my current car, which has a smaller gas tank than my previous car but the same range due to greater fuel efficiency.
  100L seems monstrously huge for a gas tank to me, and I have a hard time even imagining 4L/100km. I know Volvos are notoriously unsexy cars, but that kind of fuel efficiency might change my mind.
  Someone correct me if I'm wrong but the only Volvo I can find with that gas mileage starts at $63k. Considering I spend about $1,500 a year on gasoline, getting a car that costs that much more than a fair gas milage ICE car (or a better priced hybrid) doesn't make a lot of sense to me.
17. Re:Manual Shut Off? by bobbied · 2018-07-09 02:20 · Score: 2
  
  You think a minimum wage gas station attendant gives a fuck if a faceless corporate entity makes a profit or not? How cute!
  He better... Lack of profit ==> Going out of business ==> Unemployed.
  In fact, I think you've hit on a common issue in today's society, this demonization of the faceless, nameless rich people who employ the vast majority of us. You'd better care about profits for the business you work for, the more the better (within the bounds of law and ethics) because it's what pays your wages and benefits. If you don't like that somebody else is making money on your efforts, then I suggest you start your own business, take your own risks and work for yourself and keep ALL the profits. Just be prepared to work for less than minimum wage for awhile like most small business owners do. I'm guessing you will soon learn how sweet a minimum wage (minimum responsibility) job actually is.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Fire Emergency shut-off by innocent_white_lamb · 2018-07-08 10:57 · Score: 2

All gas stations are required to have a big emergency button mounted on the wall inside of the building that will immediately cut off the flow of fuel to the gas pumps when pushed.
I think that button is also required to be accessible to the public, i.e not hidden behind the counter.
Push that button and no fuel is dispensed until the system is reset.
If the attendant somehow didn't know about that button, then that's a hazardous situation right there.

--
If you're a zombie and you know it, bite your friend!
1. Re:Fire Emergency shut-off by OzPeter · 2018-07-08 11:04 · Score: 2
  
  If the attendant somehow didn't know about that button, then that's a hazardous situation right there.
  I actually read TFA and it seems that the attendant tried all sorts of ways through his normal systems to shut the gas off, but failed. It appears that he finally used the emergency shutoff, but that is not clear in TFA.
  
  --
  I am Slashdot. Are you Slashdot as well?
2. Re:Fire Emergency shut-off by Junta · 2018-07-08 11:06 · Score: 5, Insightful
  
  I wager the attendant didn't catch on for a while. Generally nowadays the systems are *supposed* to only dispense if the customer has given payment info or the attendant has turned it on. In fact, most of the time when I go to a gas station now, I've set up payment before I even leave the car and just get out and pump. A station attendant may have a hard time distinguishing someone paying by mobile from someone who made it dispense gasoline otherwise, depending on how it works. Note it says it went on for 90 minutes, then he shut it down, *then* he called police. It also says he "got an emergency kit"., which may have been how he was describing the fuel shut off (his English may not have been the best). Him describing the system being non-responsive doesn't mean he sat there for a long time trying to overcome the situation, it just speaks to his surprise.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
3. Re:Fire Emergency shut-off by Mr+D+from+63 · 2018-07-08 11:30 · Score: 2
  
  My guess is he desired to shut off the hacked pump, and not shut down all the pumps. If those buttons trigger an emergency response (someone enlighten me) then that might have played into it as well.
4. Re: Fire Emergency shut-off by Nidi62 · 2018-07-08 11:59 · Score: 2
  
  Its Detroit?
  
  --
  The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
5. Re: Fire Emergency shut-off by demonlapin · 2018-07-08 14:36 · Score: 2
  
  Very true. As the saying from my salesman father-in-law goes, you can shear a sheep dozens of times, but you can only skin it once. He likes a good deal, but he likes repeat business more.
Gas? by ickleberry · 2018-07-08 11:10 · Score: 3, Funny

What kind of gas was this? Butane? Propane? Methane?
Re:Call the police? by ArchieBunker · 2018-07-08 11:27 · Score: 4, Informative

You really don't know much about Detroit. The police wont even show up for shootings unless there are two bodies. Stealing gas doesn't even register.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
Hackers steal 600 gallons of gas in Detroit... by Narcocide · 2018-07-08 11:39 · Score: 5, Funny

...then ironically don't use it to leave Detroit.
The math from TFS ... by CaptainDork · 2018-07-08 11:42 · Score: 2

... because I didn't read TFA:
Given:
- $1,800 USD
- ~ 10 cars
- 600 gallons
Then:
$1800/10 car = $180/car
$1,800/600 gallons = $3/gallon
600 gallons/10 cars = 60 gallons/car????

--
It little behooves the best of us to comment on the rest of us.
What probably happened by Snotnose · 2018-07-08 11:46 · Score: 2

One or three guys came up with the "hack", fired it up, filled their 15 gallon tanks for free, then couldn't figure out how to turn the hack off. People kept coming in, filling their tanks, either not realizing nor not caring the gas was free. Some of them called their buddies, who came and filled up cuz it was free.

Meanwhile the dudes that did the "hack" are either laughing their asses off that they got $50 of gas for free, freaking out because if everyone gets free gas someone will notice, or they were script kiddies $Someone was using as a test case for an attack.
Lol. They'll take a report Tuesday by raymorris · 2018-07-08 12:00 · Score: 2

The cops might show up to take a report on Tuesday. Or not.
Cops mostly take reports of crimes. Occasionally, they accidentally catch a criminal. Very rarely do they stop a crime in progress.
Re:Of course, it's Detroit by Chris+Mattern · 2018-07-08 12:25 · Score: 5, Funny

Some people listen to their moral voice, and other just Kant.
Re:Of course, it's Detroit by PolygamousRanchKid+ · 2018-07-08 12:30 · Score: 2

What happened to

Zwei Dinge erfüllen das Gemüt mit immer neuer und zunehmender Bewunderung und Ehrfurcht, je öfter und anhaltender sich das Nachdenken damit beschäftigt: Der bestirnte Himmel über mir, und das moralische Gesetz in mir
Verjährt.

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Park a car by Latent+Heat · 2018-07-08 12:51 · Score: 5, Insightful

The attendant, supervisor or owner park one or more cars to block the pump?
Re:AC Stole First Post From Slashdot by Tuidjy · 2018-07-08 13:18 · Score: 3, Insightful

That would not surprise me. Off the top of my head, in order of effectiveness:
1) Park your car at the pump in question.
2) Put a "Out of Order" sign on the pump in question. This way, anyone using the pump is obviously in cahoots with the hackers.
3) Master emergency switch. In 90mn, no gas station makes nearly $2,000 pure profit.
4) Call the police... maybe the response time for property crimes is high, but still.

--
No good deed goes unpunished...
It wasn't the pumps by Megane · 2018-07-08 13:22 · Score: 5, Informative

I used to write code to talk to gas pumps 20 years ago, and they really aren't much different today, aside from having better screens and needing to deal with chip cards. (I have seen only a single station so far with what appeared to be chip-ready card readers! Isn't that cut-over only a year or two away? But there are restaurants that over two years later still have tape over the chip reader.)
First of all, the pump (the part that gives you fuel while measuring it) is completely separate from the terminal on top. They both talk to a computer in back over an RS-485 link. The computer in back, even if it's a crappy one from the pump manufacturer, takes payment information from the terminal (and commands from the POS inside the store), then enables the pump, possibly with a preset limit. When you hang up the hose, the computer sees that status in the pump, reads the dispensed amount, and finishes the transaction.
The back-end computer could certainly have bad programming. I once had to do a site visit for a beta site, and found out that the authorizer (the part that says "this card is okay, turn on the pump" and handles the billing) was saying yes to ANY card. Not my code, of course. Fortunately, people were using the membership card of the club store (they probably thought it would be automatically billed), which meant they could be tracked down if necessary.
One thing that could be done is to open up the pump, and flip its configuration switches to set it into a manual mode. That still won't stop the fuel counters inside the pumps, so it won't match inventory with the back room computer later on. But you have to open it up first. Not only is there a key to deal with, but these days there are tamper stickers on the door because so much inside can be fucked with, not just the pump.
Another thing that could be done is someone with inside knowledge of the system could create a management card that makes the computer give free gas. That would be noticed eventually too, but the big problem is you have to have access to the back end. This could possibly be done for a RFID keyfob, but that means you still need a way to get the keyfob ID into the system, and it would still be an inside job.
If the deed was done wirelessly, as implied, I'm going to guess that means that someone had a wireless connection like WiFi on the same network as the back-end computer, and it wasn't encrypted, etc. It could also be a keyfob or NFC, but other than that, I haven't heard of any kind of wireless technology that would need to go into the pump. It's always possible that there was some kind of stupid buffer overflow bug on something wireless.
As to what could have been done to shut it down, if the person at the store knew this was happening, um, yeah. Unless he called a manager who told him to not turn it off (fuel is a good way to get customers to buy your overpriced sodas and snacks), the E-Stop button would have been enough. An "out of order" sign would probably have worked too, simple psychology, nobody would have bothered to use the pump. It's also possible that the POS had a way to shut pumps off. And I wouldn't be surprised if nobody understood how to use such features.

--
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Re:Probably not a computer exploit by whoever57 · 2018-07-08 13:42 · Score: 2

Exactly what I was thinking.
Hacking == theft == covered by insurance.
Malfunction: not covered.

--
The real "Libtards" are the Libertarians!
Re:sounds like organized crime by DakotaSmith · 2018-07-08 13:55 · Score: 2

Given the thieves' appearance, I wouldn't assume Russian Mafia.
And no, not because they're black. Stop being all racist.

--
Microsoft leads to Bluescreen; Bluescreen leads to downtime; downtime leads to suffering.
Re: you'd need 30-40 cars to get 600 gallons by jwhyche · 2018-07-09 09:28 · Score: 2

Back when gas hit close to $5 a gallon some thieves modified a horse trailer by cutting out parts of the bottom. Then they would install pumps and large tanks.
They would pull the modified trailer over access caps, where they fill the underground tanks, where they would pretend to have truck problems. While two men would be under the hood acting like they where trying to fix the truck, their accomplices in the trailer would remove the access cap and lower a hose down to the underground tank.
Once the tanks where full, the truck would suddenly be fixed, and they would drive off.

--
I read at +2. If your post doesn't reach that level I will not see or respond to it.