www.washingtonexaminer.com/mideast-hackers-target-u.s.-gas-pumps/article/2570043Hackers from Syria and Iran are on the prowl to hold a neighborhood or city's gasoline supply up for ransom, or, worse, cause it to spill and explode, with Washington being high on the target list, according to a new report.
The report, issued over the weekend by a group of digital security sleuths, found that a number of groups, including the notorious Syrian Electronic Army — known for hacking news groups — are looking for soft targets they can take control of easily through the Internet, and use to cause a variety of mayhem.
The report shows that retail gasoline stations offer such opportunities, with recent targets showing up in the nation's capital.
The cybersecurity company Trend Micro compiled its attempts to lure would-be hackers out into the open with digital honeypots, or in this case "GasPots," to see how bad actors conduct "reconnaissance" and sabotage over the web.
It turns out that the GasPots attracted the largest number of attempted hacks in the United States, including at a GasPot set up in Washington. The GasPots mimic the electronic control servers that retail gasoline networks use to monitor their tank levels, as well as control pressure settings and gas pumps.
Trend Micro said these automatic tank-gauging systems are easy targets. Most retail stations, or their networks, do not use any security software or protocols in using them, according to the white paper.
For instance, Trend Micro found that a "pro-Iran group" known as the Iranian Dark Coders Team hacked into a GasPot in Jordan, changing tank names to include the name of their group. More serious attacks were perpetrated against GasPots in the U.S. Allegedly the Syrian Electronic Army used one such spot in a more serious denial-of-service attack, which hackers use to bring down servers and networks.
The attack "was observed on a GasPot deployed in the Washington D.C. area. Based on evidence, it was believed to have been caused by the Syrian Electronic Army," Trend Micro said. The Syrian Electronic Army has been culprit in attacks against the Associated Press and other media groups. It describes itself as a pro-Syria group that punishes Western groups for spreading misinformation about the Syrian regime. It is not aligned with the Islamic State group.
Trend Micro identifies the implications of its study's findings, showing that control of retail gasoline networks could have alarming consequences. The white paper said one of the possible uses of these networks by hackers is extortion.
"Extortion is especially prevalent in the cybercriminal landscape," the paper said. For example, "attackers can reset a [network] password, especially if the default is still in use, in order to lock system owners out. They can then hold the console hostage and ask for ransom to restore owner access."
Attackers can also change labels to show a different fuel grade — switching an 87 octane fuel label to show 93 octane — which can cause engine trouble for cars that require premium octane gasoline, according to the company's white paper.
Labeling problems would become even more destructive if an attacker changed the diesel fuel label to a gasoline label.
Even more serious, Trend Micro said attackers can change the levels of underground fuel tanks, where retailers store liquid fuels, to show empty when they are actually full. By doing so, the would-be attackers would cause gasoline spills that could be dangerous, potentially causing fires or explosions.
"Given certain conditions, attackers can, for instance, set a tank overflow limit to a value beyond its capacity, thus triggering an overflow," the white paper reads. "And as shown earlier, gas overflows are extremely dangerous because the liquids they contain are highly combustible."
What makes the Trend Micro report unique is its use of honeypots to attract attackers, proving that groups are looking at the fueling infrastructure as a target of opportunity. But security groups have been warning of these types of vulnerabilities to U.S. gasoline stations for months.
The firm Rapid7 said in January that security weakness could impact as many as 115,000 fueling stations. But only about 5,300 are seen as vulnerable to an Internet-based attack.
The U.S. government has been collaborating with the private sector to develop ways to guard against the attacks. The Department of Energy works with the oil and gas industry, as well as electric utilities, to help guard against cyber attacks.
The "Cybersecurity for Energy Delivery Systems" program assists "energy sector asset owners (electric, oil and gas) by developing cyber-security solutions for energy delivery systems through integrated planning and a focused research and development effort," according to the Energy Department website. The program "co-funds projects with industry partners to make advances in cyber-security capabilities for energy delivery systems."
The Commerce Department is also involved in developing new cybersecurity standards to protect energy infrastructure from attacks.
